Employers who use Facebook, Twitter and other social media to check on potential job candidates could be breaking European law in future.
An EU data protection working party has ruled that employers should require "legal grounds" before snooping.
The recommendations are non-binding, but will influence forthcoming changes to data protection laws.
Recruitment company CareerBuilder suggests that 70% of employers use social networks to screen candidates.
Its study also found that the same percentage are also using online search engines to research potential employees.
The guidelines from the Article 29 working party will inform a radical shake-up of European data protection laws, known as the General Data Protection Regulation (GDPR), which are due to come into force in May 2018.
Their recommendations also suggest that any data collected from an internet search of potential candidates must be necessary and relevant to the performance of the job.
Peter Church, a technology specialist at law firm Linklaters, told the BBC that the UK already had guidelines on employers' use of social media.
"Demanding passwords or making a friend request is unacceptable, but it is more difficult when it comes to public facing information," he said.
"The general rules are that employers should inform applicants if they are going to look at social media profiles and give them the opportunity to comment. The searches should also be proportionate to the job being applied for."
He added that social network LinkedIn was "fair game" because it was set up as a way of advertising yourself as a potential employee.
Implementation of the GDPR might tighten the enforcement of such guidelines.
"In theory, all employers should be following these basic rules but, in practice, I'm not sure they do. The GDPR might force employers to be a bit more diligent about compliance with the rules," said Mr Church.