Protection of personal privacy in working life, english summary
We have been commissioned to draw up proposals for legislation to protect the personal privacy of the individual in working life.
According to our terms of reference, we are required inter alia to propose legislation to regulate certain measures – namely monitoring of private email and internet use, and surveillance through other computer-aided means, e.g. logging, monitoring of employees and job-applicants via health and drug tests – and establish the conditions under which employers would be entitled to view extracts from criminal records.
In addition, we have been instructed to consider and, if necessary, propose legislation governing the admissibility of employers requesting to view extracts from the National Social Insurance Agency’s records, the Swedish Enforcement Authority’s register of debt recoveries and credit ratings compiled by credit-rating agencies. We are also required to consider whether grounds exist for further regulation of camera surveillance and telephone tapping in the workplace. Finally we are instructed to consider whether there are grounds for introducing legislation governing the use of personality tests and the admissibility of asking employees or job applicants about their political convictions or trade union membership. We are also free to put forward proposals on other aspects of working life that could have a bearing on personal privacy.
A new act on the protection of personal privacy in working life
There is a prevailing consensus, both at national and international level, that the right to respect for private life and personal privacy is a human right, and that the state has a responsibility to maintain effective protection against violations of that right.
The existing regulatory framework intended to protect the personal privacy of employees in the workplace is elaborate and difficult to overview. It comprises a disparity of regulations and legislative enactments. Protection is only partially regulated by law and the meaning of certain statutory provisions must be regarded as unclear. Moreover, protection for employees in the private sector differs to some extent from that afforded to public sector employees. In addition, job applicants have no means of taking effective action against privacy invading background checks conducted by an employer for whom they wish to work.
Given the deficiencies in the existing regulatory framework, protection of personal privacy in working life needs to be clarified and strengthened through appropriate legislation. In our view, this should be done through the introduction of a single, self-contained act. To ensure that the act is as clear as possible to those responsible for its application, it should be patterned on known labour law models. The regulations we propose should also be generally applicable to all areas of working life.
The legislation we propose mainly entails the following provisions:
As regards surveillance and background checks involving the processing of personal data, the provisions in the Personal Data Act should continue to apply in all but three areas, where we propose changes which in our view will serve to strengthen employee protection. We propose the introduction of special provisions governing some of the surveillance and background checks specified in our terms of reference, namely concerning certain records checks and medical tests. In addition, we propose a blanket provision – to be applicable under certain conditions – prohibiting surveillance and background checks in general where these are deemed to have a palpable effect on personal privacy. The provisions we purpose regulating medical tests and the proposed general provision are constructed as discretionary norms. As such they restrict the adoption of surveillance and background checks to
purposes which are authorised and which, on the basis of a proportionality assessment, are seen to constitute an admissible intrusion. A party guilty of breaching the provisions in the proposed act will be liable for damages.
Purpose and scope of the proposed act
The proposed act is prefaced by a declaratory paragraph stating its purpose – to protect the personal privacy of employees in working life.
The act only concerns measures implemented by employers and directed at employees.
Under the proposal, the term employee also embraces in principle certain other categories, namely job applicants, people seeking or undertaking work experience placements and those who perform work as hired or borrowed labour. Where reference is made to employees in the present summary or in the report as a whole, the term is to be understood to apply equally to job applicants and the other categories of persons protected under the act, unless otherwise indicated.
Processing of personal data
The Personal Data Act (1998:204) contains provisions intended to protect against invasion of personal privacy through the processing of personal data. We hope that the relatively extensive account of the content of the act included in our report will afford a better understanding of its application in working life. Our review of the provisions has led us to the conclusion that the act provides relatively good protection of personal privacy in working life. We have accordingly proposed that the Personal Data Act should, unless otherwise stated, apply to the processing by employers of personal data. We do not therefore propose the adoption of separate regulations governing employer surveillance involving, for example, logs or digital camera surveillance, as these come under personal data processing as defined by the act. However, the protection in working life afforded by the act should be more clearly defined and, to some extent, strengthened. We therefore propose the inclusion in our act of a provision modifying the
Personal Data Act as follows in cases where an employer’s purpose in processing an employee’s personal data is to check up on or monitor the employee.
In the first place, the misuse rule in Section 5 a of the Personal Data Act would not be applicable; instead all the provisions of the act are to be applied.
In the second place, an employer would not be permitted to process an employee’s personal data solely on the basis of consent; under the act, some other ground for action would need to exist for processing to be admissible.
Finally, processing by an employer of an employee’s personal data should only be admissible under the act if it is stated, when the data has been collected, that the purpose of the processing was to check up on or monitor employees in some specific respect. Thus the act explicitly guards against purpose drift. However, under the proposed act, exceptions may be made where exceptional grounds exist and provided the employer promptly informs employees affected by the processing about its new purpose.
