Social Media Background Checks

The widespread use of social media has led to an increasing trend among employers to conduct social media checks as part of their recruitment process. However, employers must be aware of the GDPR and FCRA implications of such checks, which set out strict rules for the processing of personal data, including data collected from social media checks. Employers must ensure that social media checks are conducted in a lawful, fair, and transparent manner and that the data collected is relevant, accurate, and necessary.

GDPR and FCRA implications of Social Media Background Checks

In today’s world, social media has become an integral part of our lives, and many of us use social media platforms to share personal information, opinions, and views. However, the widespread use of social media has led to an increasing trend among employers to conduct Social Media checks as part of their recruitment process.
While Social Media checks can help employers gather information about a candidate’s character, qualifications, and work history, it is essential to be aware of the General Data Protection Regulations (GDPR) and the Fair Credit Reporting Act (FCRA) implications of such checks. The GDPR and FCRA sets out strict rules for the processing of personal data, including data collected from Social Media checks.

Personal Data

Social Media checks involve an employer or other organization gathering information about a person from their social media profiles, which can include sensitive personal data. Firstly, it is important to understand what is meant by personal data. Personal data includes any information that can be used to identify a living individual, such as their name, address, email address, or even their IP address. Additionally, the GDPR also includes special categories of personal data, such as race, ethnicity, political opinions, religious beliefs, health data, and sexual orientation.

When conducting Social Media checks, employers are likely to gather personal data from a candidate’s social media profiles. This data could include their name, age, gender, location, employment history, education, and other personal information such as political views, religious beliefs, or health-related information.

Personal data must be processed lawfully, fairly, and transparently. This means that the person whose data is being processed must be aware of the processing and have given their consent for it to take place, or the processing must be necessary for a legitimate reason, such as for the employer to carry out their duties.

Legitimacy

When it comes to Social Media checks, an employer must have a legitimate reason for conducting them. For example, an employer may want to verify a candidate’s work history, or assess their character or cultural fit. However, employers must ensure that the information gathered is relevant, accurate and not excessive. They must also inform job candidates that they plan to conduct social media checks and explain why they are necessary.

Data Integrity

Employers must ensure that they process personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures. Ensuring your supplier is accredited to standards e.g. ISO27001 and ISO27701 provides a good level of confidence.

Employers must keep personal data secure, only keep it for as long as necessary and not to use it for any purposes other than those for which it was collected. This means that employers cannot use Social Media checks to discriminate against candidates based on their race, gender, age, sexual orientation, or any other protected characteristic.

FAQs on GDPR and FCRA implications of Social Media Background Checks

Q: What is the GDPR, and how does it relate to social media background checks?

The GDPR is the General Data Protection Regulation, a European Union regulation that governs the protection of personal data. It relates to social media background checks when employers process personal data from social media platforms during the hiring process.

Q: Do GDPR regulations apply to all social media background checks, or only those involving EU citizens?

GDPR regulations apply to social media background checks that involve the personal data of EU citizens, regardless of where the employer is located. If the checks involve candidates from the EU, GDPR compliance is mandatory.

Q: Can employers conduct social media background checks without explicit consent from the job candidate under the GDPR?

No, employers must obtain explicit consent from job candidates before conducting social media background checks. Consent must be freely given, specific, informed, and unambiguous, as per GDPR requirements.

Q: Are there any specific guidelines on data retention periods for social media background checks under the GDPR?

While the GDPR does not provide specific data retention periods, employers should only retain social media data for as long as necessary to fulfill the purpose for which it was collected. They must establish clear retention policies and delete data once it becomes irrelevant.

Q: Can employers use automated decision-making based on social media data without violating the GDPR?

Employers can use automated decision-making based on social media data, but they must ensure it complies with the GDPR’s principles, such as transparency and the right to human review of automated decisions.

Q: Can candidates request access to the social media data obtained during the background check process under the GDPR?

Yes, candidates have the right to request access to the personal data collected from social media background checks. Employers must provide this information upon request, along with details of how the data was processed.

