You need to work for a smaller company, that has no HR.

>>12970

Smaller companies employ recruiters, and they are even worse than the HR

>>12969
You fucking berk.

>>12969
>"I'm on Facebook but don't really use it too much these days. I just use it to keep in touch with friends and family, mainly"

^Seems like a perfectly acceptable answer to me.

Just memorise some spiel from reliable news sources covering not only the privacy invasions of Facebook etc but also how large a percentage of their and other SM companies ad views are faked. Too much of the former will make you come off as paranoid but if you can deliver the latter well enough, you'll sound like you actually know what you're talking about and might be a valuable asset when it comes to knowing where to put their ad budget.

> I am simply an antisocial cunt

There's your problem mate, you need to at least pretend to be a tolerable human being. "I prefer to keep in touch with people the old-fashioned way, because nothing compares to a real conversation" should be perfectly acceptable. Also, try not to come across like a would-be serial killer.

>>12969
Exactly the same as you lad. Old, work in IT, no social media presence - always have a good explanation for this.

I have been on the internet for XX years but have chosen not to participate in Facebook, Twitter, LinkedIn, etc - I am fanatical about my anonymity and the rights of an individual to not have to share data with companies that are simply going to show me and others adverts - these are just advertising platforms. A few years ago, people would be surprised at this answer, but with recent events around so called "fake news" and the manipulation of elections and the misuse of data, I think my position has become far more normal. I am also an expert on GDPR and Privacy Rights and I simply do not trust these companies with my data, nor do I wish to engage with strangers on these platforms. >>Expand here with more truths about what your real position is, just don't mention that you hang about on .gs / other chans with losers like us.

I always fly this question, as a) it is the truth, I really am passionate about anonymity b) I rehearse it to death and have a good story about it; I know it is something I am going to be asked.

Now, if you're going for a job at a social media company, then this won't wash, but let's be honest, neither of us probably want to work at FB.

I have genuinely worked for some of the largest internet companies, some that you have definitely heard of and use regularly, and currently work in banking. Without .gs having a salary/job survey, I would be willing to bet that I'm definitely one of the highest paid IT people here.

Be honest, practice the answer, and don't worry about it - more of us out here than you think.

>>12969
You need to work for better companies that don't intrude on you in this way. I have never once been asked about this in an interview, and it would be an instant red flag to me if an interviewer did.

>>12969
Same here mate but I'm still in my 20's. Social media has never interested me and does even less so now. Someone asked if I even existed once. What this lad said though >>12976 it all goes down a lot easier now if the person you're talking to actually reads the news.

>>12977
Depends on what sector you work in, but just about every company asks about it nowadays - it isn't a problem if you have a social media presence or not, but don't lie about it, just makes it look like you're hiding something bad.

It's a different debate, but I think its perfectly normal to check this - if you have a social media presence, that's full of extreme political Tommy/Corbyn memes or dick-pics, then I think an employer is reasonably entitled to make a judgement about how you spend your spare time, and hire you or not on the basis of it.

>>12980

This. I've googled every single person I've ever interviewed, because you'd be surprised how many people are thick enough to post stuff to public social media.

I'm not sure I'd ever ask why someone doesn't have any, but that's because like >>12976 I tend to think it's mostly a terrible idea to have any. Whenever I try to find someone on facebook and their account is locked down to the point that I can't even see their profile picture, then I trust them far more to operate in my business, despite it having nothing to do with the internet or tech.

>>12980
>I think an employer is reasonably entitled to make a judgement about how you spend your spare time, and hire you or not on the basis of it.
I would disagree that an employer has any entitlement whatsoever to decide what its employees can or cannot do in their own time, but as you said when you brought it up that's an entirely different debate.

>>12981
>I've googled every single person I've ever interviewed, because you'd be surprised how many people are thick enough to post stuff to public social media.
This is bad and you should feel bad for doing it. The mere fact of using social media does not make you a public figure and does not make your private life a public matter any more than living in your front room does.

