Privacy Law and Policy Reporter
The International Labour Office (ILO) has recently published a code of practice, with commentary, on the Protection of Workers’ Personal Data.The code is voluntary and non-binding, and it is intended to provide guidance in the development of legislation, regulations, collective agreements, work rules, policies and practical measures in the workplace (cl 2). This is in contrast to ILO Conventions, which are legally binding international treaties, and ILO Recommendations, which, while not binding, involve procedural obligations.
The code had been preceded by three reports published by the ILO’s Conditions of Work and Welfare Facilities Branch on workers’ privacy in industrialised countries. The executive Governing Body of the ILO subsequently decided at its 264th session in November 1995 to convene a tripartite Meeting of Experts on the subject. The ILO operates on a tripartite basis, with decision-making made by representatives from governments and organisations of employers and workers. The Meeting of Experts on Workers’ Privacy, consisting of 24 experts (eight appointed by each of the ILO’s three groups of constituents) met in October 1996 to examine a draft code prepared by the International Labour Office, the organisation’s secretariat, based in Geneva. The Meeting of Experts included two New Zealanders and two Australians.
The Report of this meeting of experts indicated that the experts representing employers were somewhat less enthusiastic about the need for action in the privacy area than the experts representing workers and governments. The employers’ experts were reported as questioning the need for standards in this area in light of higher priority issues. They remarked that they:
... believed there was insufficient evidence that workers suffered from lack of protection of the processing of workers’ personal data; and felt that the code would place undue burdens on employers. In addition, they argued that the costs involved and the restrictions the code would place on the use of technology could diminish competi-tiveness. The code would be particularly difficult to implement in developing countries and smaller enterprises.
Nevertheless, the employers’ experts were reported to agree with ‘the principle that there should be proper protection of worker’s privacy.’ Accordingly, the Meeting adopted the draft code of practice and submitted it to the Governing Body of the ILO, which in turn adopted it in its 267th session in November 1996.
The ILO code covers ‘personal data’, defined as meaning any information related to an identified or identifiable worker (cl 3.1). A ‘worker’ for the purposes of the code includes both a former worker and a job applicant (cl 3.4). The code is intended to apply to both the public and private sectors, and to the manual and automatic processing of all workers’ personal data (cl 4). The term ‘processing’ includes the collection, storage, combination, communication or any other use of personal data (cl 3.2).
A number of general overarching principles are set out in cl 5 of the ILO code of practice. These are as follows:
5.1 Personal data should be processed lawfully and fairly, and only for reasons directly relevant to the employment of the worker.
5.2 Personal data should, in principle, be used only for the purposes for which they were originally collected.
5.3 If personal data are to be processed for purposes other than those for which they were collected, the employer should ensure that they are not used in a manner incompatible with the original purpose, and should take the necessary measures to avoid any misinterpretation caused by a change of context.
5.4 Personal data collected in connection with technical or organisational measures to ensure the security and proper operation of automated information systems should not be used to control the behaviour of workers.
5.5 Decisions concerning a worker should not be based solely on the automated processing of that worker’s personal data.
5.6 Personal data collected by electronic monitoring should not be the only factors in evaluating worker performance.
5.7 Employers should regularly assess their data processing practices:
(a) to reduce as far as possible the kind and amount of personal data collected; and
(b) to improve ways of protecting the privacy of workers.
5.8 Workers and their representatives should be kept informed of any data collection process, the rules that govern that process, and their rights.
5.9 Persons who process personal data should be regularly trained to ensure an understanding of the data collection process and their role in the application of the principles in this code.
5.10 The processing of personal data should not have the effect of unlawfully discriminating in employment or occupation.
5.11 Employers, workers and their representatives should cooperate in protecting personal data and in developing policies on workers’ privacy consistent with the principles in this code.
5.12 All persons, including employers, workers’ representatives, employ-ment agencies and workers, who have access to personal data, should be bound to a rule of confidence consistent with the performance of their duties and the principles in this code.
5.13 Workers may not waive their privacy rights.
The code goes on to cover in greater detail the collection (cl 6), security (cl 7), storage (cl 8), use (cl 9), and communication (cl 10) of personal data, and then individual rights (cl 11), and where applicable, collective rights (cl 12) and the use of employment agencies (cl 13).
Below are discussed several aspects of the ILO code of practice that are of particular interest in relation to worker privacy.