Q: Can social media data obtained during background checks be shared with third parties under the GDPR?

Social media data obtained during background checks can be shared with third parties only if there is a lawful basis for such sharing and if the candidate has been properly informed about it.

Q: What specific disclosures must employers provide to candidates under the FCRA when conducting social media background checks?

Under the Fair Credit Reporting Act (FCRA), employers must provide a clear and separate disclosure to candidates before conducting social media background checks. The disclosure must inform the candidate that the check may be used for employment decisions and must obtain written consent.

Q: Can employers use information obtained from social media checks to make “adverse employment decisions” under the FCRA?

Yes, employers can use information from social media checks to make adverse employment decisions under the FCRA, but they must follow specific procedures outlined in the law. This includes providing the candidate with a pre-adverse action notice and allowing them time to dispute the accuracy of the information.

Q: How long can employers retain social media data obtained during background checks under the FCRA?

The FCRA does not specify a specific data retention period for social media data. However, employers are encouraged to retain the data only for as long as necessary and in compliance with other relevant laws.

Q: Can job candidates dispute the accuracy of social media data used in background checks under the FCRA?

Yes, job candidates have the right to dispute the accuracy of social media data used in background checks under the FCRA. Employers must provide a process for candidates to dispute any inaccuracies and correct the information if necessary.

Q: Can social media background checks be conducted on current employees under the GDPR and FCRA?

Yes, social media background checks can be conducted on current employees, but employers must ensure that they have a legitimate reason and comply with relevant GDPR and FCRA regulations. Consent or a legitimate interest must be established before conducting such checks.

Q: Can employers use publicly available social media data without obtaining consent under the GDPR and FCRA?

Yes, employers can use publicly available social media data without obtaining consent, as long as the data is legitimately obtained and used for lawful purposes, and it complies with applicable GDPR and FCRA guidelines.

Q: How should employers inform job candidates about the social media background check process under the GDPR and FCRA?

Employers should provide clear and transparent information to job candidates about the social media background check process. This includes disclosing the types of data they will collect and how they will use it, ensuring candidates are fully informed.

Q: Are there any restrictions on the types of social media data that employers can collect under the GDPR and FCRA?

While there are no specific restrictions on the types of social media data that can be collected, employers should only gather data that is relevant and necessary for the job-related purpose and avoid collecting sensitive or irrelevant information.

Q: Can social media background checks be outsourced to third-party vendors under the GDPR and FCRA?

Yes, social media background checks can be outsourced to third-party vendors, but employers must ensure that the vendors comply with GDPR and FCRA requirements and protect the privacy of the candidates’ data.

Q: Can employers use social media data to discriminate against candidates based on their race, religion, or other protected characteristics under the GDPR and FCRA?

No, employers cannot use social media data to discriminate against candidates based on protected characteristics under the GDPR and FCRA. Such practices are strictly prohibited and can lead to legal consequences.

Q: Can social media background checks impact a candidate’s right to be forgotten under the GDPR?

Yes, if a candidate requests their data to be deleted under the right to be forgotten provision of the GDPR, employers must comply and remove any social media data obtained through the background check process, provided there are no legitimate reasons to retain it.

Q: What should employers do if they find misleading or false information about a candidate during a social media background check?

If employers find misleading or false information during a social media background check, they should not use it to make hiring decisions. Instead, they should inform the candidate and provide them with an opportunity to clarify or dispute the information.

Q: Can employers use automated tools or algorithms to process social media data during background checks under the GDPR and FCRA?

Employers can use automated tools or algorithms to process social media data during background checks, but they must ensure that such tools comply with the principles of transparency, fairness, and accountability under the GDPR and FCRA.

Q: Are there any additional requirements for social media background checks when dealing with candidates who are minors under the GDPR and FCRA?

When dealing with candidates who are minors, employers must be especially cautious. They should obtain consent from the candidate’s legal guardian, ensure the information obtained is relevant to the job, and comply with any additional regulations related to minors’ data protection.

