Introduction
The main purpose of this study is to find out whether and how the European Cockpit Association (ECA) and workers’ representatives can challenge employers who decline to provide information on the grounds of data protection legislation or on the grounds of commercial confidentiality.
This study concentrates on data protection laws and principles, mainly departing from the perspective of the ‘General Data Protection Regulation’, known as the GDPR, and brings it in connection with collective labour rights and industrial relations, mainly from the view of the right to information and consultation as well as the right to collective bargaining.
Within the main project study and scope, the main research question can be summarised as: to what extent can data protection laws and regulations (in particular the GDPR) pose limits to the exercise of the right to information in a collective labour rights context where trade unions face employers or groups of employers in a transnational context.
The study report has been structured in four main chapters. Hereafter, we deliver the main summary and findings for each chapter.
Chapter 1
The first chapter focuses on legal courses and specifics for the HR context. The legal frameworks and sources of data protection have to be set out against the broader background of employment and industrial relation. In discussing the key concerns of this study, it is relevant and important to understand the context, origins and perspectives of data protection standards. It is clear that data protection standards give an essential perspective to information flows and exchange. In light of this, the broader setting and the origins of the relevant instruments will be helpful in hard cases and situations where there is room for interpretation or balances need to be struck.
Key findings:
✓ The GDPR is not an isolated instrument, though it is an essential and binding instrument in EU
law, with an important influence and effect outside the EU.
✓ Data protection standards rely on fundamental rights frameworks.
✓ It may be necessary to reconcile different fundamental rights, as there is no general system of preference between these fundamental rights.
✓ This increases the importance of framing the rights conflicts involved
✓ The GDPR is a general instrument, applying to a wide field of activities with a broad scope of application.
✓ It is necessary to adapt the rules and principles of the GDPR – like all general data protection standards – to the specificities of the employment context.
Chapter 2
The second chapter sets the broader narrative and fundamental rights framework and deals with the fundamental conflict between information rights and the right to data protection. It is important to define the relationship between data protection standards and the freedom of information and to establish a narrative for the relation between the GDPR and industrial relations. The right to information (connected with consultations and negotiations) is a collective labour right, not a stand- alone right in the context of data protection. It must be pointed out that, in principle, the GDPR is also based on the free flow of information principle. This foundation may prove to be important as both data protection and free information are fundamental rights. In that context, it is also relevant to position the concept of confidentiality as a limit to free information, and/or as part of data protection, in terms of scope and limits.
Key findings:
✓ Data protection standards are not designed to prohibit data or information flows.
✓ The right to information and consultation is recognized as a fundamental right in Europe, subject to certain conditions.
✓ None of the examples studied give insight into whether personal data fall under confidential information as provided by industrial relations laws.
✓ Two benchmark cases show that data protection standards, such as the GDPR, do not stand in the way of disclosing personal data related to workers to the workers’ representatives.
✓ A European legislative proposal on equal pay allows individual pay data to be shared with workers’ representatives. Arrangements can be made whereby disclosure individual pay information will be limited to the workers’ representatives, not to individual workers.
✓ A German case confirms that information rights of works council representatives can be
reconciled with the GDPR, even if it concerns sensitive information.
✓ An important requirement is that it must be shown that the information requested is indispensable to the performance of the task as a works council (representative).
✓ The general right to information contained in a statutory provision can be a basis to justify the necessity of personal data processing (disclosure).
Chapter 3
The third chapter focuses on the GDPR and relates to how the major principles of data protection can support HR and IR personal data processing. In order to respond to the issues and problems set out in the introduction and problem analysis, it is relevant to give legitimacy and justification grounds for information and data exchange in the industrial relations context. It must be pointed out that the GDPR provisions are quite open textured and leave room for interpretations. They thus bear potential for the industrial relations context. In this chapter, we also show some benchmark cases where data protection standards and rights to information on HR personal data need to be reconciled.
Key findings:
✓ Three main and essential data protection principles are: Legitimacy; Proportionality; Purpose Limitation.
✓ The principles also apply to disclosure of data to workers’ representatives and trade union
members.
Legitimacy:
✓ The (employment) contract will be a strong basis for the HR data collection by employers
✓ On disclosure of personal data in an industrial relations context, there is – overall – less existing guidance.
✓ We are of the opinion that information rights in industrial relations law give a legal basis for the disclosure of personal data.
✓ Personal data processing is not only legitimate when employers are required or obliged to process these data, based on legal obligations, but also in case where there is a contractual or other “legitimate interest”.
