Employers’ practice of demanding access to job applicants’ privacy-protected social-networking pages has sparked concern among privacy advocates and outrage among ordinary Americans who object to tactics like “shoulder surfing”: the practice of demanding in, say, a job interview that someone log in to Facebook and reveal the privacy-protected parts of their profile. Now Facebook has weighed in on the debate with a stern message to companies: Stop snooping on our users’ pages, lest you open yourselves up to “unanticipated legal liability.”
In a statement on its website, Facebook chief privacy officer Erin Egan says the company has noticed what it terms a “distressing increase” in the number of employers who ask for or outright demand access to workers’ privacy-protected Facebook content.
She doesn’t mince words, saying, “This practice undermines the privacy expectations and the security of both the user and the user’s friends … As a user, you shouldn’t be forced to share your private information and communications just to get a job.” Facebook has invested a lot of know-how and technology in creating mechanisms that help people choose where, when and with whom they share information, she points out; she doesn’t appreciate that employers are taking advantage of a high unemployment rate to make an end run around those protections.
Egan saves her harshest criticism for workplaces that outright demand job applicants’ log-in credentials, calling it the “most alarming” variation of this trend. Although she doesn’t mention it by name, Egan implicitly calls out shoulder surfing in her condemnation of practices that threaten users’ privacy.
“If you are a Facebook user, you should never have to share your password, let anyone access your account or do anything that might jeopardize the security of your account,” she says. Privacy experts have pointed out in the past that in order to comply with the demand to fork over their passwords, prospective employees would have to violate Facebook’s terms of service. Egan reminds employers that it’s against Facebook’s rules to solicit somebody else’s password.
If someone with the power to hire and fire is clicking through someone else’s Facebook page, that person could very easily come across references to age, race, religion or other categories that are protected from workplace discrimination. Egan says companies or other hiring entities could face exposure to lawsuits if workers believe they were passed over for a job or discriminated against in other ways because someone in a position of authority had that information.
Recently, privacy experts have voiced concern that current or prospective employees would have a hard time proving that kind of discrimination in court. In early March, Aleecia M. McDonald, a privacy researcher and resident fellow at the Stanford Center for Internet and Society, told TIME’s Moneyland blog, “Things employers legally cannot ask are available for them to discover on Facebook … but all research shows that these things do influence hiring decisions.”
Facebook’s strongly worded warning of the legal liability shoulder-surfing employers are opening themselves up to should make executives and hiring managers responsible for these practices think twice about asking job seekers or current workers for unfettered access to their private social-media content.