Location data in the employment context: Privacy risks and action points for compliance
Employers should carry out a Legitimate Interest Assessment and avoid over-reliance on consent. By Laura Brodahl, Nikolaos Theodorakis and Roberto Yunquera Sehwani of Wilson Sonsini Goodrich & Rosati.
The ongoing pandemic has, inter alia, created a paradigm shift where remote work is acceptable, or even mandatory. This has been one of the catalysts for the increasing use of technologies which collect location data. Examples are for purposes such as IT security where employees work remotely, for example, to identify fraudsters trying to unlawfully access the company’s IT systems from an unknown location, or to organize work in a more efficient way, for example, a postal company to calculate efficient delivery itineraries based on real-time traffic information at the carrier’s location.
This article first explains the key concepts relating to processing location data in an employment context (i.e., location data and the roles of the parties). This is followed by a high-level overview of key privacy compliance action points to consider when rolling out processing activities that involve tracking employees’ location, for example, assessing the appropriate legal basis and transparency towards employees. This article limits itself to addressing risks and recommended measures under the GDPR. It does not address any specific obligations that may be imposed by national employment laws, such as through collective labour agreements.
UK Report subscribers please login to access the full article.
If you wish to subscribe please see our subscription information.