Asking for Facebook passwords a violation of human rights: Commission

TORONTO – Canadians may not need to worry about potential employers asking for their Facebook passwords as the practice could be in violation of multiple federal and provincial privacy acts.

Global News.ca spoke with David Goodis, Director of Legal Services, Information and Privacy Commissioner of Ontario, who said asking for a Facebook password could find the employer in violation of the Personal Information Protection and Electronic Documents Act (PIPEDA) and the Ontario Human Rights Code.

Once an employer obtained a Facebook login, they could have direct access to information such as race, religion, or sexual orientation; information which is illegal to collect during the hiring process due to the Human Rights Code. 

Whether or not the employer chose to look at that information wouldn’t matter; it would still put them at risk of violating the Human Rights Code, says Goodis.

The Ontario Human Rights Commission has spoken out about the issue on their Facebook page, solidifying the fact that password sharing is a direct violation of the province’s human rights code. 

“OHRC believes employers should not ask job applicants for access to information stored on social media or other online sites and that doing so could leave an employer open to a claim of discrimination under the Code,” said the Facebook post.

The commission refers to section 23(2) of the code, which prohibits an employer from asking for any information regarding race, religion or disability that would slant an employer’s opinion of the applicant. 

According to Goodis, by asking for any private login information, the employer could be collecting more information than is needed to hire a new employee.

Another concern with this practice is that you are not just opening your Facebook profile, but those of your friends. This means your boss-to-be would have access to information from other people’s profiles that you didn’t have permission to hand over. 

“In Ontario there is a tort of ‘intrusion upon seclusion’ that says that if you invade someone’s privacy without lawful justification, then the employer would be committing a tort. The applicant could seek damages in an Ontario court if they felt that their privacy was invaded without just cause,” said Goodis.

The court defines ‘intrusion upon seclusion’ as the defendant acting in an intentional or reckless way, invading the plaintiff’s private affairs without justification, resulting in offence or humiliation. 

Facebook is now threatening legal action against any employer who asks for an applicant’s login information, as it is a direct violation of the user’s agreement with Facebook.
Yet these recent cases of companies asking employees to hand over their passwords have some wondering, is there any privacy from your employer if you join an open network site?

“When you create a Facebook page you willingly enter into an agreement with Facebook. In some respects no, you do not have complete privacy because you are creating a public page; however you have the site’s privacy settings to change to fit your desired level of security. To say that when you join Facebook you give up all privacy, I don’t think we would agree with that – I don’t think that Facebook would agree with that,” said Goodis.

Correction: 

Canada’s federal private-sector privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA), has very limited application in the employment context. 

In terms of employee information, PIPEDA only applies to federally regulated organizations – for example, banks or telecommunications companies. Currently, the law does not specifically refer to people applying for jobs at those federally regulated organizations. Proposed legislation before Parliament (Bill C-12) proposes to amend PIPEDA to include prospective employees in that context.