>>12982>>12983


I don't think it's about what people do in their spare time or peering into their private life, rather what sort of person they are. As said recently on here, one arsehole can ruin an entire team, and it's often pretty easy to spot an arsehole by the way they post on facebook. I don't think that's an unreasonable thing to be looking at, though it's always a judgement call - I don't see it as much different than 'getting a sense' of someone as you talk to them in interview, which we all do innately.

I see the argument that someone's private life doesn't dictate their working life, but unless they're capable of switching off their personality between 9 and 5, then if they're a cunt, or privately not a good fit with the team, then there will eventually be problems.

It's an extreme example but if the lad goes to gay racist rallies on the weekend, are we to expect him to work seamlessly and harmoniously with your office full of immigrants? You might say you have no right to judge a man's working abilities via his private life, but could you honestly say the right move is to hire him? Again I realise this is an extreme example and I don't mean to use it to manipulate my point - I think even a subtle arsehole can be weeded out pretty easily, and I don't see why I shouldn't be able to use a rudimentary and basic search to do so.

>>12981
Me too and the same goes for most HR departments. You're only going to be asked this question if there is nothing out there on you - if you're easily findable, then the question isn't going to come up, but don't make the mistake thinking therefore people aren't looking at it and making a judgement about it.

>>12985

More to the point - if you're thick enough to present a negative version of yourself on public digital record, then you're a fucking moron and don't deserve employment.

Just about every photo ever taken of me is of me off my face on drugs, but you'll never find them even if I gave you my name, address and passport, because I understand how the internet works. This is why I'm employable despite my offensive and unprofessional private life. Putting my name into facebook simply isn't the same thing as paying a PI to follow me into the BDSM club.

>>12987
> if you're thick enough to present a negative version of yourself on public digital record, then you're a fucking moron and don't deserve employment

Exactly the point.

>>12983

>does not make your private life a public matter any more than living in your front room does.

Do you leave the curtains open when you have a wank on the sofa?

>>12972

What the hell, I was not aware of the "no titties" policy


OK, guys, thanks to everyone for the answers. I was just being paranoid. At least I am not one of those cunts putting online pics where they snort coke out of a tranny hookers ass.

>>12985
>I don't think it's about what people do in their spare time or peering into their private life, rather what sort of person they are.
If you can't work that out from the interactions you have with them, you've got no business being in a position to hire people. Who someone is in the office may not reflect who they are outside, and vice versa. I've worked with people I wouldn't want to associate with outside work, but while on the job they've been thoroughly competent and professional.

>As said recently on here, one arsehole can ruin an entire team
Quite, but it's worth stopping occasionally to check they're not looking back at you in the mirror. There's a lot of talk in tech about the risks and effects of a monoculture, and consensus is that it arises from people applying their own judgment in hiring, looking for people they like the look of, filtering out candidates that don't "fit" their profile. Some of the better teams I've worked on were in the public sector, where recruitment is blind and decisions made on the basis of what the candidates present to you. Careful questions at interview will weed out the arseholes with better accuracy and specificity.

>I don't see it as much different than 'getting a sense' of someone as you talk to them in interview, which we all do innately.
It's very different. Imagine an interview where all you have to go on is CCTV of the candidate answering questions you've written down. No interaction, just observation. Or an interview where you tell the candidate to give you their unlocked phone before you ask any questions. Those are in effect what you're doing when you go digging through someone's social profiles. Remember, you're a potential employer. You're not in their social circles, nor are you inviting them into yours.

>It's an extreme example
I'm not even going to bother. Extreme examples make bad arguments. We're not machines, we're humans. We don't operate by strict rules and instructions. We're perfectly capable of setting aside rogue results from extreme examples because we can shut down loopholes.

>I don't see why I shouldn't be able to use a rudimentary and basic search to do so.
That's what the construction industry said about their troublemakers. Look where that got them.

