Employment Law Challenges in the Digital Age

Every day new digital tools that can be used to solve tasks in a potentially more cost effective, efficient and flexible way pop up. Smart phones, tablets, social media, GPS, cloud services and biometric authentication solutions are all examples of digital tools that have already been around for quite some time and are increasingly being used by employers. Consequently, HR must relate to this new reality.

The digital world is often in itself difficult to understand.  Even more challenging is harmonizing the digital reality and the legal world, where companies do their best in order to avoid ending up in legal conflicts with employees, unions, suppliers, customers or public authorities. The IT department, internal audit department, finance department, legal department and system owners must all collaborate, s seat, with respect to strategic decision-making.

Clarification of the legal issues raised by the use of new digital tools will naturally be in place a while after such tools s right to access the s email is illustrative of this point. Despite the fact that employers for a long time have taken advantage of computers and email, clear provisions on the subject were not in place until March 1, 2009.

There have been clarifications in other areas. On January 31, 2013, the Supreme Court gave a judgment in the so-called A waste disposal company had introduced a navigation system in the cars that sent electronic logs of the vehicles to the central database. The data was originally used for administrative purposes, but was later compared with the time sheets of an employee to assess whether the employee had claimed excessive overtime fees. The suspicion was confirmed and the employee was dismissed.  The Supreme Court concluded that reusing information collected for a different purpose than the original constituted a breach of the Personal Data Act Article 11.  However, the employee was not awarded damages for non-economic loss and the Court cited that the Data Protection Authority should impose a fine in such cases.’ use of cloud services.

Clarifications have also occurred in relation to employers’ use of cloud services. On September 21, 2012, the Data Protection Authority sent letters to two municipalities who wanted to use the cloud services Microsoft Office 365 and Google Apps. The Data Protection Authority accepted the use of such services, but stated that certain preconditions must be in place. The company must carry out a data protection impact assessment, have a processor agreement that is in accordance with the Personal Data Act, ensure that s privacy policy does not extend beyond the processor agreement, carry out a security audit on a regular basis, keep track of the country in which the data is stored, and ensure that transfer of data abroad is in accordance with the Personal Data Act.

It is associated with relatively small economic risk not to take privacy issues seriously. This may change. The courts will probably award damages for non-economic loss in cases where the employer is not processing the personal data in accordance with the Personal Data Act. Secondly, in the proposed General Data Protection Regulation from the European Commission, the supervisory authorities of each country shall impose a fine of up to 1 million Euros, or 2 percent of the company’s annual worldwide turnover, for specific infringements of the regulation. If the proposal becomes a reality, it is not hard to imagine that large and medium-sized businesses are going to have a significantly higher focus on privacy issues in the near future.