Over Four Decades of Data Protection: Unexplored History with Valuable Insights for the Future – Part 1

by | Jan 28, 2025

author profile picture

About Jeremias Adams-Prassl, Six Silberman, and Halefom Abraha

Jeremias Adams-Prassl is Professor of Law at Magdalen College in the University of Oxford. He studied law at Oxford, Paris, and Harvard Law School, and is particularly interested in the future of work and innovation. Jeremias is the author of over 100 articles and books, including most recently Humans as a Service: the Promise and Perils of Work in the Gig Economy (OUP 2018) and Great Debates in EU Law (MacMillan 2021). Since April 2021, he has lead a five-year research project on Algorithms at Work, funded by the European Research Council and a 2020 Leverhulme Prize.  | Six Silberman is a postdoctoral researcher in the iManage Project at Bonavero, contributing to research on regulating algorithmic management. Silberman has previously been a software engineer and trade union official, and was co-founder with Lilly Irani of Turkopticon, a client reputation system used by workers on Amazon’s ‘Mechanical Turk’ crowdsourcing platform. Silberman has contributed to research on environmental issues in information technology, the working conditions and rights of workers on digital labor platforms, and ecological economics. | Halefom H. Abraha is an Assistant Professor at the International and European Law (IER) Department of the Utrecht School of Law. Halefom is a member of the Netherlands Institute of Human Rights (SIM) and the Utrecht Centre for Regulation and Enforcement in Europe (RENFORCE). His research and teaching interests lie in AI Regulation, algorithmic management in the labour market, and data protection. He also researches cross-border data access in the law enforcement context and digital sovereignty.

Introduction

January 28, 2025, marks the 44th anniversary of the Council of Europe’s Convention 108 (now Convention 108+), which is celebrated globally as Data Protection/Privacy Day. This day commemorates the opening for signature of the Convention in 1981, highlighting its significance in establishing international standards for data protection and privacy rights in the digital age.

The Convention has served as the foundation for the development of privacy and data protection legislation worldwide. Currently, approximately 82% of the global population resides in a jurisdiction with established data protection laws or regulations, with numerous additional legislative initiatives under consideration. This proliferation of legislation represents a remarkable evolution in privacy and data protection, warranting celebration.

However, the remarkable achievements of the Convention and its progeny, such as the GDPR, must not overshadow what these frameworks have overlooked. Employees, who constitute one of society’s most vulnerable demographics both in terms of their relative position and the possible exploitation of their data in the face of increasing workplace digitalization and widespread use of algorithmic management systems, often receive inadequate protection under  existing data protection laws or are even entirely excluded from such protection in some jurisdictions.

The evolution of workplace data protection legislation

The evolution of workplace data protection legislation reflects a growing recognition of the unique privacy challenges in employment contexts. The Council of Europe initiated the international discourse on the necessity for specialized workplace privacy and data protection regulations in the 1980s. Following the adoption of Convention 108, the Council realised that neither the Convention’s broad principles nor extant national laws could adequately address the unique requirements and the special nature of the employment relationship. This deliberation culminated in the adoption of the 1989 Recommendation on the protection of personal data used for employment purposes (revised in 2015). Subsequently, the ILO adopted its Code of Practice on Protection of Workers’ Personal Data in 1997, followed by the European Union’s data protection authorities’ Opinion 8/2001 (revised in Opinion 2/2017) on data processing at work, and a Working Document (2002) on the surveillance of electronic communications in the workplace.

However, while these instruments provided frameworks for reflection by recognising the unique features of the employment relationship, they remain as their nomenclature suggests, mere guidance documents with no inherent legally binding force.

This is not to suggest an absence of legislative efforts. Three jurisdictions are particularly illustrative in this regard. In the US, the Office of Technology Assessment published a comprehensive report, ‘The Electronic Supervisor’, in 1987, articulating the risks that workplace electronic monitoring posed on workers’ privacy and other rights and freedoms. The study recommended that lawmakers introduce specific federal legislation to address these concerns, which led to the introduction of the Privacy for Workers Act in 1991 before the House of Representatives. This ambitious legislative proposal could have been the first comprehensive workplace-focused privacy law had it been adopted.

A parallel narrative can be observed in Australia, where the necessity for workplace-focussed privacy and data protection legislation has been debated at least since 2000. Subsequent years have witnessed a series of efforts either to amend the Privacy Act 1988 to encompass workplace privacy or to introduce separate workplace-focused legislation. Similarly, the European Commission made multiple attempts to introduce a workplace-focussed data protection framework since 2001.

This historical snapshot demonstrates the persistent recognition across multiple jurisdictions of the need for specialied workplace data protection regulations. Regrettably, all attempts to translate this recognition into legislative frameworks have been unsuccessful due to various factors. As a result, workers’ data protection remains a moving target for regulation and an elusive endeavour in many jurisdictions.

See Parts 2 and 3 of this blog here:

 

Share this:

Related Content

0 Comments

Submit a Comment