As quoted above, cl 5.13 of the ILO Code provides that the privacy rights of workers may not be waived. This would appear to be an important safeguard when dealing with a relationship involving economically and institu-tionally dominant and subordinate parties. Such a provision, of course, presupposes that workers have privacy rights in the first place.
Privacy legislation in both NZ and Australia, however, actually contains relatively few rights that are capable of being waived. The information privacy principles in s 6 of the NZ Privacy Act 1993 provide for the waiver of privacy rights in relation to the following four situations, the last two of which are also provided for in s 14 of the Australian Privacy Act 1988:
(i) authorisation of the collection of personal information from a source other than directly from the individual concerned (‘Source of personal information’: the exception set out in principle 2(2)(b));
(ii) authorisation of non-compliance with the notification requirements of principle 3(1) (‘Collection of information from subject’: the exception set out in principle 3(4)(a));
(iii) authorisation of departures from principle 10 (‘Limits on use of personal information’: the exception set out in NZ principle 10(b) and Australian principle 10(1)(a));
(iv) authorisation of departures from principle 11 (‘Limits on disclosure of personal information: the exception set out in NZ principle 11(d) and Australian principle 11(1)(b)).
On the face of it, none of these could be described as a significant derogation from workers’ substantive privacy interests, and in fact the ILO code makes provision for the types of waiver in (i), (iii), and (iv) above.
In addition to those rights which amount to limits placed on employer conduct, there are also those rights that entitle workers to the benefit of access to and correction of personal information. These rights too may be waived, in the sense that a worker may simply agree not to exercise them under the relevant information privacy principles (principles 6 and 7 in both the NZ and Australian legislation). The ILO code, unlike most data protection legislation, however, provides that workers ‘should have the right to be regularly notified of the personal data held about them and the processing of that personal data’ (cl 11.1). The issue of workers being reluctant or pressured not to exercise their access rights is thus avoided.
Conversely, the ILO code does not explicitly provide for the situation where workers, or more often, job applicants, are forced or pressured to exercise their right of access to their own personal information. This is the issue of ‘forced’ or ‘procured access’, and it may arise in the employment context where the employer requires the job applicant to produce proof of an absence of relevant criminal convictions (‘police clearances’). There is, for example, no control in the NZ Privacy Act upon such procured subject access. Provided that the agency collecting the information from the individual complies with information privacy principles 1 (‘Purpose of collection of personal information’) and 3 (‘Collection of information from subject’), the Privacy Act sets no limits on this practice.
The ILO code of practice deals with this issue simply by prohibiting employers from collecting certain categories of sensitive personal data, such as information concerning a worker’s criminal convictions (cl 6.5). Such information may only be collected in ‘exceptional circumstances ... if the data are directly relevant to an employment decision and in conformity with national legislation.’ The commentary to this provision states:
Data about convictions should be obtained directly from the person concerned so as to ensure that only pertinent information is collected. For the same reason, employers should not be allowed to ask workers to provide a copy of their conviction record.
A worker may suffer termination of employment or disciplinary measures if inaccurate or incomplete answers are given in response to an employer’s inquiries, whether the information has been collected in the course of employee recruitment and selection, or during the employment relationship itself. Such conduct by the employee may constitute a breach of the implied duties of fidelity or mutual trust and confidence. What, however, is the position where the employer ought not to have asked the question in the first place?
Clause 6.8 of the ILO code provides that a worker should not be penalised if asked questions that are inconsistent with other principles in the code. Accordingly, inaccurate or incomplete information supplied by a worker ought not to attract any detriment if the information being collected by the employer:
One of the aims of the ILO is to enable workers to maintain their dignity. Many types of tests administered in the workplace to assess the physical or psychological aptitude of workers, or to verify their honesty, offend against worker dignity if they are overly intrusive, or assess for characteristics unrelated to the work.
Because they tend to involve consent, issues relating to workplace testing fall mainly in the domain of criminal and employment contract law. Workplace testing tends to take place generally at the pre-employment stage, where the ability of workers to withhold consent is most constrained, so that the marketplace and the parties’ relative bargaining positions principally determine whether testing is to take place. There may, however, be a larger societal interest in imposing controls on certain kinds of testing which are intrusive, demeaning, or of dubious relevance or reliability, particularly as the workers who tend to be affected most by such practices are those with the least power to refuse to submit to them.
