An audit by personal data removal company Incogni found that 90% of job search and networking platforms sell user data, including resume contents, cover letters, and other uploaded applicant documents, to third-party businesses. ZipRecruiter, LinkedIn, Monster, SimplyHired, and Indeed ranked as the five highest-scoring platforms on what Incogni called a “privacy damaging score.”

The audit evaluated 17 criteria across data collection, sharing, tracking, and documented privacy violations. A companion survey of 1,000 job platform users found that 37% believed job sites share their information only with potential employers. That misconception has serious implications for small businesses that rely on these platforms for hiring.

A separate 2024 academic study examining 16 job-search websites found that 87.5% leaked user activity to third parties. Google and Meta were the most common recipients, appearing on 12 of the 16 sites studied. Together, the findings suggest this is not an isolated issue but an industry-wide practice. For small employers, every job posting, candidate record, and recruiter account credential becomes part of a data ecosystem that extends far beyond the hiring process itself.

Platform Data-Selling Practices Extend Beyond Advertising

Incogni’s analysis ranked platforms based on privacy risks tied to data collection, sharing, tracking, and prior transgressions. ZipRecruiter received the highest privacy-damaging score, followed by LinkedIn, Monster, SimplyHired, and Indeed.

The data being shared is far more valuable than simple browsing behavior. It includes resumes and cover letters containing home addresses, employment histories, educational credentials, professional references, salary expectations, and sometimes even immigration status. Most applicants and employers consider these documents confidential hiring materials, not assets to be monetized.

The 2024 academic study reinforced these concerns. Researchers found that private-sector job sites shared personal information with an average of 5.3 third-party services per platform. One site transmitted user data to nine separate outside companies.

Privacy experts point to a common loophole in industry language. Many platforms claim they do not “sell” user data while simultaneously allowing hundreds of outside entities access to detailed user profiles through broad consent agreements. While this distinction may affect regulatory classifications, it does little to change how the practice functions in reality.

A related 2025 study of 16 gig-work platforms found that 15 shared personally identifiable information with unrelated third parties. Fourteen shared users’ full names, 12 shared email addresses, and two shared reversible hashes of Social Security numbers. The findings demonstrate how widespread data monetization has become across employment-related platforms.

“Almost 40 percent of recent job seekers said they never delete the profiles they create on job-search platforms. With over 34 percent of respondents saying they uploaded their details to more than two platforms, that’s a lot of data in the hands of these platforms.”

This accumulation effect means applicant data continues to grow across multiple platforms, many of which share information with overlapping networks of third parties. The Incogni survey also found that nearly 25% of respondents could not remember how many accounts they had created or what information they had uploaded. That suggests the risks are not only widespread but largely invisible to the people most affected.

Small Employers Face Greater Risk

Large enterprises working with LinkedIn Talent Solutions or Indeed’s managed services can negotiate data-processing agreements, audit rights, and deletion requirements. Small businesses using standard self-service accounts have no such leverage.

Terms of service are generally non-negotiable, and critical data-sharing disclosures are buried within privacy policies that many users never fully read. Incogni’s survey found that 50% of respondents either skim or completely skip privacy policies. For most small employers, this lack of bargaining power is simply part of the hiring process.

The financial exposure can be substantial. Consider a small company that posts ten jobs annually and receives 50 applications for each opening. That business would collect approximately 500 detailed personal records every year. Based on Incogni’s findings, much of that information is likely shared with multiple third-party services as a condition of using the platform.

If even a small portion of those records is later exploited in fraud schemes, the costs can add up quickly. AI-powered fraud increasingly relies on leaked applicant and employee information. According to the Identity Theft Resource Center, notification and response expenses alone can average several hundred dollars per compromised record. For a company conducting a moderate hiring campaign, remediation costs could easily reach tens of thousands of dollars.

The risks extend beyond applicants. Employer accounts often contain billing information, compensation data, internal job descriptions, and integrations with applicant tracking systems. Small businesses that outsource recruiting through third-party HR platforms are effectively transferring both hiring responsibilities and privacy risks to vendors whose revenue models may depend on extensive data sharing.

Candidate Awareness Is Growing

Perhaps the most important finding from the Incogni survey is the growing gap between what candidates believe and what is actually happening with their data.

Today, 37% of respondents still believe job platforms share information only with employers. Nearly 25% do not consider resume details particularly sensitive. However, increased media attention, breach notifications, and expanding privacy regulations are likely to change that perception.

As awareness grows, employers that rely heavily on platforms with extensive data-sharing practices may face a trust challenge during recruitment. Candidates who become concerned about privacy may think twice before applying or accepting offers through those channels.

Regulatory pressure is also increasing. European regulators have expanded enforcement actions against companies that use personal data for advertising, profiling, or other purposes beyond the original service context. These concerns align closely with the practices documented by both Incogni and academic researchers.

In the United States, privacy laws in California, Virginia, Colorado, and several other states now grant residents the right to opt out of data sales. Multiple state attorneys general have launched investigations into data broker practices that resemble the sharing models used by many employment platforms.

Pam Dixon of the World Privacy Forum has warned that job seekers face “a considerable risk of having their confidential information improperly sold, shared or used for profiling purposes.” She first documented these concerns in a 2006 study of 45 major employment websites and has continued tracking the issue as digital tracking systems have become increasingly sophisticated.

Understanding how digital platforms generate revenue through data partnerships helps explain why many job boards have built similar sharing arrangements into their business models.

Indicators to Watch

FTC enforcement actions targeting employment platform data practices
The Federal Trade Commission has increased scrutiny of data brokers and companies that repurpose consumer information without meaningful consent. Any enforcement action against a major job platform would establish an important precedent for employers evaluating vendor risk.

State privacy law compliance developments
Organizations such as the International Association of Privacy Professionals (IAPP) and the Future of Privacy Forum track state privacy legislation. Expansion of opt-out rights into large small-business states such as Texas, Florida, and New York would directly affect recruiting platforms and candidate data practices.

Future Incogni and academic audits
Both the Incogni report and the 2024 academic study provide snapshots of current conditions. Future audits will reveal whether public pressure or regulatory scrutiny leads platforms to change their behavior.

SHRM and NAPEO vendor-risk benchmarking
The Society for Human Resource Management and the National Association of Professional Employer Organizations periodically assess HR technology practices. New data on privacy audits and vendor due diligence among small employers would help quantify the risks highlighted by the Incogni findings.

Privacy policy revision trackers
Services such as Terms of Service; Didn’t Read monitor changes to platform terms and privacy policies. Updates that expand data-sharing permissions on any major recruiting platform could signal a meaningful shift in risk exposure.

FTC data broker rulemaking
The FTC’s ongoing commercial surveillance and data security rulemaking could significantly reshape how employment-related data is collected, shared, and sold. Any final rules that include or exclude employment data will help define the legal boundaries of platform data monetization for years to come.

Final Considerations

Incogni’s audit was designed to measure the prevalence of data-sharing practices, not to calculate the exact financial or legal consequences for individual employers. As a result, several important questions remain unanswered.

The impact on any specific business depends on factors such as the agreements between platforms and their partners, the effectiveness of state privacy laws, and how quickly candidate awareness evolves.

Still, the evidence is difficult to ignore. Both the Incogni audit and independent academic research found that the vast majority of employment platforms engage in extensive data sharing. While the precise timeline for legal, reputational, or operational consequences remains uncertain, the findings provide a strong reason for employers to examine their recruiting vendors, data-retention policies, and privacy practices more closely.