Introduction
January 28, 2025, marks the 44th anniversary of the Council of Europe’s Convention 108 (now Convention 108+), which is celebrated globally as Data Protection/Privacy Day. This day commemorates the opening for signature of the Convention in 1981, highlighting its significance in establishing international standards for data protection and privacy rights in the digital age.
The Convention has served as the foundation for the development of privacy and data protection legislation worldwide. Currently, approximately 82% of the global population resides in a jurisdiction with established data protection laws or regulations, with numerous additional legislative initiatives under consideration. This proliferation of legislation represents a remarkable evolution in privacy and data protection, warranting celebration.
However, the remarkable achievements of the Convention and its progeny, such as the GDPR, must not overshadow what these frameworks have overlooked. Employees, who constitute one of society’s most vulnerable demographics both in terms of their relative position and the possible exploitation of their data in the face of increasing workplace digitalization and widespread use of algorithmic management systems, often receive inadequate protection under existing data protection laws or are even entirely excluded from such protection in some jurisdictions.
The evolution of workplace data protection legislation
The evolution of workplace data protection legislation reflects a growing recognition of the unique privacy challenges in employment contexts. The Council of Europe initiated the international discourse on the necessity for specialized workplace privacy and data protection regulations in the 1980s. Following the adoption of Convention 108, the Council realised that neither the Convention’s broad principles nor extant national laws could adequately address the unique requirements and the special nature of the employment relationship. This deliberation culminated in the adoption of the 1989 Recommendation on the protection of personal data used for employment purposes (revised in 2015). Subsequently, the ILO adopted its Code of Practice on Protection of Workers’ Personal Data in 1997, followed by the European Union’s data protection authorities’ Opinion 8/2001 (revised in Opinion 2/2017) on data processing at work, and a Working Document (2002) on the surveillance of electronic communications in the workplace.
However, while these instruments provided frameworks for reflection by recognising the unique features of the employment relationship, they remain as their nomenclature suggests, mere guidance documents with no inherent legally binding force.
This is not to suggest an absence of legislative efforts. Three jurisdictions are particularly illustrative in this regard. In the US, the Office of Technology Assessment published a comprehensive report, ‘The Electronic Supervisor’, in 1987, articulating the risks that workplace electronic monitoring posed on workers’ privacy and other rights and freedoms. The study recommended that lawmakers introduce specific federal legislation to address these concerns, which led to the introduction of the Privacy for Workers Act in 1991 before the House of Representatives. This ambitious legislative proposal could have been the first comprehensive workplace-focused privacy law had it been adopted.
A parallel narrative can be observed in Australia, where the necessity for workplace-focussed privacy and data protection legislation has been debated at least since 2000. Subsequent years have witnessed a series of efforts either to amend the Privacy Act 1988 to encompass workplace privacy or to introduce separate workplace-focused legislation. Similarly, the European Commission made multiple attempts to introduce a workplace-focussed data protection framework since 2001.
This historical snapshot demonstrates the persistent recognition across multiple jurisdictions of the need for specialied workplace data protection regulations. Regrettably, all attempts to translate this recognition into legislative frameworks have been unsuccessful due to various factors. As a result, workers’ data protection remains a moving target for regulation and an elusive endeavour in many jurisdictions.
See Parts 2 and 3 of this blog here:
- Over Four Decades of Data Protection: Unexplored History with Valuable Insights for the Future – Part 2 | OHRH
- Over Four Decades of Data Protection: Unexplored History with Valuable Insights for the Future – Part 3 | OHRH
0 Comments