In today’s digitalised and data-driven working world, employees need to be sure that employers are protecting their personal data. Yet to date, there have been no specific statutory regulations. The BMAS advisory committee that looks at employee data protection has now been tasked with examining the legal possibilities for independent employee data protection.
Data has been a pivotal component of the digital economy for some time now. Thanks to the Internet of Things, intelligent machines, cloud computing, social media and many other sources, the amount of available data and information is rising exponentially. New wide-ranging opportunities are emerging for monitoring employees, and these bring with them new challenges. How should we define legal compliance in the handling of data collected in a work context? How can we make sure employers do not have all the power and protect the right to informational self-determination of each individual? What role does morality play in automated decision-making processes?
Employee data protection: what are employers – and employees – allowed to do?
In the employer-employee relationship, data plays an important role. Personnel departments inevitably accumulate a great deal of personal data and information. For example, even application documents frequently provide the employer with insights into the applicant’s family circumstances, and further sensitive information will be added to this over the course of the employment. The increasing mobility of work equipment means that business mobiles or laptops are sometimes used for private purposes and vice versa. The importance of big data in personnel departments is also growing – witness, for example, the use of speech analysis in the application process to assess whether applicants possess the requisite soft skills. For employees who work in the field, surveillance through GPS tracking is now an issue. And in call centres, which collect a wide range of personal data, there is currently an ongoing debate concerning the use of technical assistance systems.
The coalition agreement of the 19th legislative session creates a brief to examine the issue of employee data protection: “We intend to use the opening clause of Article 88 of the EU General Data Protection Regulation and consider the creation of a separate law for employee data protection, one that would protect the privacy rights of employees in the workplace and create new legal certainty for employers.” (Lines 6086–6088). What more specific provisions will be needed to this end in an employment context? This is not always easy to discern because behind the issue of the reliability of data handling on a case-by-case basis, we often find a problematic trade-off between conflicting interests: on the one hand, there is the employer’s interest in such information and on the other, there is the employee’s interest in maintaining their personal privacy. Up to now, employment law has not included any separate law governing data protection. This is why the Policy Lab of the BMAS has convened an independent and interdisciplinary advisory committee looking at employee data protection. Working with experts representing both the scientific community and practice, the BMAS intends to explore prospects for leading-edge data protection and look into potential legislation for protecting employees.