Data plays a role in everything from targeted advertising to hiring and firing decisions. Workers generate substantial data, including personal details and daily activities. As employers increasingly rely on data for key decisions, workers need transparency regarding how their data is used, stored, sourced, and intended. Without these rights, we remain vulnerable to unilateral data-informed managerial decisions. UNI Global Union developed ten principles for protecting workers’ data rights, which trade unions can integrate into collective bargaining.
1. Workers must have access to and influence over data collected on them
Workers have the right to access, rectify, block, or erase data collected about them. Consent should not be the basis for data processing at work. Workers should be able to request confirmation of their data processing, receive clear information about the origin of the data, and have the right to data portability (the right to move ranking and rating systems between platforms). Worker representatives may access personal data as required for representation or collective agreements per national laws or agreements.
2. Implementing sustainable data processing safeguards
Employers must inform workers before implementing monitoring systems, including the purpose, data retention, workers’ rights to access and correct data, and changes to monitoring systems. Companies should protect data and conduct privacy impact assessments for high-risk technologies, such as potential profiling or decision-making using automated systems. Workers should have the right to veto data monitoring if it affects their privacy or dignity until the employer proves, in writing, that their privacy and dignity are respected.
3. Apply the data minimization principle
Employers may only:
"Collect data, and only the right data, for the right purposes, and only the right purposes, to be used by the right people, and only the right people, and for the appropriate amount of time, and only the appropriate amount of time."
Employers should ensure their data processing practices for employment purposes respect key principles, including collecting only necessary data and aligning actions with their goals. They must prove compliance with these principles to the supervisory authority. These measures should be tailored based on data volume, type of activity, and potential impact on the rights and freedoms of workers.
4. Transparency in data processing
Employers must provide information about personal data directly to employees, their representatives or other suitable methods. Workers should know what data is collected, how it is used, who has access to it, and their rights regarding their data. This information, including personal data collected by ICTs like video surveillance, must be provided in an accessible, up-to-date format before the employee engages in related activities.
5. Respect for privacy laws and fundamental rights in the workplace
Employers must adhere to global conventions and national laws, including the UN’s Universal Declaration of Human Rights, the ILO’s 1997 Code of Practice on Workers’ Personal Data, and the Protection of Personal Information Act. They must respect human dignity, privacy, and data protection in employment, ensuring that communication is lawful and free from defamation, harassment, and discrimination.
6. Workers must have a full right of explanation when data is used
Especially in decisions that impact workers directly – whether it is a hiring decision, a promotion, or a disciplinary action – they should know how data is used in decision-making processes and be able to challenge it if necessary.
7. Exemption for biometric data and personally identifiable information
Biometric data should only be collected and processed if no less intrusive options are available and if there are strong safeguards in place. Biometric data and personally identifiable information must be handled using recognised scientific methods and meet high security and proportionality standards.
8. Equipment revealing the location of an employee
Location-tracking equipment should only be used for legitimate purposes such as protecting production, health, safety, or efficiency, not for constant monitoring or direct surveillance. Employers must safeguard workers’ privacy and data, adhere to the data minimisation principle, and notify workers in advance about equipment use.
9. Multi-disciplinary, inter-company data governance body
Establish a cross-departmental data governance team to handle and secure data. All representatives on the body, including shop stewards, must receive data training to support and enforce sustainable data protection policies.
10. Implement the principles in collective agreements
The principles must be implemented and enforced through collective bargaining. If there is no collective bargaining, the employer must set up a governance body following principle nine.
Protecting data on workers is about fundamental rights and workplace power dynamics. As the digital economy develops, trade unions seek a better balance between the use of technology and the protection of workers’ privacy and rights.
RELATED ARTICLES
Automation, data mining and the future of retail jobs
Digital labour platforms subject global South workers to ‘algorithmic insecurity’
Why empowered workers are vital for reaping the full benefits of AI