EU Data Protection Reforms Unveiled
By Ellen Temperton of Lewis Silkin (the UK member of Ius Laboris)
The European Commission has published proposals for a comprehensive reform of the 1995 EU Data Protection Directive.
The main aim is to remove inconsistencies created by the 27 EU member states having implemented the Directive in divergent ways and the consequent burdens for business. The proposals also attempt to reflect the rapid advances in technology since the Directive first came into effect.
The changes include a mandatory obligation to report data security breaches promptly and, where feasible, within 24 hours. At present, very few member states have compulsory rules requiring infringements to be notified. In addition, substantial powers to levy fines are proposed - between 0.5 and 2% of an organisation's global annual turnover.
Continue Reading...The Use of Geolocation Is Restricted
An employer who wishes to use a geolocation device must make a declaration to the CNIL (Commission nationale de l'informatique et des libertés), which is responsible for ensuring that information technology remains at the service of citizens and does not jeopardize human identity or breach human rights, privacy or individual or public liberties. The CNIL will also verify that the principles relating to the protection of personal data are respected.
The declaration may be made online. Only after the employer receives confirmation from CNIL that the declaration was received may the employer implement a system with geolocation devices.
A decision of the Supreme Court of 3 November 2011 points out that a system monitoring employee activity such as geolocation can not legally (CA Versailles, 17th ch., 17 September 2010, No. 09/02316, Messaoudi C / SA Sogeres) be used by the employer for any other purposes than those declared to the CNIL, and must be brought to the attention of the employees.
Moreover, geolocation limits the personal freedom of employees and this must be justified, in accordance with Article L. 1121-1 of the French Labour Code. According to the Supreme Court there is no such justification for controlling the hours of work of an employee who is free to organize his work. Furthermore, the employee in the case in question had not been informed that the device would be used for such purpose. The court ruled that this illegal use is sufficient to justify a notification by the employee of a breach of the employment contract by the employer (assimilated to unfair dismissal).
Russia: Employee Privacy at the Workplace
Employee surveillance, especially in the context of monitoring employees' electronic communications, is becoming a hot topic in Russia. Many local and global companies operating in Russia are considering their options for protecting company assets while observing privacy rights of employees. This creates a requirement to have an understanding of the employee privacy requirements set out by Russian law. Generally, Russian law does not set out any specific requirements with respect to monitoring employees' e-mails sent from their corporate e-mail address. Nevertheless, the Russian Constitution guarantees to all individuals rights for private life and privacy of correspondence that shall not be infringed by an employer.
Because the law contains no express exception, and courts have not weigned in on the issue, there is a diversity of opinions whether the above described general principle on monitoring employees' private e-mails must apply to monitoring of e-mails kept on the computer of the company. Most common opinions are the following:
- There is an opinion that the general principle must apply to these situations and monitoring employees' private e-mails even if they are sent from the corporate e-mail address may be considered as an infringement of Russian law;
- Another opinion is that the employer can monitor the contents of its computers provided that the employer: (i) properly informed employees that its computers can be used only for business purposes and that use of corporate e-mail for private purposes is prohibited; (ii) properly informed employees that the employer monitors or can monitor employees' e-mails, including private e-mails. "Properly inform" in this context would mean that this information is included either in the employment contract or in the internal rules, and that the employees familiarized themselves with the information, providing written acknowledgment of their receipt and understanding thereof.
Employment Newsnotes (Issue 51, Summer 2011)
Employment Newsnotes (PDF) is an occasional publication by Lewis Silkin covering recent UK employment law developments in an accessible, succinct and entertaining way. The latest issue includes articles on:
- Dangers for employers in relying on surveillance film in disciplinary proceedings
- Controlling employees' use of social media in the workplace
- How employers should go about implementing a pay cut lawfully
- The Government's proposal to introduce financial penalties for employers losing Employment Tribunal claims
- The latest cases concerning employees claiming discrimination on grounds of their 'philosophical belief'
- Interns - are they entitled to be paid the national minimum wage?
- The potential sanctions for businesses employing people who are working in the UK illegally
- The prospects of former News of the World staff being able to claim stigma damages
The Brussels Labour Court Rejects Evidence on the Basis of an Employee's Entitlement to a Reasonable Expectation of Privacy
A managing director, accompanied by a union representative, breaks open the locked closet of a cleaner, without her knowledge, and notes the presence of objects belonging to the company inside. Informed of this observation, the employee admits that she had put the objects inside the locker.
