Text written by Annika Rosin, Associate Professor of Labour and Social Law, Faculty of Law, University of Turku, annros@utu.fi
The organisation of working time is one of the main prerogatives of an employer stemming from its right to direct and control the employee. Additionally, several legal duties require working time management on behalf of the employer. To protect the employees’ health and safety at the workplace and calculate time-based wages the employer needs to keep records of working time, set restrictions to maximum working time and guarantee at least minimum breaks and leaves.
If traditionally work was carried out at the employer’s premises, where the employer could physically control the employee’s presence and performance of work during the agreed working hours, the latest developments in digitalization have enabled employers to use algorithmically managed working time. Different technological tools and techniques (for example, wearable devices, keylogger systems, GPS devices) allow the employers to record and survey employee’s active working time with exceptional precision remotely and on-site. This information, again, can be used to organize working time by excluding inefficient time from paid working hours. Employees are subordinated to constant working time surveillance and availability.
Compared to traditional working time monitoring, algorithmic working time surveillance is significantly more intrusive and poses several risks to employees’ rights. Employees are treated like commodity and their human dignity and health and safety can be endangered. Additionally, algorithmic working time surveillance (AWTS) can cause privacy and especially data protection infringements.
While there is no legislation in EU nor in national level that would address specifically new working time surveillance practices, general data protection legislation, EU’s developing technology regulation and national and EU’s employment legislation set restrictions to the use of AWTS technologies.
The most important restrictions to the use of AWTS are included in the EU’s General Data Protection Regulation (GDPR). As AWTS requires the processing of personal data, employers need to comply with data processing requirements and restrictions. For the beginning, the employers need to determine whether they have a legal ground for data processing according to Article 5 and 6 of the GDPR. Second, if legal ground exists, they need to comply with other data processing principles foreseen in Article 5.
Finding a legal ground for data processing for the purposes of AWTS is not an easy task. While data subject’s consent (Article 6 (1)a); necessity for performance of or entering into a contract (Article 6 (1)b); necessity for compliance with a controller’s legal obligation (Article 6 (1)c) and the necessity for the purposes of legitimate interests of the controller or a third party that do not override the data subject’s interests or fundamental rights and freedoms (Article 6 (1)f) may at first sight come into question, the actual applicability of these grounds is rather restricted. For example, in research literature and European Data Protection Board’s (EDPB) guidelines the subject’s consent has been considered as a ground that cannot be used in an employment relationship because of the unequal position of the parties in the relationship. The necessity requirement included in Article 6(1) b and c restricts their use as a lawful basis for the purposes of AWTS by demanding that the employer should consider less-intrusive means for the performance of contract or for the fulfilment of employer’s legal obligations (see the decision of the Court of Justice of the EU in cased C-252/21 Meta Platforms and Others). Finally, while the legitimate interests of the controller foreseen in Article 6(1) f are interpreted broadly and may include, among others the employer’s interest to use his legal right to direct and control work as well as his aim to raise productivity, employee’s fundamental rights and freedoms restrict using also this lawful basis. Before processing employee’s personal data for the purposes of AWTS the employer needs to conduct a fundamental rights test and consider, whether employee’s fundamental rights do not override his legitimate interests.
In addition to difficulties in finding a suitable lawful basis for the processing of employees’ personal data, data processing principles and requirements of EU Artificial Intelligence Act (AIA) limit employer’s use of AWTS. For example, the transparency principle, purpose limitation and data minimization principle supplemented by necessity requirement included in Finnish legislation set constraints to AWTS. As AWTS technologies can be considered as high-risk AI systems under AIA, the deployers of these systems need to conform with certain obligations foreseen in the Act.
In conclusion, while different technological tools are developed for algorithmic working time surveillance, the employer needs to be careful in using these in practice. GDPR, AIA and employment legislation foresee considerable limitations to their use and require the employer to comply with certain obligations when using these systems.
Leave a Reply