The Opinion n°2/2017 (WP 249) adopted by the G29 on 8 June 2017 aims at evaluating the risks resulting from the use of new technologies at work especially in terms of respect of employees’ privacy.
This opinion comes in the wake of Directive 95/46/CE on the protection of individuals with regard to the processing of personal data and on the free movement of such data and in view of the General Data Protection Regulation (GDRP) which will apply from 25 May 2018.
To that end, the G29 reaffirms and outlines a certain number of points addressed in its prior opinions dated 13 September 2001 (opinion n°8/2001 WP 48) and 29 May 2002 (WP 55).
The G29 outlines the difficulties to rely on the employees consent to process their data, as they “are seldom in a position to freely give, refuse or revoke consent, given the dependency that results from the employer/employee relationship”.
The G29 also outlines the importance of transparency and the right for employees to be informed of any data processing and restates the principle of proportionality regarding data processing.
Thus, in its opinion, the G29 considers different scenarios and makes an analysis on processing operations in the context of recruitment process, in?employment screening, monitoring ICT usage at or outside the workplace, time and attendance devices, video monitoring systems, vehicles used by employees, disclosure of employees’ data to third parties.
The G29 makes some recommendations. Notably, the G29 advises that, during recruitment process, the employer may use data from social networks or any other data available online, only if it is necessary for the job to review and subject that the candidates are correctly informed on such use.
This opinion covers the critical points raised by data processing at work that employers shall bear in mind when dealing daily with such data.