What would you do if a job interviewer asked for your user name and password to your Facebook account? Would you consent? What about if you were desperate for the job? If you think this sounds
What would you do if a job interviewer asked for your user name and password to your Facebook account? Would you consent? What about if you were desperate for the job? If you think this sounds fanciful or unrealistic then think again. In recent weeks there has been a clamour of discontent from disgruntled job candidates confronted with this very dilemma in the USA. This has grown so great that even the US Senate has waded into the debate. Given the business links between the UK and our US cousins across the pond, it must be only a matter of time before this appears on the radar of UK employers.
The Guardian reports that the Information Commissioner's Office (ICO) has already warned UK employers that it would have "very serious concerns" if they were to ask for Facebook login and password details from existing or would-be employees. According to the Guardian, an ICO spokesman has said: "The UK Data Protection Act clearly says that organisations shouldn't hold excessive information about individuals, and it's questionable why they would need that information in the first place."
So could this action be considered lawful? It may be doubted by the Information Commissioner that consent was genuinely and freely given by an individual who discloses his/her data in these circumstances. True consent, as required under data protection law can be very difficult to achieve in employment relationships – it must be unambiguous, freely given, specific and informed. The view of many data protection authorities across Europe, including our own ICO, is that employees do not have genuine freedom to consent due to the unequal balance of power which exists in an employer-employee relationship. And without valid employee consent, employers will have a hard time justifying access to employee social networking accounts for employee vetting purposes under UK data protection law. For further information on data protection and privacy issues, please see our Privacy and Information Law Blog.
Data protection issues aside, the argument might be made that such an approach would infringe rights to privacy under the Human Rights Act. However, a cursory examination of the developing case law in this area indicates that, so far, the courts have been reluctant to accept human rights and privacy arguments relating to action taken against employees posting inappropriate material on social media forums. Whilst there is a paucity of authority on the use of social media as part of a recruitment exercise, it is at least arguable that similar points could apply and that really this information should be considered as within the public domain rather than truly private. Admittedly, since Facebook's Terms of Service state: "You will not share your password... let anyone else access your account, or do anything else that might jeopardise the security of your account", Mark Zuckerberg may have something to say about this.
A more prickly problem is that employers do not know what information they might encounter on a social media website account. Employers need to be careful not to base any recruitment decision on a job candidate's protected characteristics, such as his/her religious beliefs, sexual orientation or disability. If a candidate does give a prospective employer access to their Facebook account, there is also a risk that the candidate will automatically make a connection between the recruitment decision with the information on their account, including such protected characteristics, whether or not this is the case. Particular care must also be made not to make any enquiries about a person's health or disability as a consequence of information uncovered on a person's Facebook account.
Setting aside these legal difficulties for a moment, from a human relations perspective, this approach might not be the best way of attracting the best candidate for the job or of starting the employment relationship off on the right footing. For all of these reasons, and given the ICO's comments viewson the practice, it would probably not be prudent for most employers to go down this potentially treacherous path.
Notwithstanding, the reality is that many employers already undertake informal on-line searches against prospective job candidates. This iInformation voluntarily placed in the public domain by candidates would seem to be fair game, provided they are made aware that these searches will take place. Taking things a step further and making a job offer conditional on access to a candidate's Facebook account may in some limited circumstances be appropriate for an employer if, for example, the role is particularly media sensitive or high profile. However, this area is untested and so we would advise extreme caution.
Before embarking on this approach, consideration should first be given to whether there is a less draconian way of obtaining legitimate business information in relation to candidates. It is also very important that this approach is covered in all policies, including related data protection policies and recruitment managers receive the appropriate training. It is very important that employers take a consistent approach to all candidates, clearly explaining what information will and will not be taken into account as part of the recruitment exercise. Accurate and comprehensive records should also be maintained, including the form recording the candidate's express consent to release this information to the employer.
The Guardian reports that the Information Commissioner's Office (ICO) has already warned UK employers that it would have "very serious concerns" if they were to ask for Facebook login and password details from existing or would-be employees. According to the Guardian, an ICO spokesman has said: "The UK Data Protection Act clearly says that organisations shouldn't hold excessive information about individuals, and it's questionable why they would need that information in the first place."
So could this action be considered lawful? It may be doubted by the Information Commissioner that consent was genuinely and freely given by an individual who discloses his/her data in these circumstances. True consent, as required under data protection law can be very difficult to achieve in employment relationships – it must be unambiguous, freely given, specific and informed. The view of many data protection authorities across Europe, including our own ICO, is that employees do not have genuine freedom to consent due to the unequal balance of power which exists in an employer-employee relationship. And without valid employee consent, employers will have a hard time justifying access to employee social networking accounts for employee vetting purposes under UK data protection law. For further information on data protection and privacy issues, please see our Privacy and Information Law Blog.
Data protection issues aside, the argument might be made that such an approach would infringe rights to privacy under the Human Rights Act. However, a cursory examination of the developing case law in this area indicates that, so far, the courts have been reluctant to accept human rights and privacy arguments relating to action taken against employees posting inappropriate material on social media forums. Whilst there is a paucity of authority on the use of social media as part of a recruitment exercise, it is at least arguable that similar points could apply and that really this information should be considered as within the public domain rather than truly private. Admittedly, since Facebook's Terms of Service state: "You will not share your password... let anyone else access your account, or do anything else that might jeopardise the security of your account", Mark Zuckerberg may have something to say about this.
A more prickly problem is that employers do not know what information they might encounter on a social media website account. Employers need to be careful not to base any recruitment decision on a job candidate's protected characteristics, such as his/her religious beliefs, sexual orientation or disability. If a candidate does give a prospective employer access to their Facebook account, there is also a risk that the candidate will automatically make a connection between the recruitment decision with the information on their account, including such protected characteristics, whether or not this is the case. Particular care must also be made not to make any enquiries about a person's health or disability as a consequence of information uncovered on a person's Facebook account.
Setting aside these legal difficulties for a moment, from a human relations perspective, this approach might not be the best way of attracting the best candidate for the job or of starting the employment relationship off on the right footing. For all of these reasons, and given the ICO's comments viewson the practice, it would probably not be prudent for most employers to go down this potentially treacherous path.
Notwithstanding, the reality is that many employers already undertake informal on-line searches against prospective job candidates. This iInformation voluntarily placed in the public domain by candidates would seem to be fair game, provided they are made aware that these searches will take place. Taking things a step further and making a job offer conditional on access to a candidate's Facebook account may in some limited circumstances be appropriate for an employer if, for example, the role is particularly media sensitive or high profile. However, this area is untested and so we would advise extreme caution.
Before embarking on this approach, consideration should first be given to whether there is a less draconian way of obtaining legitimate business information in relation to candidates. It is also very important that this approach is covered in all policies, including related data protection policies and recruitment managers receive the appropriate training. It is very important that employers take a consistent approach to all candidates, clearly explaining what information will and will not be taken into account as part of the recruitment exercise. Accurate and comprehensive records should also be maintained, including the form recording the candidate's express consent to release this information to the employer.