>>12990
>I was not aware of the "no titties" policy

Everything outside of /x/, /y/, /A/ and /bint/ is deemed safe for work.

>>12991

>If you can't work that out from the interactions you have with them, you've got no business being in a position to hire people

Why not sift the arseholes out before I ever have to interact with them?

>it arises from people applying their own judgment in hiring

What if the work involves close quarters, high stress teamwork? Is taking personality out of the equation a good idea then?

>It's very different. Imagine an interview where all you have to go on is CCTV of the candidate answering questions you've written down. No interaction, just observation. Or an interview where you tell the candidate to give you their unlocked phone before you ask any questions.

You're assuming a lot about who I do and don't invite to interview based on their social media profiles.

>You're not in their social circles

If I'm bringing someone in they need to be socially compatible with the rest of the team. It's just how it goes in our industry.

>I'm not even going to bother. Extreme examples make bad arguments.

I admitted as much.

>That's what the construction industry said about their troublemakers. Look where that got them.

Still doing DBS checks?

>>12993
>Why not sift the arseholes out before I ever have to interact with them?
Like I said, accuracy and specificity.

>What if the work involves close quarters, high stress teamwork?
What if it does? Adjust your questioning as appropriate. It's not my problem if you can't or won't do your job properly.

>You're assuming a lot about who I do and don't invite to interview based on their social media profiles.
Yes, and in my experience those assumptions hold up pretty much every time.

>Still doing DBS checks?
Assuming you didn't just equate posting drunk selfies with being on a statutory register, if you want a DBS check you're more than welcome to pay for one like everyone else to get the same information as everyone else.

>>12994

I don't know, lad, I get paid to hire people and it sounds like you do too. Maybe both ways work.

What I was saying about the DBS is that most construction jobs still require one despite it often being borderline inappropriate.

>>12991

If you choose to make certain aspects of your personal life public, then employers are going to make use of that information in their hiring decisions. We could debate the rights and wrongs of that ad nauseum, but the practical reality is that you need to exercise some amount of discretion if you want hiring managers to take you seriously.

I don't really care what you do in your personal life, but I do care about your judgement. To me, having easily-Googleable racist rants or pictures of you being sick in a bin associated with your real name implies a tremendous lack of judgement. If you have no compunctions about embarrassing yourself personally, the odds are fairly good that you'll eventually do something to embarrass the company.

Go to kinky sex parties, hold abhorrent political views, hunt the homeless for sport, I don't really care - just have the common sense to keep it quiet.

>>12997

>Go to kinky sex parties, hold abhorrent political views, hunt the homeless for sport, I don't really care - just have the common sense to keep it quiet.

This is exactly it. Well said.

>>12996
>I don't know, lad, I get paid to hire people and it sounds like you do too. Maybe both ways work.
One certainly works better than the other in my experience. That said, I'm in an industry where decent people are few and far between and have a tendency to be eccentric, so the social media filter has an unacceptably high false positive rate.

>What I was saying about the DBS is that most construction jobs still require one despite it often being borderline inappropriate.
There's a reason you need to wear hard hats and toecaps on site. I don't think it's that inappropriate to request a Basic check to see if they have recent convictions for violence, and if you're bringing someone on for a job like a school extension or a hospital refurb you might need a higher level.

Just in case anyone still wasn't aware of this, there was a time where construction firms would check potential hires and contractors to see if they'd raised health and safety issues or engaged in trade union activity.

>>12996
>What I was saying about the DBS is that most construction jobs still require one despite it often being borderline inappropriate.

Interested in why you say that. In my line of work I get DBS checked for every job (I have access, or control access, to huge amounts of personal information, payment cards and actual money). I don't know anything about construction, I guess they have a big problem with casual workers, who might or might not then follow appropriate safety rules?

I thought the scandal a few years back was about companies getting together and sharing lists of potentially "difficult" employees, which does feel out of order. What am I missing?

