Home Knowledge Would-be Employer asks for Candidate’s Facebook Log-in Details

Would-be Employer asks for Candidate's Facebook Log-in Details

July 2, 2012

A recent story concerning a job applicant in the United States of America whose prospective employer requested him to share his Facebook password (as part of the recruitment process) has attracted much media attention.  This incident highlights a bigger issue – the extent to which an employer should delve into an individual’s past or present character or probity (for ease of reference, ‘background checking’, or ‘BGCs’). 

There is, for the time being, no dedicated legislation in Ireland on BGCs.  Outside of specific regulated fields (e.g. childcare, financially regulated employment, or working for the State), there is neither a requirement to run BGCs, nor a formal facility through which would-be employers in Ireland can run BGCs.  Of course, for employers outside of these regulated fields, there are certain BGCs, ranging from obtaining credit reports to Facebook profile investigation, which can, practically speaking, be undertaken with the relevant individual’s co-operation. 

Many employers believe that if they secure an individual’s consent to run BGCs, the practice is then legitimate.  The matter is not that simple.  Similarly, an employer which embarks on an internet trawl to run its own BGCs on individuals through publicly available resources may not appreciate that even this can throw up legal issues. 

Under Data Protection legislation, the information generated in conducting BGCs is “personal data”, and often “sensitive personal data”, of the individual who is the subject of the BGC.  Such data is subject to extensive statutory protection in Ireland. The law imposes a number of obligations in terms of how an individual’s personal data is obtained, used and stored by those who control or process it, including employers. 

The practice of enforced access (requiring an individual to release his personal data, for example by sharing his Facebook login details) is problematic from a data protection law perspective. The ability of an employer to rely on an individual’s consent in these circumstances is compromised in light of the inherently imbalanced relationship between an employer and a job candidate or employee.  

While employers can legitimately request a candidate to furnish certain information as part of a screening process, the law requires the employer to be in a position to justify the relevance of the information being sought to the role in question.  Furthermore, the information being sought should be no more than that which is necessary having regard to the nature of the employment.  The information being requested should not exceed that which is necessary to mitigate the legitimate business risk sought to be protected by the employer. 

Contributed by Louise Harrison.

Back to Legal News