The aim of this interdisciplinary paper is to study the social reality surrounding the data processing practices employers and employees engage in on social networking sites (SNS). Considering the lack of empirical studies, as well as the considerable uncertainty in the way personal data protection is implemented across the European Union (EU), the paper offers insights on the topic. Qualitative text analysis of semi-structured interviews with employers from the service sector (N=10) and the field of media and communication (N=15), as well as employers from organisations which had experienced various problems due to things their employees had posted on social media (N=14), and employees from the financial sector (N=15) were carried out to explore whether the data protection principles, which can be viewed as the most important guidelines for employers in the EU, are actually followed in their everyday SNS data processing practices. Even though the data protection principles emphasise the need for fair, purposeful, transparent, minimal and accurate processing of personal data, our interviews with employers and employees reveal that the actual SNS processing practices rarely live up to the standards. Our findings indicate that there is a growing mismatch between the social reality and legal requirements regarding data subjects.