We would like to ensure that you are still receiving content that you find useful – please confirm that you would like to continue to receive ILO newsletters.
07 October 2020
The Data Protection Agency recently completed five inspections which focused on employers' duty to provide information when using control measures to monitor employees.
The EU General Data Protection Regulation (GDPR) states that, no later than at the time of collection, data controllers must inform data subjects of, among other things:
The duty to provide this information is linked to the GDPR's principle of transparency, which includes a requirement that data subjects have easy access to detailed information regarding the processing of their personal data.
In August 2020 the Data Protection Agency completed five written inspections, all of which focused on employers' duty to provide information to employees regarding control measures used to monitor employees. All five inspections gave rise to criticism from the agency, and in three of the cases the agency even expressed serious criticism of the employers' processing of personal data.
The serious criticism from the Data Protection Agency concerned, among other things, the lack of clear information regarding the purpose of the processing of the employees' personal information. For example, one employer had not sufficiently informed its employees of a number of measures, including access to the employees' emails and the use of video surveillance, which the employer could use for control purposes in relation to the employees.
In addition, the Data Protection Agency criticised the lack of information regarding the employers' legal basis for processing employee data, as well as the categories of information collected for control purposes. Thus, the recurring theme of the inspections was whether the employees had received sufficient information and whether they had easy access to that information.
The Data Protection Agency's detailed decisions emphasise that employers should be diligent in informing employees about measures that allow the monitoring of employees and, to the greatest extent practicable, ensure that the information required by Articles 13 and 14 of the GDPR is given to employees in an easily accessible form.
For further information on this topic please contact Søren Terp Kristophersen at Norrbom Vinding by telephone (+43 35 25 3940) or email (firstname.lastname@example.org). The Norrbom Vinding website can be accessed at norrbomvinding.com.
The materials contained on this website are for general information purposes only and are subject to the disclaimer.
ILO is a premium online legal update service for major companies and law firms worldwide. In-house corporate counsel and other users of legal services, as well as law firm partners, qualify for a free subscription.