Technology is omnipresent in the workplace. In recent years, the use of technological tools and equipment by companies has grown exponentially. Various types of electronic equipment, which were previously reserved for military or scientific facilities (such as computers, smartphones, CCTV cameras, GPS systems, or biometric devices) are now commonly used by many private companies and are easy and cheap to install.
Technology undoubtedly provides companies with new opportunities for improving work performance and increasing security on their premises. At the same time, employees' personal data are more regularly collected and potential threats to their privacy are more commonplace. In some circumstances, the use of advanced technology can pose higher security threats, which outweigh the benefits the technology provides (see our previous blog post on the risks of BYOD).
In Europe, the use of technology in the workplace will almost certainly trigger the application of privacy and labour laws aimed at safeguarding the employees' right to privacy. In this context, data protection authorities are particularly attentive to the risks to employees that can derive from the use of technology in the workplace and their potential intrusiveness. Earlier this year, the French Data Protection Authority ("CNIL") reported that 15% of all complaints received were work-related (see our previous blog post on the CNIL's report). In many cases, employees felt threatened by the invasiveness of video cameras (and other technologies) being used in the work place. For that reason, the CNIL published several practical guidelines instructing employers on how to use technology in the workplace in accordance with the French Data Protection Act and the French rules on privacy.
Employers are faced with the challenge of finding a way to use technology without falling foul of privacy laws. When considering whether to implement a particular technology in the workplace, companies should take appropriate measures to ensure that those technologies are implemented in accordance with applicable privacy and labour laws. As a first step, it is often good practice to carry out a privacy impact assessment that will allow the company to identify any potential threats to employees and the risk of the company breaching privacy and labour laws. Also, the general data protection principles (lawfulness and fairness of processing, purpose limitation, proportionality, transparency, security and confidentiality) should be fully integrated into the decision-making process and privacy-by-design should be an integral part of any new technology that is deployed within the company. In particular, companies should ensure that employees are properly informed, both individually and collectively, prior to the collection of their personal data. Additionally, in many EU jurisdictions, it is often necessary for companies to inform and/or consult the employee representative bodies (such as a Works Council) on such issues. Finally, companies must grant employees access to their personal data in accordance with applicable local laws.
So, are technology and privacy incompatible? Not necessarily. Under European law, there is no general prohibition to use technology in the workplace. However, as is often the case under privacy law, the critical point is to find a fair balance between the organisation's goals and purposes when using a particular technology and the employees' privacy rights.
Click here to access my article on the use of technology in the workplace under French privacy law.
Sign up to our email digest