Bargaining over workersʿ data rights : How unions and works councils can use collective bargaining to specify workplace data protection norms
Friedrich-Ebert-Stiftung - Brussels
2024
13 p.
data protection ; legal aspect ; workers rights ; works council ; collective bargaining ; trade union role
Collective bargaining
https://library.fes.de/pdf-files/bueros/bruessel/21313.pdf
English
Bibliogr.
"Workplace compliance with existing data protection law appears poor. A variety of reasons explain poor compli ance, including a lack of legal clarity. Therefore, in order to boost workplace data protection compliance, the norms of the General Data Protection Regulation (GDPR) will need to be specified for the workplace context. This paper focuses on Art. 88 GDPR, which allows Member States to ‘provide for more specific rules' on the processing of employees' personal data in the employment context, in the form of national laws or collective agreements, including ‘works agreements' (i. e. firm-level agreements). It identifies where the GDPR requires specification for the workplace and indicates how unions and works councils might go about that. Although the paper can serve as inspiration for the content of national workplace data protection laws, it is written for unions and works councils that negotiate agreements on data pro tection issues. The paper provides guidance on several data protection aspects, such as the need for unions and works councils to
– clarify substantive and procedural requirements, including the conditions around consent as a legal base for the processing of workers personal data, the restrictions on uses of technology like emotion-detection, and how workers should be involved in data protection impact assessments. – specify the scope of individual and collective data rights, by creating a framework to make sure workers can effectively exercise the right to be informed and to access their personal data, as well as by negotiating additional collective data access, information, and litigation rights that go beyond the GDPR. – establish clear norms for algorithmic management, for instance around the design, deployment and use of algorithmic systems, the degree of transparency (high!), and the importance for unions and works councils to demand the right to audit algorithms and to be involved in decisions throughout the technology-lifecycle.
The accompanying paper ´Improving workplace data protection´ discusses several other underexplored options un der the GDPR that can help to specify norms for workplace data protection, like the creation of codes of conduct and certification schemes under Arts. 40 and 42 GDPR."
Digital
The ETUI is co-funded by the European Union. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or the ETUI.