In its judgement of 2 May 2011, the Brussels Labour Court stated that these observations cannot be used in court as the privacy of the employee was invaded and such privacy is protected by Article 22 of the Constitution and Article 8 of European Convention of Human Rights, directly applicable to parties of an employment contract.
Continue Reading...Location, Location, Location: Recent Developments in "GeoPrivacy" and the Impact on the Use of GPS in the U.S. Workplace
Ever since revelations in May that smartphones track the location of their users, location privacy has been a red hot issue in virtually every forum -- except the U.S. workplace. In June, for example, the U.S. Supreme Court agreed to review a federal circuit court decision holding that the federal government's warrantless use of 24/7 location tracking for more than a month violated the Fourth Amendment rights of a criminal suspect. The Wall Street Journal dubbed June 15, 2011, "location privacy day on Capitol Hill" after two bills were introduced to limit the use of location data by industry and by law enforcement. And, in the European Union, the Article 29 Working Party, which is responsible for providing guidance on the application of the European Union Data Protection Directive, recently published its "Opinion 13/2011 on Geolocation Services on smart mobile devices." While none of these developments directly implicate the U.S. workplace, U.S. employers should closely monitor the location privacy debate, particularly given their increasingly common reliance on GPS-enabled smartphones and vehicles to track employees. To learn more about recent developments in location privacy and implications for multinational employers, please continue reading at Littler's Workplace Privacy Counsel blog.
Photo credit: binabina
Personal Data Transfer
The transfer of the personal data of employees to another company, even one from the same group, especially when the transfer is abroad, requires specific written consent of the employee, unless there is a specific exception in the law for the respective transfer. A breach of these rules is a criminal offence. Under Polish law, the transfer of personal data is a form of data processing. In the light of the Act of 29 August 1997 on Protection of Personal Data, in order to process the employee's data, the employer is obliged to meet one of the prerequisites set out in the Art. 23 Sec. 1 of the Act. Article 23 Sec. 1 point 1 requires consent by the employee unless there is another exception. Such exceptions include, for example, performance of an agreement with the employee. Stricter rules apply to the transfer of personal data outside of the European Economic Area. In such a case, even consent of the employee may not be sufficient.
New Maryland Statute Further Complicates Patchwork of Credit Privacy Laws
When Maryland enacted its law restricting the use of credit history for employment purposes on April 12, 2011, it became the fifth state - joining Hawaii, Illinois, Oregon, and Washington - to enact a credit privacy law. Maryland's law transforms what was a mildly complicated compliance challenge for multi-state employers into an expanding morass. With credit privacy bills currently pending in more than twenty states, multi-state employers should expect that it will become increasingly difficult to establish company-wide policies on the use of credit history for employment purposes. To learn more about this development and its implications for employers, please continue reading at Littler's Workplace Privacy Counsel blog.
Photo credit: contour99
Managing Employees' Use of Personal SmartPhones and Tablets for Work
A recent article in the Wall Street Journal aptly identified several challenges that employers face when they allow employees to use their personal smartphones and tablets for work. The article, entitled "So You Want To Use Your iPhone For Work? Uh-Oh. How The Smartest Companies Are Letting Employees Use Their Personal Gadgets To Do Their Jobs," notes several steps employers are taking to reduce privacy and information security risks. These steps include the following: (a) requiring that employees enable passwords, (b) sending a "kill command" to wipe business information from a lost or stolen device, and (c) walling off sensitive data into an "encrypted container." While these steps are all useful, they comprise only a partial list of critical issues employers should consider before permitting employees to use a personal device for work. To learn more about what actions employers should consider taking before allowing employees to use a personal device for work, please continue reading at Littler's Workplace Privacy Counsel blog.
Employment Newsnotes (Issue 50, Winter 2010/11)
Employment Newsnotes (PDF) is an occasional publication by Lewis Silkin covering recent UK employment law developments in an accessible, succinct and entertaining way. The 50th issue, just published, is a "Movie Special" that revisits memorable motion pictures of the past few years as the basis for topical articles on:
- Equal pay (Made in Dagenham)
- Industrial action (Billy Elliot)
- Sexual orientation discrimination (Philadelphia)
- Business immigration (Green Card)
- Facebook and the workplace (The Social Network)
- Whistleblowing (Silkwood)
- Harassment at work (Disclosure)