Recruitment, how automated should you get? Part 1
Basic considerations
Employers looking for efficient automated solutions in the recruitment sphere will have no trouble finding software vendors at the click of a button. It’s an attractive method to conduct the recruitment process although legally there are risks an employer should be aware of. Several leading recruitment platform providers have sat in the spotlight recently and iTutorGroup agreed a sizeable out of court settlement for alleged age discriminatory algorithms.
In this three-part blog series, we’ll explore some of the legal and vendor risk management aspects that employers should be aware of.
What is automated decision making?
In a nutshell, automated decision-making is the process of deciding by automated means without any human involvement. In a recruitment context, automated solutions can range from sourcing to onboarding and everything in between. Employers might choose to automate most of the end-to-end process and automated screening interviews are possible too.
Is it legal?
Yes, and no. Technology, like humans, is prone to error and there must be a balance between tech and human input. The UK GDPR and the Data Protection Act 2018 have provisions in place to promote and enforce this balance to protect the privacy rights and freedoms of individuals.
- A recruitment process even without any automation involved will be governed by those provisions, and depending on the scope of operations, may also fold in extra-territorial privacy laws.
- Automation brings another layer of the legislation into scope and, as a rule of thumb, solely automated decision making without any meaningful human involvement is prohibited where it results in legal or similarly significant effects on people, with only a few exceptions. The UK Information Commissioner is specific in his guidance that a decision around “shortlisting a candidate, recommending them for interview, rejecting or promoting them” will fall within the meaning of legal or similarly significant effect.
- Profiling usually accompanies automation because it involves the analysis of a person’s abilities, skills, personality, behaviour, and interests etc for automation to occur. Profiling is also governed by specific data protection legal provisions.
The price on efficiency
The Information Commissioner’s range of powers includes the ability to impose fines of up to £17.5 million or up to 4% of annual turnover (in the most serious cases), the ability to issue public reprimands, and the ability to prohibit an organisation from continuing with specific processing. Additionally, organisations can face rights requests and judicial claims from individuals for alleged breaches of the UK GDPR and Data Protection Act 2018. Employment, equality, and human rights laws may also be brought into scope. Mills and Reeve LLP can provide advice, training, and process guidance in this area.
Top tips when approaching automated processing in recruitment
- Ensure ‘human intervention’ is meaningful. The ICO has issued specific guidance on what constitutes meaningful human input in its guidance on automated decision making and profiling.
- If deploying solely automated decision making and profiling for recruitment purposes by relying on an exemption, ensure that the exemption properly applies, and that staff understand how to provide for and respond to individuals’ rights.
- Carry out a risk assessment to assess the impact of the algorithms involved on individual rights and freedoms. This is a legal requirement for most automated processes in the recruitment field. The UK GDPR 2018 sets a standard on the content and outcome of the risk assessment.
- Be mindful of the AI capability deployed, its configurations and level of development. Whilst fantastic from an efficiency perspective, legally, walking on air can quickly lead to walking in treacle. Many software packages are capable of video answer analysis, facial recognition, and speech analytics, but these configurations bring increased data protection risk to the table. HR and procurement teams may not be aware of how these options impact risk, and legal scrutiny is essential.
- Be mindful of emerging legal provisions in this area.
Tune in to parts two and part three of this blog series for vendor and legal risk management insights.
Our content explained
Every piece of content we create is correct on the date it’s published but please don’t rely on it as legal advice. If you’d like to speak to us about your own legal requirements, please contact one of our expert lawyers.