Resources
Identity Use Cases & Scenarios.- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- Profiling.
- Forensic Implications.
- HighTechID.
- Privacy and legal-social content.
- Mobility and Identity.
- D11.1: Mobility and Identity.
- D11.2: Mobility and LBS.
- D11.3: Economic aspects of mobility and identity.
- D11.4: Workshop on Mobility and Identity.
- D11.5: The legal framework for location-based services in Europe.
- D11.12: Mobile Marketing in the Perspective of Identity, Privacy and Transparency.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
D11.6: Survey on Mobile Identity
The deliverable in hand provides the results of an explorative survey on the
control model for identity related data in location-based services (LBS)
presented in FIDIS deliverable D11.2.
The survey was performed to explore the influence of LBS characteristics (pull
vs. push based, indirect vs. direct profile creation) on the perceived amount of
control participants have about the disclosure of their identity.
Four scenarios, each reflected a different aspect of the control model, have been
designed and tested.
 |
The legal framework for LBS in Europe EUROPEAN LEGAL FRAMEWORK FOR PROCESSING LOCATION DATA BY EMPLOYERS |
 |
European legal framework for processing location data by employers
According to case law of the European Court of Human Rights (ECtHR), also in the workplace, some reasonable expectation of privacy exists. In the Halford case, the ECtHR considered that the border of this privacy expectation depends on the circumstances the employee might and could have expected on beforehand. In accordance with the applicability of Article 8 of the European Convention on Human Rights and Fundamental Freedoms within employment relationships, also the European Directives regarding the processing of personal data are applicable within these relationships.
The Article 29 Working Party has already on several occasions drawn attention to the specific problems that arise with regard to the processing of personal data within employment relationships. In 2001, opinion 8/2001 on the processing of personal data in the employment context was adopted, followed by a working document on the surveillance of electronic communications in the workplace. In the opinion on the use of location data with a view to providing value-added services, a specific section is reserved for the location of employees.
In the latter opinion, it is stated that the processing of location data raises two issues: “the dividing line between work and private life and the degree of monitoring and permanent surveillance to which it is acceptable to subject an employee.”
With regard to the lawfulness of the processing of location data, attention is given to consent of the employee. As consent constitutes the main problem regarding processing of personal data in employment relationships, the next section will provide some further insight into this issue. Other points of interests raised by the Article 29 Working Party relate to the requirement that processing of location data on employees must correspond to a specific need on the part of the company which is connected to its activity; the fact that the purpose of the processing must not be achievable by less intrusive means; equipment should offer the possibility to switch the location function of, as employers should not collect location data relating to an employee outside his working hours; a reasonable retention period should not supersede two months; employers should take adequate measures to restrict and secure access to location data; and employees should be properly informed regarding (the possibility) to be monitored.
As already mentioned, the processing of location data in hierarchical relationships can be problematic as consent is the sole legal ground for the processing of these data, at least as far as no exception is applicable. In law enforcement, several of these exceptions apply, but in private relationships only billing purposes are mentioned as an exception to the general rule that consent is required.
In this respect, the statement of the Article 29 Working Party in its opinion regarding the processing of location data is somewhat strange: “Such processing should not rely exclusively on the employee’s consent, which must be ‘freely given’.” The next sentence in the opinion does not really clarify the issue:
“As already pointed out by the WP in its working document on data protection in the employment context, the issue of consent should be addressed in a broader perspective; in particular, the involvement of all the relevant stakeholders (as envisaged in the legislation of several Member States) via collective agreements might be an appropriate way to regulate the gathering of consent statements in such circumstances.”
The fact remains that consent is the only ground for the processing of location data. Therefore it is fair to assume that the statements of the Working Party probably address the way in which consent should be given. For an employment context, it is questionable whether consent for the processing of personal data can be integrated in the employer’s labour contract. By incorporating the processing into the contract, the employee might not specifically consent to the processing. The reason to sign the contract is because the employee wants to be hired, and thus he signs the contract containing clauses regarding the processing of his personal data. If he does not sign the contract he might not be hired, so his consent to the processing might not be freely given. From the statement of the Article 29 Working Party mentioned above, as well as from opinion 8/2001, it can be concluded that the Party rejects the processing of personal data within the employment relationship when this processing is solely based on consent incorporated into the individual labour contract. For larger companies the Article 29 Working Party expressed that use of a works council can be a helpful tool to arrange agreements on a central level.
Another peculiarity in relation to consent relates to the difference in ‘normal’ consent and unambiguous consent. As mentioned before, art. 2(h) of the Data Protection Directive defines consent as: “any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed.”
If consent is used as a ground for the processing of personal data as described in article 7(a) of Directive 95/46/EC, consent must be given ‘unambiguously’. However, in case of the processing of location data, article 9 of the E-Privacy Directive is applicable, requiring consent without the requirement of it being given unambiguously.
Also in the context of an employment relationship, a distinction needs to be made between location data collected and stored by a third party, such as a telephone company or an Internet service provider, and location data collected and stored by an employer himself, for example in an intranet or when using an RFID-tagging system for authorisation purposes. If the employer processes the data himself, the mere question that arises regards the lawfulness of the processing in relation to the (privacy) interests of the employee. However, if the employer uses a third party network or service in order to monitor his employees, he needs to gain access to the location data by requesting them from the third party involved. Here the question that arises is twofold: the lawfulness of the processing of the data as well as the lawfulness of the transfer of these data from the third party to the employer.
Another important issue to take into consideration is the applicability of the European Legal Framework with regard to the processing of location data within private systems deployed by the employer. Because these systems probably will not qualify as ‘public’ communication or communications service within a ‘public’ communications network, the E-privacy Directive might not be applicable (Art. 2(d) of Directive 2002/58/EC and Art. 2(a), 2(c) and 2(d) of Directive 2002/21/EC).
Another important factor within employment relationships concerns the difference between subscriber and user. In general, in the case of a structure in which the employer depends on a third party for the processing of location data, the employer will be the subscriber to the service, but not the data subject or the user of this service. The location data to be processed will relate to the employees, and therefore, they are the data subjects and users of the service, yet they did not subscribe to this service. So, the question as to who needs to consent, and who needs to provide the information in order to satisfy the requirement of informed consent, plays an important role in employment relationships.
In this respect, White makes an interesting distinction between three different instances of using location monitoring systems generating location data.
Consensual use, in which the employee is a willing participant.
Non-consensual use, which occurs without the individual’s knowledge or permission.
Flexible use, which covers devices whose use has the unintended consequence of tracking location information.
According to these conditions, non-consensual use, as described above, will be prohibited, and active use will be allowed on the basis of consent, assuming that enough information is provided in order for this consent to be informed, and the hierarchical relationship not being in the way of consent being freely given. Flexible use is more difficult. An example might be that the car of a company has a GPS system to prevent it from being stolen or car-jacked. In this respect, not only the requirements regarding consent must be met, but also the (im)possibility to turn off the localisation system can play an important role in assessing whether or not the processing of the location data is allowed.
| |
   |
|
| 19 / 47 |
