Unions can ensure new guidance on data supports workers and employers

The current guidance was published 10 years ago and is no longer relevant to the modern employment relationship, where workforce data is increasingly being used to make unfair, unsafe and discriminatory decisions about workers.

The TUC has recommended that the ICO guidance is significantly expanded to cover all areas of the employment relationship where data plays a role. Work has changed significantly since the last code was published:

· New types of data driven work have emerged. For example, algorithms determine the pay rates and workloads of workers in the gig economy.

· New technologies have emerged that can harvest vast quantities of workforce data. For example, the Worksmart ‘productivity tool’ can be used by managers who have staff working remotely. It logs the hours staff work, counts the number of keyboard strokes made in an hour, records social media usage, and takes photographic ‘timecards’ every 10 minutes via a webcam.

· And the pandemic has seen a shift to hybrid working and increased working from home. Data and privacy rights are especially at risk because of employers attempts to monitor their remote workforces.

We made the following key points to the ICO:

1. Additional sections should be included in the new guidance, including those which:

· Highlight the risks of algorithmic discrimination. For example, unions have reported that algorithms used by Uber have discriminated against BAME workers and stopped them from working.

· Set out the legal protections that exist for workers who are subject to fully automated data processing. Too many workers are subject to disciplinaries and dismissals that have been decided by an algorithm, without any human intervention.

· Provide further guidance on the appropriate, lawful use of CCTV in the workplace. Unions, representing members across a range of sectors, have flagged that employers are increasingly using CCTV for crime prevention purposes, but are then using the images/videos taken by CCTV to punish workers for other workplace misdemeanours.

2. The new guidance needs to be targeted at, and accessible to workers. The previous code was targeted at employers, but the ICO should make sure the new code enables workers and their representatives to fully understand their data rights. Case studies should be used throughout the guidance to show how data protection rights are relevant to real workplace issues.

3. The ICO is a regulatory body that takes action to ensure organisations meet their information rights obligations. The previous guidance failed to mention this. We believe that the new code should have a section covering the ICO’s role as an enforcement body. This section should include the following:

· How does a worker make a complaint to the ICO?

· What will the ICO do when it receives a complaint?

· What powers does the ICO have to investigate data breaches?

· What sanctions will an employer face if they are found to have breached data protection laws?

Finally, we said that the online consultation should be the start of the process.

Unions are ready to speak with the ICO and make sure the new guidance is useful for both workers and employers.