>>12999
>Just in case anyone still wasn't aware of this, there was a time where construction firms would check potential hires and contractors to see if they'd raised health and safety issues or engaged in trade union activity.

Ah thanks, my >>13000 post crossed this while I was typing. That is pretty outrageous.

>>12997
>If you choose to make certain aspects of your personal life public
Posting on social media does not make your personal life public any more than leaving company-confidential documents accessible to all staff makes them public, or parking your car on a public street makes it public.

>To me, having easily-Googleable racist rants or pictures of you being sick in a bin associated with your real name implies a tremendous lack of judgement.
You're entitled to your opinion. You're also entitled to be wrong. It's a bit hypocritical to expect your staff to respect boundaries if you're not going to do so yourself.

>>12999

>That said, I'm in an industry where decent people are few and far between and have a tendency to be eccentric, so the social media filter has an unacceptably high false positive rate.

Funnily enough I could say the exact same thing about mine. We hire a lot of criminals and weirdos at the lower end of the payscale. Vetting people via social media is almost a necessity here to avoid people who bring four tins of stella to their interview, or are arrested at the train station half an hour before you're due to meet. Both real examples. Perhaps both were still suited to the job, but perhaps it's smarter to not take the risk.

Of course once you start hiring for non-entry level positions and management, I can agree that maybe you would lose some perfectly excellent eccentrics, but as has been said, I think it just demonstrates competency to keep that sort of thing off the public internet, especially while actively applying/interviewing for jobs.

>>12997
>Go to kinky sex parties, hold abhorrent political views, hunt the homeless for sport, I don't really care - just have the common sense to keep it quiet.

Agreed in spades. If I google your name and find evidence you do some of these things, then I am naturally going to worry about how you'll get on with the Polish people, the gayers, the women in my team, let alone the posho's we actually work with most days. You can do all of those things and worse in your spare time, if you keep it private and I would defend to the death your right to do those - but if you're regularly posting that shit publicly then I am going to assume you're happy to bring it to work.

>>13000
>>13001
Yeah, the whole social media filter just strikes me as a way of identifying "potentialaly difficult" employees for a new generation. I believe that at least one company that tried providing this as a service folded in the face of potential legal action.

>>13003
>Vetting people via social media is almost a necessity here to avoid people who bring four tins of stella to their interview, or are arrested at the train station half an hour before you're due to meet.
Why do you need to avoid them? I'd say that in both cases they both successfully ruled themselves out at interview stage.

>>13004
>then I am naturally going to worry about how you'll get on with the Polish people, the gayers, the women in my team, let alone the posho's we actually work with most days
If your business is more than just a front for laundering money or fiddling taxes, then you have policies and procedures in place to deal with this, and you should not be afraid of applying them. Don't try them and convict them for something they haven't actually done yet.

>>13006

>Why do you need to avoid them?

Saves time and money. There's no reason to wait for someone to rule themselves out at interview stage if they can rule themselves out at 'okay I've googled them, good lord what are they doing to that monkey' stage a month earlier.

>>13007

>Don't try them and convict them for something they haven't actually done yet.

Might as well hire everyone and just fire the shit ones, then.

>>13005
The difference here though is that people are willingly making that information public - and that says something about their judgement as someone earlier put so eloquently. Not sure that is the same as construction companies secretly building a shared list.

There are companies that do background checks though, plenty of them, and I've not doubt social media postings form part of their work. It might not be so overt, but it's happening.

I recently heard of a project where people were using TripAdvisor data to form a view around credit worthiness. This shit is going on, now.

>>13008
>There's no reason to wait for someone to rule themselves out at interview stage if they can rule themselves out at 'okay I've googled them, good lord what are they doing to that monkey' stage a month earlier.

I don't know, I'd say "it's none of your fucking business" is a pretty good reason.

>>13011

You seem to be having an emotional reaction to a practical reality.

