How likely is it that bosses will suddenly refrain from checking the social media profiles of potential recruits or existing staff? According to the most recent clarification of EU privacy law, employers can't look at the Facebook, Instagram or Twitter accounts of employees.

Or rather, they can look. But they can't take the contents of the posts into account except in strictly-defined work-related circumstances. The same goes for existing staff.

This was confirmed by an opinion from the 'Article 29' working group of European data protection authorities. And what they say usually goes.

Predictably, Irish employers are crying foul. Some say that EU data privacy law forbidding social media checks on employees is "unworkable".

"It isn't hard to see where a prudent employer might find some information on objectionable, questionable or unlawful views or practices or activities of a potential employee online and be potentially held liable for them later," said Neil McDonnell, chief executive of the small business group ISME.

"Take a truck driver. If that person posts photos of themselves getting drunk the night before a job, isn't that relevant? Because if the employer sees that but they don't act on it, they're sure to be liable in the case of an accident."

The rules do allow for some social-media monitoring of staff, such as in the case of checking sites like LinkedIn to make sure that former personnel aren't employed by rivals after signing non-compete clauses. Similarly, if a person applying for the position of a specialised marketing assistant regularly uses their social media profile as a 'vlogging' platform, this might logically be looked at by a prospective employer.

But in general, the social media monitoring ban is a restating of the law that will hit employers like a cold wind.

"Employers should not assume that merely because an individual's social media profile is publicly available they are then allowed to process those data for their own purposes," said the guidance statement from Europe's 'Article 29' working party. "A legal ground is required for this processing, such as legitimate interest."

Just in case there was any doubt as to its application in Ireland, a spokeswoman for the Irish Data Protection Commissioner, Helen Dixon, affirmed the rules' validity here.

"Simply because a profile is public does not mean that a prospective employer is entitled to view it," said the spokeswoman, who added that Ireland is part of the 'Article 29' working group.

Will employers pay much heed to this?

Big corporations may have to, with more accountability and potential audit trails facing them.

But what about small companies? How likely is it that bosses in small firms or startups will refrain from doing discreet searches on smartphones or non-work PCs?

Employer representatives openly question the practicality of the rules.

"I don't believe we have yet got to a point of fair and reasonable balance between the right to employee privacy and the civil responsibility of the employer," said ISME's McDonnell.

A spokeswoman for Ibec, the employers' group, said that the organisation was "examining" the rules.

Clearly, the data privacy law is trying to guard against is a situation where company bosses decline to hire someone because of a political opinion or a lifestyle the person may have which has no bearing on their work competence.

With social media activity reaching ubiquity among adults under 40, there has never been so thorough a climate for investigating every aspect of a person's character publicly online.

Indeed, many companies even boast about how they are obsessed with recruiting people that "fit" their "values". Clues as to a job candidate's character often extend to questions about out-of-work interests. Research into new recruits is getting deeper and deeper.

This is especially so in tech companies, which idealise a type of job candidate right down to their likely personal interests.

"People are perfectly entitled to have a private life," said Daragh O'Brien, founder of data privacy specialist firm Castlebridge. "Employers who are snooping on staff through social media today are running a risk unless they have clear disclosure policies."

O'Brien thinks that if bosses cavalierly ignore such interpretations of EU privacy law, they leave themselves open to significant legal action from employees.

"I would expect to see aggrieved staff sending access requests looking for disclosure on data processed about them, including around who visited their LinkedIn or Facebook pages," said O'Brien. "It works both ways."

Lest anyone forget, the EU's long-awaited General Data Protection Regulation (GDPR) law next May is set to harden data compliance fines and penalties for employers. Under the new law, fines of up to €20m or 4pc of a company's annual revenue can be administered by the Irish Data Protection Commissioner.

There are other bits of interest in the new rules, too.

The Article 29 guidance says that potential employees cannot be required to "friend" the employer online for the purposes of a social media search. And staff cannot be required to use a work-associated social media profile as their default presence online, even if their job is as a spokesman for the organisation.

It's the first time that a set of work-related social media demarcation rules has been so clearly enunciated.

But among the thousands of small firms around Ireland, this seems like a long road to full compliance.

Ireland is not known as a country of particular transparency. Company bosses may think that a discreet search on a smartphone about a potential recruit will never be discovered. So while the new rules represent a noble aim (and, now, the law), it's another question as to whether they will actually be observed.

Sunday Indo Business