Every employer would send "We have decided not to continue with your application" once your entry in the database reaches the legally-mandated timeout period.

The part you wouldn't like is the unintended consequences: Every company would be forced to use an ATS to manage applicants, and all hiring would have to be pushed through the ATS. The ATS would have some default timeout where candidates who aren't hired get the e-mail to comply with the law. Nothing is gained because you're not getting real information, but now every company must force you to apply through an ATS portal to make sure every e-mail receives that alert.

I know it's frustrating, but stacking laws like this doesn't get useful information out of companies but it does force the application process to revolve around demonstrating compliance with the regulations.

This does apply to third party background checks, and backdoor references in particular are just one giant loophole in the Fair Credit Reporting Act.

Eightfold AI is getting sued right now for acting as a credit reporting agency -- not just by scoring people, but by gathering data on them in the first place for the sake of reporting to employers.

If you ask a third party business to do run a background check, there are a bunch of responsibilities that triggers -- a right to view what's in the report, a right to know if it's being used against you, a right to dispute what's in it, and even to consent to it being pulled in the first place.

But if some recruiter or hiring manager goes directly to your former or current boss, behind your back, this is somehow not even taken seriously as a problem.