As said countless times in this thread, nobody gives a fuck what you do at home, but if you're broadcasting it over the internet, then you're a fucking idiot who can't be trusted to be competent and doesn't understand how jobs work.

And yes, I do consider, in 2019, that leaving your facebook non-private counts as 'broadcasting'.

>>13010
>The difference here though is that people are willingly making that information public
We've been through this before. It doesn't matter. It doesn't erase the expectation of privacy, and it doesn't mean you're not violating boundaries by looking for it.

>There are companies that do background checks though, plenty of them, and I've not doubt social media postings form part of their work.
My experience is that this is more likely than not a myth. Companies that do background checks basically centralise work eligibility, DBS, DVLA, credit, employment history, etc. By law, they also have to get your explicit consent to do so, so they will tell you what they're looking up, and none of the agreements I've read (and I do actually read them) have ever said anything about social media.

>I recently heard of a project where people were using TripAdvisor data to form a view around credit worthiness. This shit is going on, now.
I can see a case for doing this for businesses, but for individuals this would be very much illegal under GDPR unless the users have been explicitly told that this will happen. (No, small print in the privacy policy does not cut it.)

>>13012
>As said countless times in this thread, nobody gives a fuck what you do at home
Evidently someone doing a social media check cares, otherwise they wouldn't be looking in the first place. If you really don't care what they're doing at home, then you also don't care where they talk about it. There's no way around that without rationalisation.

>>13013
Most people will tick any box and (accidentally, perhaps) give that explicit consent if they're given a job offer/offer of credit that they like the look of, "subject to background checks". You can argue with the morality of that, and GDPR has certainly made some of the worst dark patterns explicitly illegal, but most people don't turn down those offers because of privacy issues.

In case anyone's still confused by employers looking at social media before hiring people, the legal position under GDPR is roughly this:

- An external candidate is not an employee, and is therefore not subject to your internal policies. Therefore, you must obtain informed consent before viewing their profile in association with the recruitment process.

- You must inform the candidate explicitly what you're looking for and why, before you do it. If challenged, you must be able to provide a legal basis for doing so.

- You must access only information that is relevant to job performance. You must not access information that is mostly irrelevant to go fishing for something that might be relevant. Consequently, a profile being publicly visible does not automatically grant consent to view it for the purpose of recruitment.

In practice, this means:
- You can look up someone's LinkedIn, because it's assumed to be a professional profile.
- You can look up someone's Facebook profile if it's a professional profile that they explicitly and intentionally use to sell themselves.
- You probably can't look up someone's personal Facebook profile, even if it's set to public, without their explicit consent to do so, and if they refuse you cannot draw adverse inferences.

I can see why some people might want to look for questionable pictures on Facebook, but GDPR isn't on your side.

>>13016
Fantastic.

>>13015
>(accidentally, perhaps) give that explicit consent
By definition, you cannot accidentally give explicit consent. GDPR is fairly clear that burying it in small print does not count as "explicit consent", and it's also fairly clear that you can't make the process conditional on consent unless it's literally impossible without it. For instance, if you're FCA regulated, then you have to do credit checks on potential employees, and if someone does not consent to a credit check then you quite literally cannot fulfil your obligations. Social media profiles aren't remotely the same.

>>13016
I understand GDPR very well, I've been a nominated DPO and dealt with the ICO on actual live complaints. It's clear you do too (and I read every contract and every T&C as well, we're cut from some of the same cloth lad)

But what is better advice to give people?

- Post whatever you like in a public forum about your sexual deviancy and drug-taking, and when you don't get that job or loan, make a complaint to the ICO and make a second complaint seeking discovery of all the notes the company made about you?

- Don't post contentious things in public, if you don't want people to find them

(As an aside, I recently had to teach an HR department that all notes made during an interview were discoverable). One of these options is the law, but suing a new/potential employer probably isn't going to get you very far, and isn't going to be great for your career at that organisation if you win. The other is just practical advice so that you don't get tied up with this, and probably gets you that job or loan or whatever you really want, while still allowing you to live your own life.