Regulation in collective agreements of issues relating to the processing of personal data in working life could in our view serve to clarify the provisions of the act and facilitate their application. However, although the provisions of the act cannot be departed from by collective agreement, the limits of the area which may be covered by such an agreement can be difficult to define. We therefore propose that a provision also be introduced into the Personal Data Ordinance (1998:1191) as a means of promoting the establishment of collective agreements. Under the proposed provision, the Data Inspection Board would be required, at the joint instance of the parties to the agreement, to deliver an opinion on a draft collective agreement with respect to its compatibility with the Personal Data Act and other statutes governing the type of personal data processing in question.
Prohibition against obtaining certain data extracts
Criminal records include information on people who have had sanctions brought against them for crimes committed. The overriding purpose of these records is to provide authorities, primarily law-enforcement agencies, with speedy, relatively trouble-free access to the information they need to carry out their work. Data
of this kind compiled and stored in a register is extremely sensitive and is therefore subject to the strictest secrecy. However, individuals are entitled to full access to the records with regard to data about themselves.
It is in the public interest that a person who has served his/her sentence be able to play an active part in the community on the same premises as everyone else. With certain types of jobs, however, the need to protect others from the risks that may be associated with previous crimes committed by an employee is deemed to constitute grounds for accessing data from the records. Careful consideration has therefore been given to the incorporation in statutes governing access to criminal records or register checks of provisions specifying which employers are permitted and/or required to conduct register checks. Also specified is the extent of the information that may be obtained in such checks.
According to reports by inter alia the National Police Board, employers are increasingly making use of the individual’s right to access data about him/herself to request that job applicants themselves produce extracts from the records. Such extracts contain all the information about the individual stored in the register. To prevent employers from exploiting the individual citizen’s right to access data about him/herself in a way which is neither intended or desirable, we propose that employers be prohibited from requiring job applicants to produce criminal record extracts about themselves unless there is legal sanction for doing so. It is proposed that the prohibition also cover requests without legal sanction for extracts from the register of suspected offenders.
It has also come to our attention that employers have been known to require job applicants to produce extracts from the Swedish Social Insurance Agency showing previous periods of absence from work due to illness or to care for a sick child. The agency does not normally release this kind of information to prospective employers in accordance with the secrecy rules governing social insurance set out in the Secrecy Act. In order to prevent circumvention of the rules in the Secrecy Act designed to protect personal privacy, it is proposed that employers may not without legal sanction require job applicants to produce extracts from data registers kept by the Social Insurance Agency if the extract contains information to which the employer has no right of access under the Secrecy Act.
However, the proposed new act does not contain specific provisions prohibiting employers from obtaining a prospective employee’s credit rating from a credit rating agency or from requiring a job applicant to produce an extract from the Swedish Enforcement Authority’s data register. This information is normally in the public domain. Moreover, credit rating agencies and their operations are governed by the Credit Information Act (1973:1173), a special statute intended to protect people against improper invasion of personal privacy. What is more, there is no indication that employers are acting in such a way as to justify special regulation in this regard. As regards obtaining data of the kind referred to above in ways that would constitute an unwarrantable invasion of privacy – such as a request for or access to any data subject to secrecy under the Secrecy Act – our proposal provides for action to be taken under the proposed general provision in our new act otherwise prohibiting encroachments on personal privacy.
Employer background checks in the form of medical tests are particularly sensitive from a privacy standpoint and should therefore be conducted very restrictively.
There is an observable tendency today towards the use of background medical checks in working life, particularly with regard to drug tests. A review of existing law in this area shows that there is no comprehensive regulation regarding an employee’s obligation to undergo a medical test, and the legal situation is unclear in a number of respects. Employee protection in this respect varies between private and public sectors and protective regulations for job applicants are largely absent.
We accordingly propose special legislation regulating background medical checks. This would replace the provision on regular medical check-ups currently applying to employees in the public sector under Section 30 of the Public Employment Act.
The proposed act would regulate the right of an employer to request medical tests. By this is meant a request to undergo such a check or to inform an employer of its results. Medical tests are defined under our proposal as a medical examination or any form of alcohol, or narcotic or other drug test. However, this provision
would not apply to alcohol tests administered in connection with alcolocks in vehicles.
The proposed act would permit an employer to request a medical test only if the test was for an authorised purpose within the meaning of the law, and if the test could be said to be an admissible invasion of an employee’s personal privacy having regard to the said purpose.
Purposes for which a medical test would be deemed appropriate are specified in the proposed act. These include in the first instance cases where tests are conducted for security reasons. An authorised purpose in such a case would, under our proposal, be the need to assess the medical condition of an employee who has duties where health problems or the influence of alcohol, drugs or medical preparations could entail a risk to human lives, personal security or health, or significantly damage the environment or property.