✓ Consent is not an evident legal basis: it is often found problematic; should be organised on
specific conditions; data subjects have the right to withdraw their consent at any time.
Proportionality:
✓ Data processing (including disclosure) should always be balanced with the rights of data subjects.
✓ Showing the necessity to process personal data will be a crucial argument. This necessity may be derived from the need to be able to effectively exercise the right to information
Purpose limitation:
✓ Processing of personal data for purposes other than those for which the personal data were
originally collected, is only allowed if this is compatible with the original collection purpose.
✓ Industrial relations may be seen as a compatible secondary use of personal data.
✓ We are of the opinion that HR related data are collected by employers can later be used and shared with workers’ representatives.
✓ However, there will still be limits resulting from the GDPR, and some secondary (or tertiary) use may be problematic.
✓ Specific guarantees may help, such as anonymization, pseudonymization, transparency, opt- out options, creating a positive context for workers.
✓ Compatibility problems may be avoided if employers are willing to include data disclosure with workers’ representatives in the original purposes of worker data collection
Chapter 4
The fourth chapter focuses on making information and data exchange in industrial relations scenarios compliant with the GDPR. It gives a governance framework and contains toolbox questions for guiding data flows in industrial relations. A data flow chart has been be set up and toolbox questions leads to various conditions, set under data protection law, to strengthen compliance and make data flows possible.
The whole governance dimension is a highly relevant matter in finding solutions for personal data protection problems and issues. The GDPR refers to various tools and mechanisms to secure that personal data processing is in conformity with the standards.
One of the means is a “data protection impact assessment” (DPIA), promoted as an important component of personal data protection. A DPIA is, as a rule, obliged for data processing with a ‘high risk’ impact or “likely to result in a high risk to the rights and freedoms of natural persons”. In the context of our study, we have applied the DPIA approach as a form of due diligence and good conduct and as a way to create a culture of trust and compliance related to personal data protection, in particular the GDPR.
A number of related data protection impact questions, sufficiently practical for the industrial relations context of this study, have been narrowed down to relevant key questions. These questions should, in our view, be addressed when workers’ representatives (or trade unions) and employers face issues of personal data in light of information disclosure in an industrial relations context :
- What (personal) data flows can be identified ?
- Who is identified as controller/processor/recipient ?
- What is the legal/legitimate ground of personal data processing ?
- Which (personal) data are processed for which purposes?
- How is personal data processing minimized to what is necessary and proportionate?
- Have data subjects been informed ?
- What is the territorial scope of the personal data processing?
- Are risks to the rights and freedoms of data subjects properly addressed ?
- Are additional guarantees applicable ?
- Have interested parties been involved ?
The toolbox questions serve different purposes. Not only do they provide the key elements for compliance, they also offer key points and recommendations. We also produced a data flow chart adapted to the industrial relations context.
Data flow chart:
The arrows and numbers indicate the flow of data. The following data flows can be identified:
• 1a: data shared by workers with their employer in the context of human resources
• 1b: HR related data shared between employers belonging to the same group of undertakings (e.g. subsidiary and headquarter)
• 2a: data shared by the employer with the national workplace representative body (e.g. to the works council)
• 2b: data shared by central management with the European workplace representative body (e.g. the European Works Council - EWC)
• 2c: data shared by the employer with a national trade union organization
• 3a: data shared between national workers’ representatives with European (EWC) workers’
representatives
• 3b: data shared by national workers’ representatives with a national trade union
organization
• 3c: data shared by European (EWC) workers’ representatives with the European trade union organization (e.g. in the relevant sector, for the relevant profession)
• 3d: data shared by a national trade union organization with the European trade union organization (e.g. in the relevant sector, for the relevant profession)
The chart represents the complexity of information flows in complex industrial relations setting. It also shows how data, which may have been originally collected by employers for HR purposes from their staff members, may subsequently be targeted for workplace representation. settings and even further for processing within the trade union movement. This will be discussed below.
The flow chart will be used to deliver an applied analysis of subsequent key toolbox-questions:
Q1: Which (personal) data flows can be identified ?
Key points:
✓ Industrial relations cover a complex variety of systems and practices
✓ It is therefore important to identify data flows
Solutions:
✓ Establish a data flow chart
✓ Adapt the flow chart to the specificity the industrial relations context
✓ Use the data flow chart for applying of the subsequent toolbox questions
Q2: Who is identified as controller/processor/recipient ?
