Technological advances are helping many employers to monitor their workforce in increasingly sophisticated ways, whilst at the same time, public attitudes towards individual data privacy are hardening. Two important drivers of these changes came to a head in 2018 – the advent of the General Data Protection Regulation (GDPR) in Europe and the public’s changing perception towards the way certain social media outlets, such as Facebook, handle privacy. The effects of these developments are coming into sharp focus in workplaces worldwide with indications that employees are becoming less likely to accept unwarranted or unexplained intrusions than ever before.
In light of this, Ius Laboris, the world’s largest global HR and employment law firm alliance, recently carried out extensive research, which provides guidance on the rules on monitoring in the workplace across 41 countries, and examines how the law is coping with the growing tensions between new technologies and the strengthening of privacy rights. This article focuses on how global awareness of data privacy issues has grown immensely, in a way that impacts the workplace and examines data privacy awareness amongst employees and employers considering the many emerging technologies and their impact.
In Denmark, employees are increasingly interested in what data their employers hold about them. In Hong Kong, there is an increase in data access requests from employees, indicating a growing awareness of their rights. The same is true in many larger EU countries, but also in smaller ones, such as the Czech Republic, Romania and Hungary.
In Poland, although employees are used to having their emails and internet usage monitored, any more ‘invasive’ form of monitoring (such as biotech) would likely be questioned. In Cyprus, the advent of the GDPR has raised awareness, put privacy on board agendas and changed the attitudes of employers to employees’ privacy rights as a whole. In the UK, GDPR has raised the risk profile and general awareness of privacy rights, but the fundamental approach to monitoring remains the same. When monitoring employees, employers need to consider data protection law, human rights law, and specific monitoring legislation.
All over the world, the challenge is to balance the possibilities offered by new types of technology with individual data privacy rights. Some countries are more at the sharp end of tech developments than others. In Germany, several employers have suffered ransomware attacks, forcing employers to increase data protection and establish suitable compliance and monitoring mechanisms. Other countries are more concerned with accommodating a shift in employee working habits.
In Ireland and Italy, there is a trend towards ‘bring your own device’ (BYOD), involving employers in introducing BYOD policies to manage how employees connect to their networks. The challenge for employers is essentially to work out how to monitor personal devices used for work in the same way as they monitor company devices. In Italy, a consensus on how employers should do this is yet to be reached.
In the Netherlands, more and more employees are working from home and this again leads employers to want to monitor productive activity. Technology is starting to enable this, with wearable tech, GPS trackers etc., however, balancing these developments with privacy is proving a challenge.
In France, the hottest topic is arguably biometrics. The Data Protection Authority (the CNIL) has just issued a new regulation – which is stricter than the GDPR: the purposes for which employers can use biometrics are strictly limited, as are the type of biometrics they can use. For example, biological sampling (e.g. of saliva or blood) is prohibited. Iris, fingerprint and hand veins, for example, can be used, but the employer must justify why they are using them, including the reason for using one feature over another.
Interestingly, clocking on is an issue in Switzerland too, but from the opposite angle: the authorities are stepping up checks to ensure employers comply with their duty to record hours worked by employees and in consequence, employers are using ever-more sophisticated means of clocking people in and out (e.g. voice, fingerprints and facial recognition) – and that seems to be accepted by workers, for now at least.
Written by Ius Laboris
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/