BLOG POST

How GDPR and FCRA Apply to Social Media Background Checks – The Do’s and Don’ts of Social Media Background Checks for Employers

The widespread use of social media has led to an increasing trend among employers to conduct social media checks as part of their recruitment process. However, employers must be aware of the GDPR and FCRA implications of such checks, which set out strict rules for the processing of personal data, including data collected from social media checks. Employers must ensure that social media checks are conducted in a lawful, fair, and transparent manner and that the data collected is relevant, accurate, and necessary.

GDPR and FCRA implications of Social Media Background Checks

In today’s world, social media has become an integral part of our lives, and many of us use social media platforms to share personal information, opinions, and views. However, the widespread use of social media has led to an increasing trend among employers to conduct Social Media checks as part of their recruitment process.
While Social Media checks can help employers gather information about a candidate’s character, qualifications, and work history, it is essential to be aware of the General Data Protection Regulations (GDPR) and the Fair Credit Reporting Act (FCRA) implications of such checks. The GDPR and FCRA sets out strict rules for the processing of personal data, including data collected from Social Media checks.

Personal Data

Social Media checks involve an employer or other organization gathering information about a person from their social media profiles, which can include sensitive personal data. Firstly, it is important to understand what is meant by personal data. Personal data includes any information that can be used to identify a living individual, such as their name, address, email address, or even their IP address. Additionally, the GDPR also includes special categories of personal data, such as race, ethnicity, political opinions, religious beliefs, health data, and sexual orientation.

When conducting Social Media checks, employers are likely to gather personal data from a candidate’s social media profiles. This data could include their name, age, gender, location, employment history, education, and other personal information such as political views, religious beliefs, or health-related information.

Personal data must be processed lawfully, fairly, and transparently. This means that the person whose data is being processed must be aware of the processing and have given their consent for it to take place, or the processing must be necessary for a legitimate reason, such as for the employer to carry out their duties.

Legitimacy

When it comes to Social Media checks, an employer must have a legitimate reason for conducting them. For example, an employer may want to verify a candidate’s work history, or assess their character or cultural fit. However, employers must ensure that the information gathered is relevant, accurate and not excessive. They must also inform job candidates that they plan to conduct social media checks and explain why they are necessary.

Data Integrity

Employers must ensure that they process personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures. Ensuring your supplier is accredited to standards e.g. ISO27001 and ISO27701 provides a good level of confidence.

Employers must keep personal data secure, only keep it for as long as necessary and not to use it for any purposes other than those for which it was collected. This means that employers cannot use Social Media checks to discriminate against candidates based on their race, gender, age, sexual orientation, or any other protected characteristic.

About Neotas Social Media Background Checks

At Neotas, We understand the importance of conducting thorough and compliant Social Media Screening Checks, and our team of experts is dedicated to ensuring that the process is safe and reliable. Receive accurate and up-to-date information while complying with all relevant regulations, including GDPR and FCRA. Our advanced OSINT technology and human intelligence allow us to uncover valuable insights that traditional checks may miss.

Neotas Enhanced Due Diligence

The Neotas Platform is a world first. It enables the user to interrogate all available sources from traditional databases to the entire internet (not just the 4-6% of it by Google). The Platform intelligently uses its own investigative techniques, responds to information found and contextualises it for the user.

Read All Posts

Subscribe To Our Weekly Newsletter

No spam, notifications only about new products, updates.

Cookie	Duration	Description
AWSALBTG	7 days	AWS Application Load Balancer Cookie. Load Balancing Cookie: Used to encode information about the selected target group.
AWSALBTGCORS	7 days	AWS Classic Load Balancer Cookie: Used to map the session to the instance. This cookie is identical to the original ELB cookie except for the attribute &SameSite=None;
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
debug	never	Cookie used to debug code and website issues
shown	session	Session cookie to control number of times a pop up is shown.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
AnalyticsSyncHistory	1 month	Used to store information about the time a sync took place with the lms_analytics cookie
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	2 years	LinkedIn sets this cookie to store performed actions on the website.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Cookie	Duration	Description
li_gc	2 years	Used to store consent of guests regarding the use of cookies for non-essential purposes
rl_anonymous_id	1 year	Generates an unique anonymous Id to identify a user and attach to a subsequent event.
rl_user_id	1 year	to store a unique user ID for the purpose of Marketing/Tracking

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_107495977_1	1 minute	Set by Google to distinguish users.
_gat_UA-107495977-1	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
attribution_user_id	1 year	This cookie is set by Typeform for usage statistics and is used in context with the website's pop-up questionnaires and messengering.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

BLOG POST

How GDPR and FCRA Apply to Social Media Background Checks – The Do’s and Don’ts of Social Media Background Checks for Employers

GDPR and FCRA implications of Social Media Background Checks

About Neotas Social Media Background Checks

Share:

Neotas Enhanced Due Diligence

Leave a Comment Cancel reply

Subscribe To Our Weekly Newsletter

Case Studies

Creating an effective framework for managing risk with suppliers and third parties using open-source intelligence (OSINT)

The Risk-Based Approach: How Open Source Intelligence (OSINT) is transforming enhanced due diligence and investigations in AML compliance

Open Source Intelligence and ESG (OSINT-ESG)

Money Laundering Fraudster identified through aliases

Neotas 2021 Due Diligence Screening Annual Report

Neotas 2021 Employment Screening Annual Report

Terrorist Financing Uncovered In Subject’s Network

Ongoing Monitoring Protects Credit Against Subsidiary Threat

Undisclosed Political Links Uncovered For European Organisation

Social Media Screening Reveals Insider Threat & Abusive Past

Social Media Due Diligence Helps Confirm Charitable Candidate

Management Due Diligence Reveals Abusive CEO

Blogs on Due Diligence

Overcoming Enhanced Due Diligence Challenges on High Risk Customers

How OSINT Can Help Challenger Banks Create More Robust AML Controls

ESG and The Power Of Open-Source Intelligence (OSINT)

Suisse Secrets Leaks Exposes EDD Shortcomings

Neotas Due Diligence 2021 Annual Report

Neotas Employment Screening 2021 Annual Report

Using Open Source Intelligence To Battle Fin Crime

Private Equity Risk: What You Don’t Know Can Hurt You

Using Open Source Intelligence To Enhance Online Reputation Management