In the past 18 months, the world of work has changed in ways that very few (if any!) could have predicted. Virtually every sector has been impacted in some way by the COVID-19 pandemic and businesses of all sizes are having to adapt to ensure that their policies and practices remain relevant.
As a result of these rapid changes, the ICO has launched a call for public views on data protection in the workplace in order to create a comprehensive, practical employment guide to support employers and employees in situations where personal data is used.
The guidance created by the ICO will replace the existing Employment Code which has been a useful resource for many employers in ensuring compliance with their data protection obligations. However, the new guidance will be a resource that will reflect the way working practices have changed in recent times. The key areas covered by the new employment practices guidance will be:
- Recruitment and selection;
- Employment records;
- Monitoring of workers; and
- Information about workers’ health.
The guidance will also pay close attention to the use of artificial intelligence and machine learning technologies that are used to make decisions about employees and workers. These technologies are becoming increasingly commonplace in the workplace with varied uses in human resources, employee performance analysis and training.
With the incredible growth in remote working, a trend that looks set to remain a part of society for the foreseeable future, some employers may feel as though they have lost the ability to supervise their workers and keep an eye on the productivity of employees. As a result, monitoring technologies have become more varied and widespread and such increased use brings a host of privacy considerations for employers.
There is no data privacy law in the UK which specifically governs monitoring of employees or other workers. Employers are neither expressly permitted to monitor, nor are they prohibited from doing so. Instead, as the various methods of monitoring have developed over recent years, so has the regulatory framework governing their use. When it comes to monitoring employees, the UK GDPR and DPA 2018 emphasise: informing your employees about the data collection methods; ensuring that consent is obtained for personal data collection; and protecting all data collected.
The COVID-19 pandemic has also caused employers to consider whether they can legally collect health information such as the vaccination status of employees or test results of employees to help monitor and prevent the spread of the virus. Health data is special category data under the UK GDPR and therefore, there are stringent restrictions on the processing of such data.
The ICO guidance will cover these key areas and provide practical advice for employers on how to proceed with the processing of employee personal data while ensuring they are compliant with the UK GDPR.
The ICO hopes to hear from anyone who has an interest in UK employment practices including businesses, workers, trade unions, and professional and trade bodies.
The consultation is open until 21 October 2021 and responses can be submitted by completing the online survey or filling out the word version and emailing the response to employmentguidance@ico.org.uk.
