Some employers are keen to view candidates' social media profiles, in an attempt to find out more about how other people see each candidate, and how they see themselves.

There is no specific prohibition against employers viewing a candidate's social media profile as part of the recruitment process, but there are risks associated with using social media to assist with the recruitment process.

Equality Act breaches

The main risk involved is that the employer could become subject to a discrimination claim, as the employer is at risk of discovering information about a candidate that could lead to inferences of discrimination if the candidate is unsuccessful. In addition, an unsuccessful candidate could claim that by viewing the social media profile the employer has discriminated as they became aware of facts (or have a perception of facts) such as ethnicity and age. It can be tricky for an employer to defend such a claim.

Data Protection Breaches

Employers must make sure that they comply with the Data Protection Act, as the Act regulates the way information can be collected, handled and used. The Act helps strike a balance between an employer's need for information, and a candidate's right to respect in their private life. The Act requires openness, so candidates should be aware of what information about them is being collated, and what it will be used for.

Employers should take care not to collect more personal information than required. It is a breach of data protection rules to collect personal information that is irrelevant or excessive - so a candidate could argue that viewing a personal social media profile is excessive information gathering.

UK data protection law will change on 25 May 2018, when the new EU General Data Protection Regulation (GDPR) takes effect.

In brief, the GDPR extends a person's existing rights and makes them more explicit. For example: employers will need to provide job applicants with a privacy notice setting out the purposes for which data is required, together with the information needed to ensure processing is fair.

The GDPR also requires data to be processed fairly and lawfully, so an employer must also provide information on the legal basis for processing.

All such information provided must be concise, transparent, easily accessible and given in plain language.

In addition, employers must demonstrate that they are compliant with the data protection principles under the GDPR.

How to reduce the risk of using Social Media as part of the Recruitment process

Employers should consider the following:

  • Having a clear Social Media Policy covering the use of social media in the recruitment process. For example, it could be a company policy to prohibit connecting or adding a candidate to investigate their background or discover their ethnicity. This would minimise discrimination claims and data protection breaches;
  • To only check a social media profile following the initial interview. This would minimise the risk of claims that the decision whether to recruit was influenced by discriminatory factors which could only become apparent following a social media search (such as age and gender);
  • Prohibiting any employees of the company checking or searching for a candidate on social media, to limit claims of discrimination; and
  • Making it company policy to require verification of any information obtained on the internet before relying on it.