>>13018
This is exactly how it should be, great news and fine work. All we need to do now is stay in the EU.

>>13020
It's okay, GDPR got copied into the Data Protection Act 2018, so still all applies after we Brexit.

>>13019

Also, just don't write 'is a slag on facebook' in the margins of the CVs you're sifting, and you'll probably be fine.

>>13022
One of them was prone to writing "seems like a wanker/cunt" on the CVs after interview. Had to use my best mansplaining patient voice on why this was a bad move.

>>13023

Oh dear.

I just shred the bad ones, not sure I've ever done much more than circle and underline on someone's CV, mostly for that reason.

I did have a spreadsheet with all of the staff I was responsible for complete with descriptions of them and their skills or lack thereof. It was all very diplomatic and not directly offensive, but I kept it encrypted and on a drive on my keyring for a reason. I don't know what HR would have said but it's hard to remember 300 peoples names and faces innit.

>>13025
I have similar - just use codenames when referring to them.

This has been a very enjoyable discussion.

I don't share some other posters idealism about GDPR, and have spent a lot of time with a lot of organisations implementing it. Just because something is illegal, and there are better protections than we used to have, doesn't mean people won't violate your privacy.

>>13019
>I understand GDPR very well, I've been a nominated DPO and dealt with the ICO on actual live complaints. It's clear you do too (and I read every contract and every T&C as well, we're cut from some of the same cloth lad)
As a user of .gs I have a solemn duty to maintain its reputation as a place for pedantic arseholes.

>But what is better advice to give people?
While I don't doubt your good intentions, your example basically comes across as "don't dress provocatively if you don't want to get raped". Your argument seems to be that applicants should not be entitled to expect potential employers to not break the law.

>(As an aside, I recently had to teach an HR department that all notes made during an interview were discoverable)
In a past employer, before GDPR, I was told by HR to document evaluations in copious detail. Don't make any decision or form any opinion on the candidate that you can't write down. Apparently they'd received an ET claim (failed promotion) where the lawyer's arguments included that the panel had taken into consideration things that weren't written down on the interview form, and when HR asked the hiring manager they were unable to unequivocally deny it.

>>13026

Mostly mine was to remember names of foreigners, quite honestly. I'm good with remembering people in general but if I don't see someone for three months I'm not likely to remember that their name is Sachidananda right off the bat, and I think it's a nice little Power Move to never have to ask.

>Just because something is illegal, and there are better protections than we used to have, doesn't mean people won't violate your privacy.

Exactly. I'm quite confident that if I posted a picture of my balls on instagram I couldn't be legally turned down for a job because of it, nor ever have to hear about it from a potential employer, but that doesn't mean I wouldn't be a bit of a lost cause for doing it anyway.

That's what this place is for.

>>13028
>a place for pedantic arseholes
It's what makes us great.

>applicants should not be entitled to expect potential employers to not break the law.
Employers will do the bare minimum to be compliant and plenty of their staff will continue to skirt/break the law. I'm sure eventually someone will be brave enough to challenge the system, even though it will almost certainly ruin their own personal career, and over time case law will be built up that encourages and makes companies to do better, but right now? No.

>>13029
>their name is Sachidananda right off the bat, and I think it's a nice little Power Move to never have to ask

Would work for you. One of my Boss Moves is to always ensure that you learn how they pronounce their own name, rather than conjure up an anglicised version; a tiny bit of showing you care about someone.

>>13031

That's fair, I'm apparently pretty good at mimicking pronunciations and people seem genuinely happy when an english fucker finally says their name right. I've been told quite a few times I really sound like I have a romanian accent when I say one of the many insults I've learned over the years.

Futu-ti mortii matii

>>13016

That's an extremely conservative interpretation of GDPR.

