After wearables initially conquered the private fitness and lifestyle sector, mini-computers equipped with sensors (wearables) are now increasingly being used in companies.
They make it possible to collect a wide range of data.
Vital functions can be recorded, the location can be determined and images and sound can be recorded.
The term wearables includes not only fitness trackers, but also modern smartwatches and even smartphones and tablets.
A prime example of the use of wearables in the employment relationship is the permanent or regular localization of employees.
This allows work processes to be shortened and routes optimized.
However, such data is not only collected by older, highly technologized companies such as Deutsche Post, but also by young companies such as Foodora.
Deutsche Bahn is also considering equipping its company with wearables.
For example, inspectors – like the police in North Rhine-Westphalia and Hesse – are to be equipped with so-called bodycams in future.
This is intended to deter potential attackers and help solve their misdeeds.
First and foremost, the new technology of wearables should therefore help to increase productivity and improve occupational safety and comfort.
However, wearables are also ideal for monitoring and controlling employees.
The issue of employee data protection therefore plays a central role in equipping employees.
There are numerous points for both the employer and the employee to consider in order to comply with the legal requirements.
Data protection: Consent to the use of wearables
The use of wearables in the employment relationship is generally only possible with the express active consent of the employee.
They must be free to decide whether and to what extent they wish to use a wearable.
If consent is declared in the employment contract across the board, this is critical.
This is because the employee may have to fear that they will not get the job if they do not give their consent.
Consent that is given by exploiting a significant negotiation imbalance is not voluntary and is therefore invalid.
An express prohibition of disadvantages for the employee is also frequently agreed in order to avoid placing a disproportionate burden and pressure on the employee.
Order by the employer is also possible
However, the use of wearables can also be ordered by the employer if and to the extent that this is still covered by the right to issue instructions under the employment contract.
The requirements for the use of wearables as part of an employer’s right to issue instructions are significantly higher than those for voluntary consent.
This is because the technical equipment in the workplace forms the basis for digital surveillance.
Equipping employees with wearables must be suitable and necessary to optimize work processes and must not be to their detriment.
This means that only devices that are appropriate with regard to the employee’s right to privacy are permitted (Art. 88 II GDPR).
Ultimately, a balancing of interests must therefore be carried out in each individual case.
It should also be noted that the wearables available on the general market are often still too imprecise and error-prone for use in the workplace.
As a rule, they only provide inadequate and imprecise sensor technology, which also results in vague and sometimes incorrect causality assumptions.
This is because if the employer wants to introduce wearables by right of direction, the devices must be specially adapted to the work situation and be relevant to the workplace.
Devices that are designed for private use are often not.
If there is a conflict between work optimization and privacy protection, a balance must be struck on a case-by-case basis.
Particular care must be taken with wearables that permanently and regularly collect and transmit data.
The employee must always retain control and be able to turn off the recording or restrict it in terms of time/space.
This is the only way to achieve an appropriate level of protection.
However, it goes without saying that switching off the wearables must not be held against the employee.
Special requirements for localization through wearables
The use of wearables with a localization function requires special conditions.
On the one hand, the use of wearables with a localization function for the purpose of emergency assistance is generally permitted.
However, it is precisely this function that enables the employer to create a precise movement profile and makes the employee “transparent”.
In order to put a stop to this constant monitoring, the Federal Data Protection Act (Section 3a BDSG) and the General Data Protection Regulation (Art. 5 para. 1 letter c GDPR) provide for a restriction on the processing of location data.
The principle of data minimization applies, which refers to the storage intervals, the storage duration and the linking with other event data.
In this way, comprehensive movement profiles are to be avoided.
Risk to personal rights through the recording of images and sound
In addition to the creation of movement profiles, the recording of images and sound also poses a risk to the general right to privacy.
In addition to the recording of relevant work processes, the private and incidental behavior of employees is also recorded.
Permanent video and audio monitoring enables unacceptable real-time total control by the employer.
To prevent this, the employer should take technical and organizational precautions.
Furthermore, the recording of images and sound always requires a separate purpose and must be able to be switched off by the data subject.
If the image and sound data are also linked to other data, the requirements for expediency increase.
The use of private wearables in the employment relationship
If the employee uses a private device in the work context (“Bring your own Device” = BYOD), the employer must ensure a clean, technically clear separation between the collection of private and business data.
Otherwise, the same data protection regulations apply here as for the use of wearables provided by the employer.
Often a lack of transparency when using wearables
The collection of data by wearables is often not transparent enough, although it should be (Art. 5 No. 1 letter a GDPR).
Even if the devices often only have limited display and information options, it must be clear who is responsible for data collection and how they can be contacted.
Communication and transmission processes must also be clearly recognizable on the medium.
The right to information is therefore also the basis of informational self-determination (Section 34 BDSG, Art. 15 GDPR).
However, if the employer provides the wearables, it is often unclear against whom the right to information is directed.
Depending on the responsibility (Art. 24 GDPR) and the programming of the wearables, the claim may be directed against the employer or a third-party data processing provider.
If the employer does not have the data, it must nevertheless ensure that this data is made available by the third-party providers at all times.
The rapid pace of technological development also requires the constant further development of data protection.
Until now, employees have had a large say in the employment relationship and can control or even reject the use of wearables in a large number of cases.
Companies should always check whether data protection regulations are being complied with and consider involving employees.
After all, wearables can be both a blessing and a curse.