Key points:
✓ In any of the industrial relations scenarios, it is advisable to clarify the different roles and positions of all the actors in terms of the GDPR.
✓ Most unclear is the situation of individual representatives/union delegates
✓ GDPR obligations mainly rest on ‘controllers’ (who determine purpose and means of personal data processing)
✓ Two main controllers will be implied in industrial relations: employers (holding HR data) + trade union organizations (receiving HR data)
✓ Individual trade union delegates may qualify as ‘processors’ of their trade union organization.
They also may be ‘joint controller’ with the trade union organization
✓ Individual workplace representatives are more difficult to qualify. This will be case specific. They could, depending on the situation, be seen as ‘controller’ or ‘processor’ in the sense of the GDPR
Solutions:
✓ Explicitly identify and document (e.g. in agreement with the employer), for each workers’ representative or union delegate who may receive personal data in which capacity (controller, processor, recipient)
✓ Determine if a trade union organization may be involved in the data processing and, if any,
whether it will function as a ‘controller’ (and identify the processors of this controller)
Q3: What is the legal/legitimate ground of personal data processing?
Key points:
✓ Legitimate interest and consent may be problematic / less secure grounds
✓ Employers’ HR data processing will rely on : contractual obligations + legal obligations
✓ Sharing HR data in industrial relations will rely on: legal obligations, legitimate interest and (less on) consent
Solutions:
✓ Identify the legitimate ground for personal data processing: legal obligation, contractual basis, legitimate interest, consent
✓ European Works Council arrangements may make the legitimate ground more robust for data sharing with representatives (and possibly with trade union organizations)
✓ Trade unions may arrange consent from their members to allow HR data processing relating to them (if practical and effective)
Q4: Which (personal) data are communicated to the workers’ representatives and for which purposes?
Key points:
✓ HR personal data controlled by employers may be shared with workers’ representatives and union delegates in light of their functions in workplace representative bodies. Such HR data sharing can be seen as a compatible but still justified (secondary) use of the data
✓ Further - tertiary - use of such HR personal data by trade unions for own trade union purposes
(e.g. collecting data for analytical purposes) can be problematic under the purpose limitation principle. The connection with the original purpose of processing of the HR personal data looks insufficiently strong
✓ This will hamper the possibility for representatives or employers to share HR personal data
with trade union organizations directly (for the trade union’s own purposes)
Solutions:
✓ Solutions for tertiary use by trade unions may be: use anonymized/pseudonymized data and/or agree with employers to update the original purpose
✓ Another solution for tertiary use would be consent by the workers (concerned), though it leaves legal uncertainty (inherent to consent)
✓ Consent by a worker is more robust in a trade union membership relation, where the worker concerned seeks trade union representation in order to defend his/her interest in a particular case (this would be secondary use)
Q5: How is personal data processing minimized to what is necessary and proportionate?
Key points:
✓ The GDPR requires a demonstrated need (necessity) for the disclosure of personal data
✓ In practice, this necessity will be brought forward by trade unions or workplace representatives, based on the need to effectively exercise their rights
Solutions:
✓ Anonymization or pseudonymization may be a feasible alternative for personal data processing: names and identities of workers could be changed with numbers, codes or pseudonyms, and in this way disguised
✓ An option is to leave personal data with the employer while anonymized/pseudonymized data
are shared with trade union delegates or workers’ representatives
✓ Consider the establishment of a joint body, including a representation from the employer and the workers, which has access to personal data and can filter (or anonymize/pseudonymize) personal data before disclosure in the broader industrial relations circle (compare with the ‘select committee’ in the EWC)
✓ Consider deleting (by e.g. aggregating/anonymizing/pseudonymizing) personal data
immediately after they have been disclosed and have served the purposes of industrial relations
Q6: Have data subjects been informed ?
Key points:
✓ Employers need to inform (‘update’) the workers concerned on beforehand when they disclose HR personal data related to them to unions/delegates/workers’ representatives
✓ Trade union organization(s)/representatives need to inform the workers concerned when they receive personal data related to them, unless this information is already given (e.g. by the employer)
Solutions:
✓ Convince employers to include (preferably identified) workers’ representatives as recipients of personal data in their transparency/information package towards their workforce (with specification of data and purposes)
✓ Agree with employers to jointly (employer + trade union) deliver the transparency/information
package towards the workforce
✓ Give clarity on your trade union website and describe how you are GDPR compliant when HR personal data are received in light of industrial relations
Q7: What is the territorial scope of the personal data processing?
