In a recent report commissioned by Microsoft, the market research firm Cross-tab released startling figures about how employers use data gleaned from the Internet in hiring.  Fully 41% of UK recruiters and HR professionals had rejected candidates based on personal data found online, with 16% of their German colleagues and 14% of French recruiters doing the same.  In Germany, 59% of recruiters seek "reputational data" available online even in the absence of a corporate policy dictating such searches, with male recruiters more actively checking such data. Search engines are a primary target for such checks, with social networking sites, photo and video sharing sites, blogs and news sharing sites close behind.  Recruiters in the UK, Germany, and France cite inappropriate comments and text written by the candidate, unsuitable videos, photos, and information, membership in certain groups and networks, and discoveries of false information as having influenced decisions to reject a candidate. 

 

For job seekers the report's message is clear: actively manage your online reputation and be aware of your data protection rights.  Employers, on the other hand, must comply with the obligations that data protection laws impose on them as they seek reputational data online. 

 

Under the EU Data Protection Directive 95/46/EC (the "Directive"), which is currently in the process of being revised, personal data must be processed fairly and lawfully. The data must be collected for specified, explicit, and legitimate purposes, they must be adequate, relevant and not excessive in relation to the purposes for which they are collected, and they must be accurate and up-to-date.  Sensitive personal data, such as data revealing racial or ethnic origin, political opinion, religious or philosophical beliefs, or data concerning sex life can only be processed if the person to whom the data relate has given her explicit consent and under other narrowly interpreted exceptions. Furthermore, the persons to whom the data relate must be informed about the circumstances of the data processing, and they have the right to access the data and to correct incorrect data. These basic requirements have been implemented into laws of all EU Member States. Some Member States, such as Finland, have gone even further in protecting the privacy rights of employees and job applicants.  Under the Finnish law, personal data can only be collected directly from the employee (or a job applicant). If data are collected from sources other than the employee, employee consent must be obtained. Thus, no googling without consent in Finland. 

 

Translated into the rough-and-tumble world that is the current job market, at least the following points are worth considering for both job seekers and employees:

 

• Communicating to job applicants that online searches will be carried out makes the processing fairer;

 

• The purposes of such searches should be defined in advance, considering for example the position and the nature of the employer's business, thereby avoiding fishing expeditions where data are collected because they "may be necessary" in the future;

 

• Employers should carefully ensure that any data in the search results are correct so as to minimize the impact of negative, but ultimately incorrect or misinterpreted, information;

 

•Applicant consent should be sought to process sensitive reputational data; and

 

•Applicants should be given access to the reputational data collected by the employer upon request and be given an opportunity to correct inaccurate data. Moreover, data culled online should not be used for discriminatory purposes.

As there are cultural, generational, social, national, and other factors that come into play, all in the often contextless world of online information, both employers and job applicants need to tread these waters carefully, for neither needs to be reminded that what is on the Internet is not always correct or true.