Monitoring of workers’ personal data via entrance control systems

Preventing 1984-style monitoring of workers requires a rebalancing of workplace power, based on fair legal regulation and human dignity.

The monitoring of job applicants and workers, inside and outside the workplace—variously by computers, mobiles, artificial intelligence, video cameras and wearables, besides geolocation and identification methods—has become so much more common with the pandemic as to now constitute a regular part of working life. With the digital transformation, these practices lead to the processing of current, prospective and former workers’ personal data in a much less costly, but more intrusive, way than before.

In this context, the processing of personal data can be defined as any operation—collection, use, recording, erasure and storage—applied to any kind of information related to the applicant and worker. Yet it is in the employment relationship that the right to the protection of personal data is constantly violated. An equitable balance thus needs to be struck in the era of digitalisation, between the applicant’s and the worker’s rights to privacy and protection of their personal data and the employer’s economic and personal interests.

Electronic and biometric control systems

Among the monitoring practices frequently involved, employers resort to electronic and biometric systems for control of entrance or access, to register the times, frequency and security of workers entering and leaving the workplace. These control systems identify and record the areas of the workplace visited by workers during the day and how long they have been there.

Electronic systems perform control via a personal identification number (PIN) or magnetic or chip card (smart card). Such systems are versatile and practical for the employer but workers also use such cards, for identification and access to printers, photocopiers and vending machines, as a payment tool in the cafeteria or to determine for themselves when they enter and leave the workplace and record their working times.

Biometric systems include methods for recognising or scanning the biometric data of workers, such as fingerprints, palms, face, voice, retina, DNA, footprints, odour, weight, skin and body shape. These characteristics are measured and identification ensured by comparison with pre-recorded information (a biometric sample or template). Biometric data comprise a special category of personal data, with the need for stricter protection.

Egregious interference

Whereas electronic entrance-control systems, located in the main entrance and sections or floors in the workplace, also process workers’ personal data, biometric systems interfere egregiously by processing biometric data in line with its recording, matching and storage. Contrary to the methods involving passwords, badges or cards, it is not possible to change or remove biological features which form the basis of biometric data. Hence the abuse of biometric data will have more serious and dangerous consequences for workers.

Especially in workplaces which require high security or in particular areas where highly confidential information is kept, control of entry and exit with smart cards may sometimes be insufficient. Biometric entrance-control systems should therefore be a last resort and limited to the entrances of such exceptional areas. In these cases, it is obligatory to act in accordance with the basic principles and rules of data-protection law.

Since personal data cannot as a rule be processed, the processing of workers’ data via electronic or biometric entrance-control systems should only be to the extent necessary for the performance of the employment contract. Even explicit consent from the worker, in the context of an employment relationship based on subordination, does not alone ensure compliance with the law. Within this scope, as long as there is a method which achieves the same purpose and interferes less with the personal data of the worker—in line with the principle of proportionality—use of biometric entrance-control systems will be unlawful.

Job applicants and workers must be informed in a clear and detailed manner before the processing of their data. This does not however mean that continuous or covert monitoring of the frequency and times of workers’ entrances and exits can ever be justified.

Regulation

The European Union General Data Protection Regulation does not directly regulate the monitoring of workers by electronic and biometric entrance-control systems, which depends on national regulations. In tracking the entrance to and exit from the workplace and in ensuring its safety, electronic control systems, in which limited and non-sensitive data belonging to workers are uploaded, will be more in compliance than biometric systems with legal instruments. These are the Council of Europe’s Recommendation CM/Rec (2015)5, on the processing of personal data in the context of employment, Opinion 2/2017 of the Article 29 Working Party and fundamental principles of data-protection law.

However, electronic systems must not be used to track the behaviour of workers during and outside working time. Also, the personal data of workers monitored through these systems must be processed in accordance with the unique characteristics of labour law and good faith.

All rights derived from data-protection law must be granted to applicants and workers as well, including the right to gain access, and object, to their processed data. Otherwise, monitoring carried out by an employer with electronic and biometric entrance-control systems will become null and void, and the personal data obtained will constitute unlawful evidence in any legal dispute.

Above all, genuinely fair and effective protection of job applicants’ and workers’ personal data, against all types of monitoring abuse by employers, depends on raising awareness and changing mentalities. For this, social justice and human dignity provide the best compass.