In a job application process, many personal data of applicants are processed. The applicant himself provides information in his cover letter or video and resume, but much more data is often processed. Consider notes taken during or after a job interview or screening of applicants.
Information about an applicant is also often obtained through google and social media. Because such inquiries can be very invasive of the applicant's privacy, strict conditions apply. My colleague Véza Vos previously wrote a blog about the conditions that apply to googling job applicants.
In this blog, I reflect on two other privacy issues in the application process: applying by video and retention periods.
More and more employers are asking an applicant to apply by video instead of by letter. Apps have been developed that can be used, but sometimes such an application is also done via Skype. Through the images, employers often already get a good impression of the applicant, perhaps earlier than through a cover letter. However, an employer must be careful with this. With video applications, so-called special personal data can be processed, such as information about race, health and religion. If a job applicant wears certain clothing because of his religion, it can be deduced from the images on the video what his religion is. The footage may also show whether an applicant has a visible disability. Such special personal data may be processed during the job application only with the applicant's consent. To prevent an employee from feeling compelled to give consent, he must be given the option to also apply in another way, such as by letter, and it must be made clear that choosing one or the other option will not have negative consequences for the applicant. Thus, while employers may ask an applicant to apply via video, they may not require it.
Application data (cover letters, resumes, notes, etc.) may only be kept for a short period of time. If an applicant is not hired, the application data must be deleted no later than four weeks after the end of the application process. Only if an applicant gives permission may the data be kept longer. This may be the case, for example, if another vacancy may arise at a later date. But even in that case the data may not be kept indefinitely. The basic principle is that the data is then deleted after one year.
Employers would be wise to develop a policy, if they do not already have one, detailing how to handle job applicants and the data obtained. In doing so, do not forget to submit the policy to the Works Council. After all, pursuant to Section 27(1)(e) of the Works Councils Act, the employer needs the consent of the Works Council in order to adopt, amend or revoke an appointment policy.
This article can also be found in the Privacy in the Workplace file
