Don't snoop on staff via wearables, says Dutch privacy agency
Permission under pressure isn't permission at all
The Netherlands' Data Protection Authority has decided that even with consent, companies shouldn't use fitness trackers to monitor their employees.
Its argument is that there's an asymmetry between employer and employee that's likely to make staff feel they need to say “yes” if the boss starts handing out Fitbits (or whatever).
In a decision handed down on March 8 (in Dutch), the authority's Wilbert Tomesen says “data on movement and data on sleep patterns is sensitive personal data”.
Since “the worker is financially dependent on the employer”, the decision states, there's no “free” consent – and that means employers processing this kind of staff data is in breach of the country's data protection legislation.
The authority doesn't name which companies it investigated in coming to its decision. However, NU.nl identifies BeBright as a consultancy that had handed out bracelets to its staff.
BeBright told the outlet it wasn't going to quibble with the judgement, saying it's the authority's role to “investigate where the line is”.
The authority says its decision is only concerned with stopping employers using the trackers to monitor staff: it's got no objection to companies giving them as gifts to employees, who can do what they please with their own data.
Before employers in other countries celebrate that their privacy watchdogs aren't as strict as in The Netherlands, it's probably worth asking whether lax security might lead to legal pain in a world where employee data leaks with depressing regularity. ®
Sponsored: Global DDoS threat landscape report