A request for a medical test would also be for an authorised purpose under our proposal if the test formed part of a rehabilitation plan for the employee.
Finally, the purpose of a medical test would be authorised if it was conducted to assess the state of health of an employee and if said test was of critical importance to the operation of the entity concerned owing to its special character. Checks of this kind are needed primarily in order to conduct drug tests. The basic principle here should be that checks of this type should be essential to or form a vital part of the operation of the entity concerned.
It is proposed that the provision specifying the purposes for which a medical test may be requested by an employer be semidiscretionary, thereby allowing for a decision to establish another authorised purpose than that specified in the act through a collective agreement at national level.
A further condition under which an employer may request a medical test is, as previously mentioned, that the test must be seen to be an admissible intrusion in relation to its purpose. Here the circumstances of each case must be taken into account. However, our proposal also specifies as a basic requirement that medical tests are only admissible if performed by health and medical care personnel, and provided samples taken for alcohol and narcotic and other drug tests are analysed by a laboratory accredited for the purpose under the Technical Conformity Assessment Act (1992:1119), or by an equivalent laboratory in another EEC country. However, the requirement concerning health and medical
care personnel and accredited laboratories does not apply to tests involving breath samples.
Prohibiting privacy invading measures in general
To ensure comprehensive protection against unauthorised invasions of privacy, we also propose, in addition to the special provisions outlined above, a provision prohibiting privacy invading measures in general. Under the proposed provision, an employer would be prohibited from conducting surveillance or background checks that constitute a manifest infringement on an employee’s personal privacy unless the measure was taken for an authorised purpose and was seen to be an admissible intrusion into an employee’s personal privacy having regard to the purpose justifying the measure. The proposed provision is designed to target qualified cases of surveillance or background checks from a privacy perspective. Examples of measures which would constitute a clear case of privacy invasion – and which in effect are prohibited unless properly justified and proportional – include wiretapping employees’ telephone calls, subjecting employees to bag and other searches when leaving work premises, going through lockers, drawers or other spaces an employee normally has sole use of, and analogue camera surveillance in toilet areas.
Ordinary work supervision measures are not covered by the proposed provision. Nor do they concern such measures as obtaining employee references in the normal way or oral questioning of an employee or job applicant.
One measure which however must normally be deemed to fall under the scope of the proposed provision is the use by employers of personality tests or similar evaluations. Implementation of such tests as well as their results must be regarded as sensitive from a privacy standpoint. For the reasons set out in our report, we have not proposed a special, separate provision governing such cases. In our view these would be regulated most appropriately by the proposed general provision prohibiting privacy invading measures.
In accordance with our terms of reference, we also considered regulating the right of employers to question employees about their political convictions and trade union membership. However, we found no compelling justification for such a proposal. If, however, an employer’s questioning were to constitute the kind of
improper infringement of personal privacy targeted by the general provision prohibiting privacy invading measures, action could be taken against such a measure under that provision.
Obligation to negotiate
An important element in a regulatory framework intended to protect personal privacy in connection with surveillance and checks in working life is that it be able to guarantee that any measures adopted are thoroughly discussed and transparent. The obligation to negotiate under the Co-Determination at Work Act (1976:580) is already applicable in many cases where an employer is considering the introduction of surveillance and background checks that will involve significant changes in the entity’s operations, or will have a specific bearing on working conditions or terms of employment. In order to make it clear that the primary obligation to enter into negotiations applies whenever an employer intends to decide on the introduction of a surveillance and background checks liable to constitute a manifest infringement of the personal privacy of one or more employees, we propose the introduction of an explicit provision enjoining the employer to negotiate beforehand with the relevant employees’ organisation in the manner prescribed in Sections 11–14 of the Co-Determination at Work Act. In addition, we propose that it should be permitted to depart from this provision if such a departure is negotiated through a collective agreement.
It is proposed that the penalty for breaches of the terms of the act be payment for damages.
Under the proposed act, cases would be handled in accordance with the Labour Disputes (Judicial Procedure) Act, except where these involve personal data processing, and concern categories of persons, other than employees, who are protected by law.
Except as regards the proposed provision governing personal data processing, prosecution under the Labour Disputes (Judicial Procedure) Act would be subject to the provisions on statutory
limitations set out in Sections 64–66 and 68 of the Co-Determination at Work Act.
We propose that the provisions of the act be mandatory. Thus that part of an agreement which acts to restricts the protection afforded to an employee under the proposed act would have no legal force. As mentioned previously, however, it is proposed that two of the provisions in the act be semi-discretionary, namely the provision establishing the purposes for which a medical test may be requested, and the provision on the obligation to negotiate.