Employers often tend to research applicants on the internet to get a more comprehensive picture of them. This can be done by searching publicly available professional profiles on platforms such as LinkedIn or Xing, which is usually acceptable. However, employers are treading on thin legal ice when they use private information from social networks such as Facebook or Instagram, especially if the information comes from personally used profiles and is not clearly professionally relevant.
A ruling by the Düsseldorf Regional Labour Court has clarified the legal requirements in this context. Employers must inform applicants about online searches carried out in accordance with the General Data Protection Regulation (GDPR). The court ruled that failure to provide such notification constitutes a breach of the duty to inform, which could open up claims for damages for the applicants concerned.
Legally, sensitive data such as political opinions, religious beliefs or health information may not be included in the assessment of an applicant. If there is a suspicion that an applicant is withholding relevant information, it is still possible to carry out more specific research, but the employer must be transparent and inform the applicant in advance.
The use of Google and other search engines for applicant research can be helpful, but harbours legal risks. Violations of the GDPR can lead to financial penalties and claims for damages. It is therefore important for companies to be aware of the risks and strictly adhere to data protection regulations in order to avoid not only legal but also reputational damage.