Considering “privacy@work”
In their article of 1890, Warren and Brandeis wrote of a “right to be let alone”. Nowadays, the right to privacy has become a fundamental right, recognised in many international human rights instruments (including Article 12 of the Universal Declaration on Human Rights, and Article 17 of the International Covenant on Civil and Political Rights) and it has received very different and broad meanings.
The right to privacy has gradually found its way in employment law. This is certainly due to the challenges of the modern workplace, with the rise of new technologies, from computers, networks, monitoring tools to artificial intelligence. It is also due to our understanding of the meaning of work and the related necessity to maintain a human approach to work.
In 2020, we wrote our blog about the “European framework agreement on digitalisation” of 22 June 2020, an initiative from the European social partners. This agreement addresses different aspects of the digital agenda for work, including concerns of human dignity, privacy and data protection. At the same time, we launched an academic initiative to make progress in the field of privacy at work. With a group of European colleagues in law, we aimed to set out an in-depth, up-to-date, Europe-wide survey and analysis of the intensive and growing interaction of workplace relations systems with developments in privacy law.
Our book Privacy@Work is the product of this collaborative work.
The output is part of a bigger effort, an attempt to receive a better understanding and insight on privacy and data protection in the world of work, both from an academic, practical and policy making perspective. The issue of privacy stands central in the global workplace and is shaping its regulation as well as the perspective on the future of work in light of current challenges. On a more global scale, a study was delivered for the International Labour Organisation, resulting in an ILO working paper on “Protection of worker’s personal data: general principles) (2022) ILO Working Paper No. 62. The working paper gives a comparative overview of major data protection principles with relevance for the employment context, in light of an emerging growing consensus.
Privacy and data protection as fundamental rights
Both the right to privacy as well as the right to personal data protection are fundamental rights. While these rights thus exist independently from each other, they significantly overlap. This means that these rights are linked in many ways. We view privacy as an overarching concept under which data protection exists. We also recognize that data protection has its own space insofar as concepts such as collection, processing, and use of personal data have specific meanings.
The European Union’s General Data Protection Regulation (GDPR) Regulation (EU) 2016/679 has certainly increased the broader attention for privacy at work. The GDPR has a broad scope of application and is applicable to the employment context. This means that the world of work is confronted (and needs to comply) with the ‘general’ regime of data protection law.
Privacy is a fundamental right according to the European Union Charter of Fundamental Rights (CFREU) as well as the European Convention on Human Rights (ECHR), in addition to other supranational sources such as the Council of Europe’s Convention 108+. In the ECHR, Article 8 recognises a robust right to privacy that the European Court of Human Rights has interpreted as containing important self-development aims. Article 8 of the ECHR is supposed to align with Articles 7 and 8 of the CFREU, respectively the right to privacy in a broad sense, and the right to personal data protection. The CJEU has set out its aim of protecting the “essence” of the right. The precise scope of each of Articles 7 and 8 remain to be determined.
Privacy and the workplace: a (too) fragmented approach
Considering the European Union framework as an example, the challenges posed by information technologies can only be addressed properly if we have a clear idea of what is our foundational point.
This is a challenge. One that not every Member State has addressed to the same extent. We see some reasons for this divergence in treatment. First, understanding privacy and data protection law requires a degree of specialisation and expertise. Second, data protection standards are not necessarily written for, nor adapted to, the employment context. These obstacles test a field like labour law, which has a very long tradition, with often detailed sets of rules and its own mechanisms and principles.
Nevertheless, we have led this book with the hope of bringing together the legal communities in Privacy (including data protection) and Labour because there is a need for them to interact in order to set out the interplay between these two complex fields; time during which sufficient know-how and understanding can develop. There is a need for more specification of privacy and data protection for the employment context.
Article 88 GDPR confirms both the need for specificity, allowing Member States and the social partners to set out their own regulatory frameworks for the work context. However, this provision also contributes to an absence of harmonisation of protections across the EU in the work setting. It may be questioned whether this is desirable, seen the fact that it concerns a fundamental right.
Privacy as a way forward
One of the main findings of this book is that the right to privacy cannot be removed anymore from a modern regulatory approach of the global workplace. In addition, the right to privacy, including the right to data protection, offers new insights and legal solutions for many contemporary and future workplace issues.
The effect of information technologies on work has increased, and will continue to be significant for the foreseeable future. We point to not only social media, platform labour, and remote work, but also algorithmic management as well as robotisation and co-botisation. Privacy is a common link amongst these. While a right to privacy has been discussed, we remain concerned about a substantive right to privacy at work that gives effect to the right of an individual to have space that is not intruded upon by the fact that he/she is part of an employment relationship. We view this right to privacy at work including recognition that if a person is at a workplace or engaged in work, they may be performing their duties, but that they do not hand over the entirety of their personhood to a job or employer. And so, the right to preserve some of themselves while at work (whether that is identified as personal data, or a space for private life at work) is an important step to take. And, we argue, it is one that must be engaged with imminently as we further digitalise work.
Furthermore, the diversity in national approaches, within an EU context, corresponds to the way how labour law is shaped. However, more harmonization is desirable. In this context, the possibility for a European legislative framework or a European (social partner) framework agreement should be further discovered. It will provide more leeway to European (social) partnership as well as to improved chances of convergence. Furthermore, while the GDPR focuses on the concept of data protection, a wider workplace privacy concept needs to be involved. The privacy concept is larger, more encompassing and more flexible than the data protection approach and may address gaps in the GDPR when labour and employment relations are concerned. Considering the challenges of the future of work, applying and developing the right to privacy will remain a way forward.
