One of the major questions we all have is, are job portals in compliance with DPDP Act and what is the impact of that to your own DPDP Act compliance.
Consent of Candidates:
A candidate applying for a job comes under implied consent meaning you don't have to get the explicit consent of the candidate to process PII data of candidates.
This is great but what if you pull the resume from a portal like Naukri or Monster. The candidate has not deemed to have consent since the candidate did not apply for a job but you still have taken the resume. In this scenario we have to rely on the terms and privacy of the job portal like Naukri or Monster to see if they are allowed to share such a resume. These job portal must have got the consent explicitly from candidates to share the resume else they are in violation and so are you. So I went ahead and registered myself as a candidate and read the terms and privacy.
Below is our findings for Naukri Job Portal:
Positive Aspects:
Clear and Comprehensive:Â The privacy policy appears to be well-structured and provides detailed information about data collection, usage, sharing, and security practices.
User Consent:Â The policy emphasizes obtaining user consent for data processing, which is a crucial aspect of compliance with data protection laws.
Below is screen shot from Naukri where they take consent from candidates to share data with recruiters.
Data Security Measures:Â The policy outlines various security measures implemented to protect user data, including physical, electronic, and procedural safeguards.
Data Retention:Â The policy addresses data retention periods, indicating that personal information will not be retained longer than necessary.
User Rights:Â The policy acknowledges user rights, such as the right to access, rectify, erase, and restrict the processing of personal data.
Potential Areas for Further Scrutiny:
Third-Party Data Sharing:Â The policy mentions sharing data with third-party service providers and advertisers. It's important to ensure that such sharing is done in compliance with data protection laws and that appropriate safeguards are in place. It doesn't seem to show the users who have accessed the resume and how to withdraw consent which seems to be a violation of the act.
Cross-Border Data Transfers:Â If Naukri.com transfers personal data to countries outside India, it's crucial to assess whether adequate safeguards are in place to protect data privacy and security.
Cookie Usage:Â The policy discusses the use of cookies and other tracking technologies. It's important to ensure that cookie usage is transparent and complies with relevant regulations.
Data Breach Notification:Â The policy should outline procedures for notifying users in case of a data breach, as required by applicable laws.
Compliance with DPDP Act:
Based on the provided excerpts, Naukri.com appears to have taken steps to address key data protection principles. It's essential to stay updated on the specific requirements of the DPDP Act and ensure that the privacy policy is continuously updated to reflect any changes in regulations.
Comments