Töötaja privaatsuse kaitse digitaalsel töökohal

Väitekirja elektrooniline versioon ei sisalda publikatsiooneTänapäeva töökohad digitaliseeruvad üha enam. Uued rakendused ja nutiseadmed võimaldavad tööandjatel koguda hulgaliselt töötajate isikuandmeid erinevatest allikatest. Taoliste tehniliste võimaluste olemasolu võib kergelt viia töötaja isikuandmete kaitse reeglite rikkumise ja privaatsust riivava käitumiseni. Doktoritöös analüüsin, kuidas Euroopa Liidu privaatsus- ja andmekaitseraamistik tuleb antud väljakutsega toime ning kuivõrd suudab kaitsta töötajat privaatsust riivava jälgimise eest töökeskkonnas. Doktoritöö põhineb viiel eelretsenseeritud publikatsioonil ja keskendub privaatsuse ning andmekaitse küsimustele, mis käsitlevad kolme digitaalset jälgimistehnoloogiat – töötaja sotsiaalmeedia jälgimine, mikrokiibistatud töötajate jälgimine ja kontaktide tuvastamist võimaldavate rakenduste abil töötajate jälgimine COVID-19 leviku ajal. Doktoritöö eesmärk on kindlaks teha, kas EL-is on vaja kehtestada õigusakt, mis reguleerib töötaja privaatsust ja andmekaitset juhul, kui tööandja rakendab digitaalseid jälgimistehnoloogiaid ja millistel tingimustel peaks jälgimine olema lubatud. Doktoritöös väidan, et invasiivsete jälgimispraktikate ja töösuhte osapoole ebavõrdsete positsioonide tõttu on vajalik EL tasandi õigusakt, mis võimaldab töötajal keelduda privaatsust riivavast jälgimistehnoloogiast ja annab tööandjale juhiseid, millistel tingimustel on töötaja jälgimine lubatud. Näiteks tuleb õigusaktiga ette näha, et tööandja ei tohi töötajat jälgida ja tema andmeid töödelda, kui selleks puudub vajadus. Sellest reeglist võib teha erandi näiteks kuriteo, tõsise väärkäitumise või muude õigusaktis üheselt esitatud põhjustel, näiteks tööõnnetuse ennetamiseks. Töökohal ei tohi lubada salajast jälgimist ja liikumisandmete kogumist.Today’s workplaces are becoming increasingly digitalized. New applications and smart devices enable employers to collect enormous quantities of employees’ personal data from a vast array of sources through inexpensive means. These practises may be accompanied by intensification of the processing of employee data and possible intrusions to their privacy. My dissertation examines how the current privacy and data protection framework in the EU is equipped to protect employees from privacy-invasive monitoring practices. The dissertation is based on five peer-reviewed publications and focuses on privacy and data protection issues concerning three specific digital monitoring technologies – social media monitoring, monitoring microchipped employees and digital monitoring technologies, e.g. contact tracing technologies, used during COVID-19 pandemic. The aim of the dissertation is to ascertain whether there is a need for specific rules at the EU level that regulate privacy and data protection if an employer uses digital monitoring technologies and on what conditions employee monitoring using these technologies should be allowed. The findings of this dissertation indicate that due to the increased use of the digital monitoring technologies and imbalance of power in an employment relationship, EU legislation is needed to strengthen employees' ability to reject privacy-invasive monitoring technologies and give employers clarity under what conditions monitoring is allowed. EU legislation should clearly state that if not necessary, employers should refrain from the use of digital monitoring technologies. Exceptions might be allowed only in case of criminal activities, serious malpractice or other just causes e.g. prevention of accidents at work. Legislation should also entail stricter obligations for employers, such as consultations with employees’ representatives. Covert monitoring and the possibility to gather movement data inside the workplace should be prohibited

Pre-employment Background Checks on Social Networking Sites - May Your Boss Be Watching?

The practice of using social networking sites (SNS) for pre-employment screening has become increasingly popular. Although using SNS as a hiring tool may prove to be a potentially promising source of applicants’ information, it is also fraught with potential risks that uncover both legal and ethical challenges. The latter is also the reason why there are conflicting views about the practice both among the employers and employees as well as legal systems. In this paper I first aim to compare the privacy approaches in the US and Europe to investigate whether a job applicant actually has a right to expect privacy on SNS, and then I will examine the practices in a set of European countries (Estonia, United Kingdom, Germany, Finland) to analyze under what conditions employers are allowed to carry out background checks on SNS and weather the employer may base their hiring decision on the information found from these public domains.My analysis suggests that pre-employment background checks are generally considered to be acceptable in the US and also in Estonia; employers in the UK, Germany and Finland however, are not always allowed to investigate applicant’s background on SNS and should thus not be able to base one’s hiring decisions on the information found from SNS.My analysis reveals that the countries and employers need to work towards clarifying privacy standards and policies that would take into account the context created by the new technologies

Employers as Nightmare Readers: An Analysis of Ethical and Legal Concerns Regarding Employer-Employee Practices on SNS

The aim of this interdisciplinary paper is to study the social reality surrounding the data processing practices employers and employees engage in on social networking sites (SNS). Considering the lack of empirical studies, as well as the considerable uncertainty in the way personal data protection is implemented across the European Union (EU), the paper offers insights on the topic. Qualitative text analysis of semi-structured interviews with employers from the service sector (N=10) and the field of media and communication (N=15), as well as employers from organisations which had experienced various problems due to things their employees had posted on social media (N=14), and employees from the financial sector (N=15) were carried out to explore whether the data protection principles, which can be viewed as the most important guidelines for employers in the EU, are actually followed in their everyday SNS data processing practices. Even though the data protection principles emphasise the need for fair, purposeful, transparent, minimal and accurate processing of personal data, our interviews with employers and employees reveal that the actual SNS processing practices rarely live up to the standards. Our findings indicate that there is a growing mismatch between the social reality and legal requirements regarding data subjects

Employers as nightmare readers: an analysis of ethical and legal concerns regarding employer-employee practices on SNS

The aim of this interdisciplinary paper is to study the social reality surrounding the data processing practices employers and employees engage in on social networking sites (SNS). Considering the lack of empirical studies, as well as the considerable uncertainty in the way personal data protection is implemented across the European Union (EU), the paper offers insights on the topic. Qualitative text analysis of semi-structured interviews with employers from the service sector (N=10) and the field of media and communication (N=15), as well as employers from organisations which had experienced various problems due to things their employees had posted on social media (N=14), and employees from the financial sector (N=15) were carried out to explore whether the data protection principles, which can be viewed as the most important guidelines for employers in the EU, are actually followed in their everyday SNS data processing practices. Even though the data protection principles emphasise the need for fair, purposeful, transparent, minimal and accurate processing of personal data, our interviews with employers and employees reveal that the actual SNS processing practices rarely live up to the standards. Our findings indicate that there is a growing mismatch between the social reality and legal requirements regarding data subjects