>An external candidate is not an employee, and is therefore not subject to your internal policies. Therefore, you must obtain informed consent before viewing their profile in association with the recruitment process.

Consent is not the only lawful basis for the collection of personal data. Art. 6 gives six grounds, the relevant one being:

Processing shall be lawful only if and to the extent that at least one of the following applies:

(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

If I have a legitimate interest in processing your personal data, I can do so unless my lawful interest is overridden by your fundamental rights and freedoms. If you have chosen to leave your social media settings to "public", you'd have a hard time arguing that you had a reasonable expectation of privacy with respect to that data. The obvious example of lawful collection of personal data without consent is CCTV - if I put up CCTV cameras outside my shop, I don't need to get explicit consent from everyone who walks past but I do need to make sure that the camera isn't peering into someone's bedroom.

>You must inform the candidate explicitly what you're looking for and why, before you do it. If challenged, you must be able to provide a legal basis for doing so.

Ish. Art. 14 states that the subject must be provided with certain information when personal data has been obtained from a third party (Facebook or Twitter are a third party), but Para 3 does not require notification in advance of collection, only notification "within a reasonable period after obtaining the personal data, but at the latest within one month".

>You must access only information that is relevant to job performance. You must not access information that is mostly irrelevant to go fishing for something that might be relevant. Consequently, a profile being publicly visible does not automatically grant consent to view it for the purpose of recruitment.

Nope. Art. 5 (1) (c) states that personal data should be "limited to what is necessary in relation to the purposes for which they are processed", but there's no clear line as to what is necessary or relevant. Several employment tribunals have held that dismissal because of comments made on social media can be fair. If I can lawfully dismiss someone because of what they said on social media, it's reasonable to argue that their public social media activity is materially relevant to my hiring decision and so fair game under Art. 6 (1) (f).

>>13033
>That's an extremely conservative interpretation of GDPR.

I thought the same - too many roughly/probably in there. I think you're spot-on suggesting Legitimate Interest as a basis; people mistakenly think Consent is the only option..

>>13033
>Consent is not the only lawful basis for the collection of personal data.
Correct, but the alternative is "legitimate interest", and the consensus in HR circles is that for personal social media profiles that almost certainly isn't going to fly.

>if I put up CCTV cameras outside my shop, I don't need to get explicit consent from everyone who walks past but I do need to make sure that the camera isn't peering into someone's bedroom.
True, but you do have to put up prominent signage to say that you're recording, complete with contact details for whoever's operating it, and you can't use the images for anything other than "legitimate interests" like crime prevention.

>Art. 5 (1) (c) states that personal data should be "limited to what is necessary in relation to the purposes for which they are processed"
... and quite clearly the contents of personal profiles are not necessary in relation to the purpose of recruitment.

>If I can lawfully dismiss someone because of what they said on social media, it's reasonable to argue that their public social media activity is materially relevant to my hiring decision and so fair game under Art. 6 (1) (f).
No, these are two very different things. The basis for lawfully dismissing someone because of what they said on social media is that you have a policy on social media use which applies to them as an employee and which they have breached. In the circumstances, a breach has been alleged and you have a legitimate interest in verifying whether or not a breach has occurred. A candidate who is not already an employee is not subject to that policy, and therefore that legitimate interest does not arise.

It's a larger topic, outside the context of the this thread - but as we're getting into the weeds of GDPR, perhaps relevant.

A couple of years ago when I started the GDPR journey, I stood in front of a lot of Boards and senior directors of various kinds of organisation, giving them my privacy zealot view that "it was all about Consent" - I tried to convince people that that was really the only and best way, that the entire set of principles had that at its heart; despite that, many of them actually continued with the things they were doing around data collection as Legitimate Interest. I was quite disappointed with that, and that's actually where my lack of idealism about it comes from.

More organisations are using Legitimate Interest than you think; very few are doing clear, unambiguous, informed Consent. As I said earlier in the thread, we need to wait for someone to challenge this and for case law precedent to be set.

