Job Platforms Steal Personal Data: What's Happening?

What Happened?

An investigation by TechRadar has revealed that multiple job search platforms are collecting personal data from applicants and selling it to third parties without their explicit consent. The report details that these platforms gather sensitive information such as full names, email addresses, phone numbers, detailed work history, educational background, and even biometric data like photos or fingerprints when required for identity verification. This data is marketed to marketing companies, external recruiters, background check agencies, and in some cases, scammers who use it for phishing or identity theft.

The investigation points out deceptive techniques used by these platforms: hidden consents in lengthy and confusing terms and conditions, forms requesting excessive permissions (such as access to contact lists or GPS location) under the guise of useful features, and pre-checked boxes authorizing data sharing with third parties. Experts consulted by TechRadar warn that “there are real risks associated with these sites” and that users are often unaware that their information is being commercially exploited.

This phenomenon is not entirely new, but its scale is alarming. According to data from cybersecurity firm Digital Shadows, in 2022 more than 15,000 credentials from job platforms were detected on the dark web, many obtained through scraping or internal sales. TechRadar's investigation suggests that deliberate data sales by the platforms themselves may be even more common than external cyberattacks.

Why Is It Important?

The leak of personal data on job platforms is not an isolated incident. In 2021, LinkedIn suffered the exposure of data from 700 million users (approximately 93% of its base at the time) due to scraping, leading to a fine from the European Union for GDPR violations. Indeed, for its part, has faced multiple class-action lawsuits in the U.S. over deceptive practices related to data collection and posting fake job offers. However, the key difference here is that this is not an external cyberattack but a deliberate internal practice by the platforms themselves, making it harder to detect and regulate.

For job seekers, the consequences are severe. Their information can be used for phone and email spam, personalized phishing campaigns (where scammers know details of work history), identity theft to open bank accounts or apply for credit, and even job discrimination if the sold data reveals protected information such as age, gender, or union affiliation. Additionally, selling data to recruiters can result in unsolicited offers or inclusion in unwanted mailing lists, saturating the candidate with irrelevant opportunities.

From a market perspective, this practice undermines trust in the online job search ecosystem. According to a 2023 Pew Research Center survey, 64% of Americans have used digital platforms to look for work, but 79% express concern about how companies use their personal data. If this distrust deepens, there could be a shift toward traditional methods (such as networking or physical agencies) or toward emerging platforms that offer greater transparency and data control.

What Consequences Will It Have?

In the short term, we are likely to see an increase in complaints and class-action lawsuits against these platforms. The U.S. Federal Trade Commission (FTC) has already fined companies like Facebook $5 billion for data misuse and could impose similar penalties on job sites if they are found to violate Section 5 of the FTC Act, which prohibits deceptive business practices. In Europe, the General Data Protection Regulation (GDPR) allows fines of up to 4% of global annual revenue and gives users the right to request deletion of their data (right to be forgotten).

Additionally, we may see greater regulatory pressure globally. In 2024, the European Union is debating the Artificial Intelligence Act, which could include provisions on the use of biometric data in job platforms. In California, the California Consumer Privacy Act (CCPA) already allows residents to opt out of data sales and could serve as a model for other jurisdictions.

In the long term, trust in online job platforms could erode significantly. A study by consulting firm Gartner predicts that by 2025, 30% of large companies will implement “privacy by design” policies in their recruitment processes, which could include using platforms that do not sell data. Tech companies in the sector, such as Indeed, LinkedIn, and Glassdoor, will need to invest in transparency (e.g., publishing transparency reports on data use) and security (such as two-factor authentication and end-to-end encryption) to regain lost credibility.

However, there is a risk that small platforms that rely on data sales as a business model may disappear or become even more opaque. This could concentrate the market among a few large players, reducing competition and options for users.

What Should Readers Know?

• Review permissions: Before registering, read the privacy policy and check what data they request and how they will use it. Pay special attention to sections on “sharing with third parties” and “data sales.”
• Use minimal data: Provide only the information necessary to apply; avoid sharing social security numbers, identity documents, or bank details unless strictly required and on a trusted site.
• Be wary of suspicious offers: If you receive unsolicited job offers that seem too good to be true, it could be a phishing attempt. Always verify the recruiter's legitimacy through official channels.
• Exercise your rights: In countries with data protection laws (GDPR in Europe, CCPA in California, LGPD in Brazil), you can request platforms to delete your information or inform you what data they hold about you.
• Use privacy tools: Consider using disposable email addresses or data masking services (like Apple’s Hide My Email) when registering on job platforms.

“Our investigation suggests there are real risks associated with these sites,” says the TechRadar team. “Applicants should be aware that their data may be being commercialized without their consent.”

Conclusion

The practice of stealing and selling personal data by job platforms is a real and growing threat to user privacy. While authorities do not act firmly, the responsibility falls on each applicant to protect themselves through digital education and demanding transparency. History shows that after scandals like Cambridge Analytica, regulation can tighten, but the cultural shift toward greater privacy awareness is equally crucial. In an increasingly digitalized labor market, protecting personal data is not just a right but a necessity to avoid abuse and discrimination.