[just_madhu]

This is relevant, but not really sufficient to prevent employers from accessing Facebook accounts. Employers that get "permission" from employees or candidates to access a social media account can (likely successfully?) argue that they are proxy for the account owner.

We've seen something very similar in the discussions around data rights when people die-- family who inherit passwords are unlikely to be sued where there is explicit permission granted-- because they are not "impersonating" anyone.

What could to prevent this is if requests in this manner can be considered coercion or duress-- automatically disqualifying contracts with language requiring disclosure of private passwords, and penalizing parties that try to include similar clauses.

I'd love to cite some cases, but have to run (I do appreciate the legal thoroughness!)