The ILO code of practice provides that truth-verification equipment such as polygraphs or similar testing procedures should not be used (cl 6.10). At the Meeting of Experts, the workers’ representatives insisted that such lie detection equipment was invasive. The government representatives considered that legislation could be formulated to impose minimum standards on their use: strict principles would need to be adhered to in respect of their use, which include a minimum degree of reliability and validity; administrators of the test should be qualified; and the details of the test results should not to be disclosed, only whether the person was suitable for the job or not.
The ILO code of practice further provides that personality tests and similar testing procedures should be consistent with the provisions of the code, in that they should not be used to collect irrelevant information, and they should be sufficiently reliable. Workers must also be able to object to such testing (cl 6.11).
As for genetic screening, the code provides that such testing should be prohibited or limited to cases expressly authorised by national legislation (cl 6.12). The commentary to the code states that:
... genetic screening ... can disclose a series of highly personal data with far-reaching implications for a worker’s future. It cannot, therefore, be left to the employer’s discretion to subject workers to such examinations. On the contrary, their use, if allowed at all, should be restricted to absolutely exceptional cases where it is justified by compelling reasons and where there is no feasible alternative to genetic testing — a question which must be left to the legislator to answer.
Finally, the ILO code provides that drug testing should be undertaken only in conformity with national law and practice or international standards (cl 6.13). ILO guidelines, for example, are available this area.’
The ILO code of practice contains specific provisions for workplace monitoring and surveillance. Clause 6.14 of the code provides as follows:
(1) If workers are monitored they should be informed in advance of the reasons for monitoring, the time schedule, the methods and techniques used and the data to be collected, and the employer must minimise the intrusion to the privacy of workers.
(2) Secret monitoring should be permitted only:
(a) if it is in conformity with national legislation; or
(b) if there is suspicion on reasonable grounds of criminal activity or other serious wrongdoing.
(3) Continuous monitoring should be permitted only if required for health and safety or the protection of property.
These provisions go much further than what is contained in the national legislation of most countries, such as the Privacy Act in NZ, which leave this area largely unregulated and subject to managerial prerogative and the marketplace.
The ILO code of practice, like the 1989 Council of Europe Recommendation No R(89)2 on the Protection of Personal Data Used for Employment Purposes, proceeds from the same fundamental principle as that set out in principle 3 of the Australian Privacy Act 1988, and principles 2 and 3 of New Zealand’s Privacy Act 1993, that ‘personal data should, in principle, be obtained from the individual employee’. The commentary to the ILO code of practice notes that this is an approach common to most data protection legislation, and that it enables workers to ‘know which data are to be processed, consider the implications, and decide whether the information should be provided.’
Accordingly, like cl 3.1 of the 1989 Council of Europe Recommendation, cl 6.1.14(1) of ILO code provides that workers should be informed in advance of such activities, and in the case of secret monitoring, cl 6.14(2) of the ILO code imposes restrictions.
Indeed, there is further provision for notification in this context. Clause 5.8 of the ILO code’s general principles, quoted earlier, provides that workers and unions should be kept informed of data collection processes and the rules that govern them, and cl 11.1 in the code’s ‘individual rights’ section provides that workers are entitled to be regularly notified of personal data held about them and the processing of that data without having to first ask for them.
Clause 11.8 is also relevant, for it protects the interests of employers in avoiding prejudice to ongoing investigations of workers, while at the same time taking into account workers’ entitlement to due process:
Employers should, in the event of a security investigation, have the right to deny the worker access to that worker’s personal data until the close of the investigation and to the extent that the purposes of the investigation would be threatened. No decision concerning the employment relationship should be taken, however, before the worker has had access to all the worker’s personal data.
As noted earlier, the ILO is committed to promoting measures that enable workers to labour ‘in conditions of freedom and dignity’. The protection of workers’ privacy interests can be viewed as sufficiently important in this connection as to warrant protection.
The ILO is not likely to go further than suggesting voluntary self-regulation for the time being. A binding international convention on worker privacy is unlikely because the ILO is in fact moving in the opposite direction, having recently adopted a general policy of targeting and consolidating certain existing core standards for greater impact.
Paul Roth is a Senior Lecturer in Law at Otago University in NZ, and author of Privacy Law and Practice (Butterworths, NZ)