The Worker as a Data Subject: Resources for Data Protection Day

Since 2006, the Council of Europe has celebrated 28 January as Data Protection Day—known globally as Privacy Day. Data processing now impacts on many spheres of life. One of these is employment: increases in the scale and ease of data processing have led to a sharp increase in employers’ use of algorithmic management tools, which facilitate hitherto inconceivable worker surveillance and analysis and enable the automation of functions that were once carried out by HR.

To help raise awareness of data protection at work, the team at iManage—Halefom Abraha, Aislinn Kelly-Lyth, and Prof Jeremias Adams-Prassl—have brought together ten resources examining this new phenomenon through a data protection lens. As the GDPR enters its fourth year of application, these papers provide a great starting point for stakeholders to understand and address data protection issues around AI systems in the workplace. We explore these and related challenges in the course of our weekly Algorithms at Work Discussion group (held in hybrid format)—if you are interested in joining, please get in touch. And, most importantly:

Happy Data Protection Day!

State of Play – and Promising  Next Steps

1. All-Party Parliamentary Group on the Future of Work, The New Frontier: Artificial Intelligence at Work (2021)

This report—the product of a collaboration between parliamentarians, industry, and civil society—is an excellent starting point for an up-to-date overview of pressing regulatory issues on AI in the workplace. It recommends practical solutions, including the introduction of an ‘Accountability for Algorithms Act’. Despite being UK-specific, the report contains lessons for similar debates in the EU and beyond.

2. UC Berkeley Labor Center, Data and Algorithms at Work: The Case for Worker Technology Rights (2021)

Informed by empirical research, this report sets out how US-based companies use algorithmic technologies in the workplace, with profound consequences for wages, working conditions, race and gender equity, and worker power. After identifying regulatory gaps, the report outlines a set of policy principles to help build a robust regime.

3. Wilnelda Negrón, Little Tech is Coming for Workers (2021) and accompanying Coworker Bossware and Employment Tech Database

Coworker’s report provides an up-to-date and thorough review of the algorithmic management industry and its (lack of) regulation. The report was published alongside an impressive database containing filterable information about algorithmic management tools on the market.

Existing Laws

4. TUC Report, Technology Managing People: (1) The Worker Experience; and (2) The Legal Implications (2021, by Robin Allen QC and Dee Masters)

This report provides a comprehensive analysis of the legal consequences of using AI systems in the workplace, including under data protection law. Focusing on UK law, the report sets out ‘red lines’ for algorithmic management and articulates a set of principles to shape the future regulation of AI systems in the workplace.

5. Article 29 Data Protection Working Party, Opinion 2/2017 on data processing at work

The European Data Protection Board has yet to issue guidance on interpreting the GDPR in the employment context, despite repeated calls for it to do so. Its predecessor’s Opinion, published in 2017, addresses certain points of the GDPR and whilst no longer entirely up-to-date is currently the most authoritative comprehensive EU-level guidance we have.

6. Worker Info Exchange, Managed by Bots: Data-Driven Exploitation in the Gig Economy (2021)

Worker Info Exchange is a digital rights NGO founded by one of the lead claimants in the UK’s Uber case. The organisation focuses on the gig economy—the cradle of algorithmic management. Its recent report details how it has used data subject access requests and strategic data protection litigation to challenge harmful impacts of algorithmic management. The result is a rare insight into the practical inadequacies of data protection rights.

The Role of Unions

7. Guides for union representatives: TUC, When AI is the Boss: An introduction for union reps (2021); Prospect, Data Protection Impact Assessments: a union guide (2020); and UNI, Algorithmic Management – A Trade Union Guide (2020)

As algorithms have taken over the role of human resource managers, trade unions have also had to adapt. These three resources provide practical guidance for representatives negotiating algorithmic control. The Prospect guide focuses on data protection impact assessments (DPIAs), which provide a key opportunity for union input.

Academic Analyses

8. Nathan Newman, ‘Reengineering Workplace Bargaining: How Big Data Drives Lower Wages and How Reframing Labor Law Can Restore Information Equality in the Workplace’ (2017) 85 University of Cincinnati Law Review 693

We read this paper last year in our Algorithms @ Work reading group, and it sparked an interesting discussion among participants. The piece looks at how workplace analytics can drive down wages by (inter alia) screening out job applicants who are likely to agitate for higher wages; predicting which employees are likely to leave (thereby limiting pay increases); and expanding the geographic and relational scope of control, thereby enabling greater sub-contracting and ‘on-demand’ employment.

9. Spiros Simitis, ‘Reconsidering the Premises of Labour Law: Prolegomena to an EU Regulation on the Protection of Employees’ Personal Data’ (1999) 5(1) European Law Journal 45

This seminal article sets out an early vision for a regulation on data processing in the employment context. While some of Simitis’ suggestions have been realised by the GDPR, his 1999 article argued for a need to eliminate the ‘vagueness and ambivalence of an omnibus approach by precise context-oriented demands’. Article 88 GDPR enables EU Member States to adopt ‘more specific rules’ for the employment context. The use of this clause will be explored in a forthcoming paper by Halefom Abraha.

10. Isabel Ebert, Isabelle Wildhaber and Jeremias Adams-Prassl, ‘Big Data in the workplace: Privacy Due Diligence as a human rights-based approach to employee privacy protection’ (2021) Big Data & Society

This article explores how employee privacy can be protected in the age of datafication. After surveying the benefits and shortcomings of a number of legal and technical solutions, the article draws on the UNGPs approach to human rights due diligence to develop a process-oriented model of ‘Privacy Due Diligence’.

Halefom Abraha is a Postdoctoral Researcher at the University of Oxford.

Aislinn Kelly-Lyth is a Researcher on Algorithmic Management at the University of Oxford.

Jeremias Adams-Prassl is a Professor of Law at the University of Oxford.