Can an employer google me or check my social media before hiring?
Verdict: Limited — job-relevant, transparent, no friend requests
A quick look at your public LinkedIn: tolerated. Systematic trawling of your private life, fake-profile snooping, or silent rejection based on your holiday photos: violations with names.
Screening applicants is processing personal data — Art. 6 applies, and employee-context consent is worthless, so employers must lean on legitimate interest and pass the balancing test. What regulators accept: looking at professional, public profiles (LinkedIn) where relevant to the role, proportionate and disclosed — data-protection guidance across Europe (building on the old Art. 29 Working Party opinion on data processing at work) expects candidates to be told screening happens and shown adverse findings before they sink an application. What crosses the line: logging into platforms to view private profiles, friend/follow requests to peek behind privacy walls, buying background dossiers without a legal gate, judging protected traits (politics, religion, health — Art. 9 territory), and keeping screening files on the silently rejected. Your rights in the process: an access request to a company that rejected you covers interview notes and screening records — a strong move when you suspect the reason was your private life. Rejected-applicant data has short lawful shelf lives (see how long they may keep your CV). Practical self-defence: assume public content is read, lock down what should not be, and separate professional from private handles.
Verified against the sources above on 18 July 2026. Information, not legal advice.