There are existing provisions to protect job seekers contained within the General Data Protection Regulations (GDPR) and the Conduct of Employment Agencies and Employment Businesses Regulations 2003 (as amended).
Under GDPR the processing of personal data is generally prohibited, unless it is expressly allowed by law or the data subject has consented to the processing. Consent must be freely given, specific, informed and unambiguous. Job seekers can therefore use these provisions to ensure their personal data is not being used inappropriately for purposes they have not consented to. Should anyone feel that their data has been misused under the provisions of GDPR they can contact the Information Commissioners Office.
The Conduct of Employment Agencies and Employment Businesses Regulations 2003 (as amended) restrict an employment business or agency from using work seekers’ personal information and precludes them from sharing that information with multi-level marketing companies. The Employment Agency Standards Inspectorate investigates complaints of an employment business or agency passing on personal information erroneously.