Facebook tells employers to lay off login demands

Facebook has warned employers who ask job applicants for their site passwords that they are breaching its terms and may run into legal problems over the practice.

Facebook has warned companies against asking job applicants for their login details to the social-networking site. Image: CNET UK

In a blog post on Friday, the company's chief privacy officer, Erin Egan, noted a "distressing" increase in reported demands for login details, and pointed out that Facebook's terms and conditions explicitly ban users from giving their passwords to anyone else, or from soliciting other people's passwords.

The practice of demanding access to a Facebook profile or private details by a third party "undermines the privacy expectations and the security of both the user and the user's friends", she noted.

The issue has heated up in recent weeks, with reports of major companies urging job applicants to surrender their passwords. However, such requests may cause problems for prospective employers that they are not anticipating, according to Egan.

"If an employer sees on Facebook that someone is a member of a protected group (eg. over a certain age, etc.), that employer may open themselves up to claims of discrimination if they don't hire that person," Egan said.

"Employers also may not have the proper policies and training for reviewers to handle private information. If they don't — and actually, even if they do — the employer may assume liability for the protection of the information they have seen or for knowing what responsibilities may arise based on different types of information (eg. if the information suggests the commission of a crime)," she continued.

UK law

Asking job applicants for passwords is not in itself unlawful in the UK, according to Ed Goodwyn, partner in the employment team at law firm Pinsent Mason.

This disturbing practice represents a grave intrusion into personal privacy.

– US senators Richard Blumenthal and Charles Schumer

There is also unlikely to be a breach of the Data Protection Act if the applicant hands over login details willingly, he noted. However, Goodwyn agreed there are some risks for prospective hirers.

"If the employer relies on a protected characteristic which is apparent from the Facebook pages (such as that the candidate is a trade union activist, is disabled, etc.) then that will be unlawful," Goldwyn said. "Furthermore, once the employment relationship is formed, any further use of Facebook in this way without further permission from the employee would be a breach of the implied duty of trust and confidence."

Companies could also face legal problems if they treat a worker less favourably for refusing the request, he noted.

Calls for an investigation

In the US, the issue has been taken up by two senators, who have called for a federal investigation. In a statement on Sunday, US senators Richard Blumenthal and Charles Schumer said collecting personal information such as "communications, religious views, national origin, family history, gender, marital status and age […] under the guise of a background check may simply be a pretext for discrimination".

"This disturbing practice represents a grave intrusion into personal privacy that could set a dangerous precedent for personal privacy and online privacy, make it more difficult for Americans to get jobs, and expose employers to discrimination claims," the Democrat lawmakers said.

The senators asked the US Equal Employment Opportunity Commission (EEOC) and Department of Justice (DOJ) to investigate whether such demands are in breach of federal law.

According to reports, businesses such as Sears are accessing applicants' profiles via third-party Facebook apps. Sears, for example, lets candidates log in to their job site using such an app, which can then draw information from their profile.

In her post, Egan said Facebook will "take action to protect the privacy and security of our users, whether by engaging policymakers or, where appropriate, by initiating legal action, including by shutting down applications that abuse their privileges".