The fact that all three of us can't agree, despite clearly having some level of experience with the regulation, shows how ambiguous some of this is. I'm sure the ICO will get the egregious, terrible examples that people complain about, but there is a lot of grey here.

At the last company I worked at, they liked to do things right, not least because they needed a licence to operate and regulatory failings could mean losing it, and the entire business with it.

We workshopped it for a bit with people from HR and legal, and figured that for tech roles we could make an argument of legitimate interest for LinkedIn and GitHub, and possibly the front page of someone's Facebook profile. We concluded that digging into someone's profile was risky, and openly searching for "second-order sharing" (i.e. your posts being re-posted or re-shared) was right out. As a result, the rule was that you could look for that person's name on LI, their alias on GH, and directly searching for them on FB, but simply Googling would be verboten. The senior staff manage to enforce the policy on themselves because they understand the existential threat to the business.

>>13037

>The fact that all three of us can't agree, despite clearly having some level of experience with the regulation, shows how ambiguous some of this is. I'm sure the ICO will get the egregious, terrible examples that people complain about, but there is a lot of grey here.

Until there's more precedent, we just don't know. Clearly some people (>>13016) are taking the cautious route and interpreting the GDPR as broadly as possible to avoid the risk of a breach, while others (a lot of my clients) are sailing as close to the wind as they dare.

The GDPR is broadly a good thing, but I think it's simply naive to expect it to protect you. There's still a lot of legitimate disagreement over exactly how the regulations should be interpreted. Worse, the saga of The Consulting Association shows that a lot of employers are willing to flagrantly disregard the law when it suits them.

It'd be nice if every company were committed to both the letter and the spirit of the GDPR, but that's clearly not the world we live in.

>>13037
The impression I've got is that positive consent trumps all. You could use the alternatives, but everything is so much easier if you just get consent. When it comes to arse covering, the other grounds available to most controllers are bits of paper in various shapes and sizes, whereas consent is a nuclear bunker. If you get your consent process right, a massive heap of complexity is pretty much completely bypassed.

The one organisation I've seen try and do differently is the NHS. Given the circumstances they work in, relying on consent is risky when your patient's first contact might be in an unconscious state.

>>13038

> The senior staff manage to enforce the policy on themselves because they understand the existential threat to the business.

It really isn't an existential threat, although it's convenient that some people believe that it is. The ICO get very grumpy very quickly if you blatantly disregard the regulations, but their default action is simply a stern telling off.

Reading through their history of enforcement shows that they're sensible bordering on soft - the only people getting big fines are persistent pisstakers. The enforcement action against AggregateIQ shows just how far you can bend the regulations without actually getting a monetary penalty:

https://ico.org.uk/media/action-weve-taken/enforcement-notices/2260123/aggregate-iq-en-20181024.pdf

>>13041
>It really isn't an existential threat, although it's convenient that some people believe that it is.
As I said, in that particular case, the "existential threat" comes not from the GDPR itself, but the impact it could have on the company's regulatory approval, without which it cannot operate. Some of the SMT there are cunts, but they still know how their bread is buttered.

>>13035
> and you can't use the images for anything other than "legitimate interests" like crime prevention.
What can prevent me from running facial recognition on the shots and using the resulting data for something as long as I don't get caught?

>>13043

If you don't get caught, you can do what you like. It's the same with shoplifting, or murdering sex workers.

>>13044
Practical reality, innit. If someone's got a gun to your head, no law is going to prevent them from pulling the trigger.

I seem to have missed this thead but I have an Instagram that I wouldn't give to anyone work related (it's basically Judo lads + family) and I have a facebook that I haven't logged into since 2015 and a LinkedIn that I haven't logged into since 2012.

I work in IT and no one has ever asked me for my online presence as part of the interview process. Indeed, if anything being under the radar counts for rather more.