🇨🇭 Headquartered in Geneva · Data hosted in Swiss data centers

Blog/Compliance
Compliance

Public Data Only: The Ethical and Legal Framework Behind Responsible Employee Screening

Premtrace Research Team · Geneva, Switzerland
·March 28, 2025·7 min read
All articles
Share on LinkedIn

The ethical foundation

Employee digital screening raises legitimate privacy concerns. The question isn't whether those concerns are valid — they are — but how a responsible screening framework addresses them. The answer lies in a single principle: public data only.

What "public data only" means

Premtrace, like any responsible employee screening platform, processes exclusively publicly available information. This means:

  • Social media content posted with no privacy restriction (public accounts, public posts)
  • News articles, press coverage, and public media mentions
  • Public records: company register entries, court records, official sanctions lists
  • Open web content accessible to any user without authentication

What it explicitly excludes

  • Private social media accounts or posts visible only to connections/followers
  • Any content requiring login credentials to access
  • Data obtained by circumventing access controls
  • Any content not indexed by public search engines

The legal basis under nFADP and GDPR

Under both the Swiss nFADP and EU GDPR, processing publicly available personal data for legitimate compliance purposes is permissible under the legitimate interest legal basis. The key requirements:

  • The interest pursued must be legitimate (employer compliance monitoring — yes)
  • The processing must be necessary for that purpose (screening public data for conduct risk — yes)
  • The legitimate interest must not be overridden by the fundamental rights of the data subject

The balancing test

On the third requirement: when an individual voluntarily publishes information publicly, the expectation of privacy in that information is substantially reduced. Courts and data protection authorities in Switzerland and the EU have consistently confirmed that processing voluntarily disclosed public information for proportionate compliance purposes satisfies the balancing test.

The employer's legal obligations

Employers conducting digital screening must:

  • Establish and document a legal basis before screening any individual
  • Ensure screening is proportionate (not screening irrelevant platforms or data)
  • Inform employees that public digital screening may be conducted (data subject information obligations)
  • Retain data only as long as necessary
  • Not use findings to discriminate on protected characteristics

Conclusion

Responsible employee digital screening is not surveillance. It is compliance. When conducted transparently, proportionately, and limited to public data, it is both legally sound and ethically defensible. The alternative — ignoring publicly visible employee conduct — is increasingly indefensible.

All Premtrace screening is limited to publicly available information. We never access private accounts or restricted content.

Explore Premtrace — Swiss employee digital risk screening.

Built for regulated institutions. Swiss-hosted. nFADP & GDPR compliant.

Start Free Pilot →

Related articles

Compliance

Why Swiss Jurisdiction Matters for Employee Screening in Regulated Industries

April 7, 2025 · 6 min read

Regulatory

The Compliance Gap: Why Regulated Industries Are Overlooking Employee Digital Risk

April 3, 2025 · 5 min read