Using Public Data Responsibly

Recruitment today depends on data. Whether through retained search, RPO, or contingency models, the ability to identify and engage the right candidates relies heavily on publicly available information. Platforms like LinkedIn have become the backbone of global recruitment — few recruiters would claim to work without it. If they do, they are using X-ray or some other means to get the same information.

But LinkedIn is just one source. Recruiters also rely on enrichment tools, such as those providing business contact details (emails, phone numbers), to help them reach out in a compliant and professional way. Well-known providers like ZoomInfo (a listed company), Lusha, Apollo, and RocketReach show how widely these services are used across the industry.

Why Compliance Matters

The use of public data in recruitment is not without risk. In recent years, there have been high-profile cases of litigation where providers were found to have scraped data or gathered information in ways that breached platform terms of service. A notable example is the LinkedIn vs HiQ Labs case in the United States. While the legal arguments centred on how the data was accessed, the broader lesson for recruiters is clear: be selective about your providers and ensure their practices meet compliance standards.

Recruiters should only use vendors that operate transparently — whether through licensed APIs or direct data purchase agreements — rather than unverified scraping. Not only does this protect candidate privacy, it also reduces legal and reputational risks for agencies and their clients.

GDPR and Legitimate Interest

For recruitment businesses operating internationally, the General Data Protection Regulation (GDPR) in Europe sets an important benchmark. One of its key principles is legitimate interest. Recruiters can hold and process candidate data if it is necessary to consider whether an individual may be suitable for a role, provided this is done in a fair, transparent, and proportionate manner.

In practice, this means:

• Collect only what is necessary to evaluate professional fit.

• Store data securely and avoid retaining it longer than needed.

• Be transparent with clear privacy policies and data use statements.

• Seek consent once contact is made and before sharing personal information with clients.

This balance — legitimate interest before engagement, consent after engagement — allows recruiters to work efficiently while respecting candidate rights.

Secure Data Storage

Data security is just as important as data collection. At TalentHub, all data is encrypted both within the platform and in transit. When we use AI, we do not send data to public ChatGPT systems where it might be used for training. Instead, we work exclusively through secure APIs with providers such as OpenAI, which means the data is processed without being shared for model training.

Candidate and client information is hosted on enterprise-grade cloud infrastructure with Amazon Web Services (AWS) and Google Cloud Platform (GCP). Data is stored in the data centre closest to its source whenever possible — for example, in New Zealand, the closest AWS region is Sydney, though new local data centres are being established. This ensures that data remains close to its subjects, in line with best practice.

As regulations evolve, we continue to monitor compliance changes and adapt our infrastructure accordingly. Building on globally recognised cloud leaders ensures that the platform remains secure, scalable, and trusted by all users.

Our Approach

At TalentHub, we work with trusted third-party providers to enrich public data responsibly. We use either approved APIs to gather individual profile data or licensed datasets purchased from vendors in specific regions. We also implement policies that align with GDPR standards, supported by our Privacy Policy, Terms of Service, and Acceptable Data Use Policy published on our website.

This approach ensures that our platform is not only effective for recruiters, but also respectful of candidate privacy and compliant with international standards.

Conclusion

Public data is an essential part of recruitment, but it comes with responsibility. By choosing compliant providers, applying GDPR principles such as legitimate interest, and embedding transparency and security into our platform design, TalentHub ensures that data is used fairly and safely.

For candidates, this means confidence that their data is secure. For clients, it means the assurance that confidential information is handled with care. And for recruiters, it means access to powerful tools without compromising on compliance.

Recruitment has always been about relationships. Data simply provides the starting point — what matters most is using it responsibly, fairly, and with respect for the people behind the profiles.