New data protection guidance issued this month warns employers to think twice before using social media to vet job applicants.

Many employers check social media sites such as Facebook and LinkedIn before taking on new employees. This is often done on an informal basis and in secret, without telling potential recruits. However, new data protection guidance issued this month warns employers to think twice before using social media to vet job applicants.

The guidance has been issued by the Article 29 Data Protection Working Party, an influential group of European regulators.

Before looking up potential recruits on social media sites, employers must:

  • be able to point to a legal ground for doing so;
  • inform job candidates of their intention to make the checks (for example, in the job advert); and
  • ensure that they delete all information obtained from social media sites once the recruitment process is complete

Tempting though it is, employers should not keep information about job candidates on file “just in case” another job opportunity comes up, without first obtaining the candidates consent. If the information is kept on file with consent, the employer should tell the individual what information will be retained, and ensure that the candidate is contacted on a regular basis to confirm that details such as address and telephone numbers are still current.

Employers who do not follow these rules risk falling foul of the data protection legislation, and could face an investigation from the Information Commissioner’s Office.

The guidance also advises employers to ensure that employees are aware of monitoring devices and software and that they understand when their whereabouts can be tracked by their employers. Examples include in-vehicle tracking devices and software loaded onto mobile phones that is used to locate lost or stolen phones. Before carrying out any monitoring, employers should weigh their reasons for doing so against the impact on the employee’s private life. For example, data showing the location of a mobile phone should only be recorded when the phone has been lost of stolen.

Data protection rules will be tightened even further next May when the General Data Protection Regulation (“GDPR”) comes into force across Europe. If you are not sure how the GDPR will affect you, why not book onto one of our one-day data protection courses?

If you would like to discuss any issues raised in this article, we have specific employment law expertise in advising in this area. For further advice, please contact Louise Connacher or a member of the Employment Team.

Please note this information is provided by way of example and may not be complete and is certainly not intended to constitute legal advice. You should take bespoke advice for your circumstances.

Get In Touch Today!

Get In Touch Today!

Please complete this form to make an enquiry and we will get back to you as soon as we can.

Remember you can still call us on 0333 323 5292 or email us at

  • This field is for validation purposes and should be left unchanged.