The EU's Article 29 Working Party has published a guidance opinion document outlining how it thinks employers should review social media accounts belonging to employees or potential employees. The answer is – sparingly if at all. The document clarifies responsibilities under the new General Data Protection Regulation (GDPR) that will take effect in May 2018.
The document recommends that employers should only inspect the accounts of prospective employees if there are legal grounds for doing so. They should consider if the account is meant for personal or business purposes and only review information relevant to job performance. No prospective employer should force a potential employee to 'friend' a recruiter, or make their profiles public.
"...employers should not assume that merely because an individual's social media profile is publicly available they are then allowed to process those data for their own purposes. "
The guidelines are available as a PDF which includes a number of sample scenarios to inform employers regarding their data protection responsibilities.
Source: Endgadget.