Key points:
✓ International personal data flows to ‘third countries’ (outside EU/EEA) are severely
conditioned by the GDPR
✓ This leads to rather complex issues, certainly seen the context of potential industrial relations data flows
✓ Within the EU/EEA area, there are no further conditions, although some higher sensitivity for GDPR compliance should be respected
Solutions:
✓ Restrict data disclosures to recipients in EU/EEA only
✓ Anonymize data as much as possible when transferred outside EU/EEA
Q8: Are risks to the rights and freedoms of data subjects properly addressed ?
Key points:
✓ Attention needs to be paid to respect the rights of data subjects through all stages of data processing
Solutions:
✓ Trade unions are recommended to organise expertise to address issues related to the exercise
of rights of data subjects (e.g. right to access, rectification, portability, …)
✓ Trade unions can contribute to technical and organizational measures to secure personal data
✓ Representatives and delegates need to live up to standards of integrity and confidentiality and need appropriate training
✓ Document compliance: make sure that there is documentation showing that all involved parties comply with data protection standards
Q9: Are additional guarantees applicable ?
Key points:
✓ Additional tools are strictly speaking not an obligation, but make data protection compliance more robust
✓ Additional tools increase legal certainty and mutual trust Solutions:
✓ The use of standard clauses or codes of conduct are strongly advised
✓ Models are available from the GDPR framework
Q10: Have interested parties been involved ?
Key points:
✓ Consultation on personal data processing activities and compliance should be part of good practice
✓ The employer’s DPO (data protection officer) should be involved in joint consultations as well
as in implementation of data processing activities
Solutions:
✓ Information and consultation on both HR and IR related data protection policies and practices
with workers’ representatives or trade union delegates is strongly advised
✓ Trade union organizations which become controllers of personal data are recommended to appoint a DPO (data protection officer) – the DPO may be operating under the umbrella of the European trade union organization
Closing findings
The flow chart and toolbox questions have been explained above and have been used to deliver an applied analysis of subsequent key issues.
Based on the overall findings of this study and the tools mentioned above, a key problem was identified within the context of the purpose limitation principle and its connection to the legitimate basis of various data flows. We identified three different purpose-levels in the industrial relations data flow chart.
This is related to distinctive questions, understood as follows:
|
- Purpose 1: for which (original) purposes have the personal data been collected in the HR context? |
- Purpose 1 is connected with data flows 1a and 1b - Purpose 2 is connected with data flows 2a, 2b and 2c
- Purpose 3 is connected with data flows 3a, 3b, 3c and 3d |
Purpose 1 and 2 have more robustness in terms of the GDPR’s purpose limitation principle. Purpose 3, related to further trade union disclosure and use of personal data, should rather be defined as tertiary purpose and is less evident under the GDPR’s purpose limitation principle.
A recommendation in this respect is to envisage a strong implementation of the other Toolbox questions in order to compensate the purpose limitation problem. In particular, in addition to options such as minimizing data processing (e.g. anonymization or pseudonymization) and limiting the circle of recipients, guarantees referred to under Question 9 can be recommended.
This may lead to adapting our data flow chart with the following addition:
The identification of a 4th relation in this chart, may have the following advantages:
• A negotiated agreement at European level with management and the European trade union
• Defining roles and accountability under the GDPR
• Adapted and uniform guarantees for GDPR compliance for the whole IR setting
• A stepping stone for a stronger legal basis of personal data processing and GDPR recognition
• A method to limit the circle of recipients of personal data
Our five key findings of the study:
✓ Personal data can be disclosed to workers’ representatives in conformity with the GDPR
✓ In all cases, workers’ representatives should demonstrate the necessity of personal data in order to be able to effectively exercise their right to information
✓ Data minimization is key, so maximize: anonymization, pseudonymization, limiting data access, and other safeguards
✓ Workers’ representatives should use the Toolbox and Data Flow Chart in order to assess GDPR compliance
✓ Involve employers and reach agreement on conditions and standards applicable to HR personal data disclosures
Authors: Frank Hendrickx & Simon Taes, Institute for Labour Law – KU Leuven
This publication has been produced with the financial support of the European Commission, under the call for proposals VP/2019/002, “Information and training measures for workers' organisations”. The project is called “Transnational Agreements - Best practice and feasibility.” The contents of this publication are the responsibility of the European Cockpit Association and the guest authors and are in no way be taken to reflect the views of the European Commission.