Q: Can employers use social media data to assess a candidate’s suitability for remote work positions under the GDPR and FCRA?

Yes, employers can use social media data to assess a candidate’s suitability for remote work positions, provided they do so in a fair and non-discriminatory manner and comply with all applicable privacy regulations.

Q: What should employers do with social media data after the hiring process is complete under the GDPR and FCRA?

After the hiring process is complete, employers should ensure they have a proper data retention and deletion policy. Social media data that is no longer relevant should be securely deleted to comply with GDPR and FCRA requirements.

Q: Can employers use social media data obtained during background checks for purposes other than hiring decisions under the GDPR and FCRA?

Employers should use social media data obtained during background checks only for the purpose for which it was collected, typically for making informed hiring decisions. Using the data for other purposes could lead to non-compliance with GDPR and FCRA regulations.

Q: What measures can employers take to ensure compliance with both GDPR and FCRA during social media background checks?

Employers can ensure compliance by obtaining explicit consent from candidates, providing clear disclosures, using reputable third-party vendors, maintaining data accuracy, and establishing appropriate data retention and deletion policies.

Q: Can social media background checks be conducted on candidates applying for internships or volunteer positions under the GDPR and FCRA?

Yes, social media background checks can be conducted on candidates applying for internships or volunteer positions, but employers should follow the same GDPR and FCRA guidelines as they would for regular job candidates.

Q: Can employers conduct periodic social media background checks on their current employees under the GDPR and FCRA?

Yes, employers can conduct periodic social media background checks on their current employees, but they must have a legitimate reason and comply with GDPR and FCRA requirements. Employee consent or a legitimate interest must be established.

Q: Can candidates refuse to undergo a social media background check without it negatively affecting their job application under the GDPR and FCRA?

In general, candidates have the right to refuse a social media background check, and employers should not negatively impact their job application solely based on their refusal, as long as the refusal does not violate any legal or regulatory obligations.

Neotas Social Media Background Checks and Social Media Screening

At Neotas, We understand the importance of conducting thorough and compliant Social Media Screening Checks, and our team of experts is dedicated to ensuring that the process is safe and reliable. Receive accurate and up-to-date information while complying with all relevant regulations, including GDPR and FCRA. Our advanced OSINT technology and human intelligence allow us to uncover valuable insights that traditional checks may miss.

Schedule a call today! We highlight behavioural risks identified across social media profiles and the wider internet. Supplements the background screening process. Learn more about how we can help you conduct social media screening and background checks in a safe and compliant manner.

Related Content on Social Media Screening, Background Checks, and Social Media Background Check

• OSINT Background Check | What Makes Neotas Different?
• Social Media Background Checks For Education Industry
• Social Media Check For Teachers
• Social Media check for Lawyers and other legal professionals
• Social Media Check for doctors and healthcare specialists
• Social Media Check for Police Officers
• How Social Media Screening Benefits Our Clients
• AI-Based Social Media Checks Without Human Intervention
• Avoid the cost of a bad hire with online reputation screening
• The Truth About Social Media Screening And GDPR
• How GDPR and FCRA Apply to Social Media Background Checks — The Do’s and Don’ts of Social Media Background Checks for Employers
• Regulatory Compliance in Digital Screening: International view of the emerging Challenges and Opportunities
• Social Media Screening Webinar — Vero Screening X Neotas
• Neotas Online & Social Media Screening Video
• Pre-Employment Background Checks and Social Media Screening – What NOT To Do
• Online Reputation Screening Uncovers Piracy & Data Leak History For Candidate
• Pre Employment Social Media Screening Helps Firm Avoid Abusive Hiring Candidate

Neotas Social Media Screening and Online Reputation Screening Services:

• Online Reputation Screening
• Social Media Screening
• Social Media Check
• OSINT Framework, OSINT Tools, OSINT Techniques, and how to use OSINT framework.
• Follow us on LinkedIn for the latest updates on Neotas Screening Solutions.