Evolving Workplaces and Rising Employee Privateness Issues (Half-2) – The RMLNLU Regulation Consider Weblog

By: Vrinda Nargas and Namrata Jeph

(This publish is the second of a two half assortment on the topic – ‘A Watchful Eye at Work: Evolving Workplaces and Rising Employee Privateness Issues’)


Security of 1’s id occupies a central place inside the privateness space. Medical knowledge is taken under consideration to be a type of data that has a reasonable expectation of privateness.[1] Quite a few workplaces have compulsory AIDS, medicine, and lie detector or voice assessments for stress evaluation. Compulsory vaccination of workers on the workplace and making workers endure quite a few medical testing in light of the pandemic – temperature screening and asking workers to provide medical knowledge regarding earlier ailments have moreover been workers at positive workplace set-ups.

Inside the backdrop of the COVID-19 pandemic, various governments and private sector corporations mandated the utilization of the ‘Aarogya Setu’ utility all through the early ranges of the pandemic, which adopted a centralized technique to data assortment for contact tracing. Nonetheless, the mandate did not help in garnering the assumption of the employees and most people at large, which is undoubtedly an vital ingredient inside the success of such contact tracing and monitoring methods. The Residence Ministry, which had made it compulsory for its workers to acquire the app, was quick to revise its protection and roll once more the mandate, when the intense flaws associated to the app harking back to the gathering of extraordinarily delicate data, received right here to light. One different occasion of workplace surveillance might be seen in corporates’ and authorities organizations’ decision to introduce facial recognition experience for his or her workers for attendance features, along with for measuring the mood of workers with the help of a “mood meter”. Whereas workers have been provided with the choice to revoke consent, the company is extra more likely to roll out the experience all through all its workplaces, which raises questions on workers’ autonomy and privateness. Nonetheless, sooner than adopting such measures, it is vital that organizations contemplate and adequately speak the necessity of such measures to the affected stakeholders, and as well as take into consideration any totally different measures which might be a lot much less intrusive and could be utilized to realize the an identical goal.


At present, there isn’t a such factor as a consolidated labor regulation regime to manage workplace surveillance in India. With regards to non-public data authorized pointers such as a result of the Information Know-how Act, 2000 (“IT Act”) and the Information Know-how (Low-cost Security Practices and Procedures and Delicate Personal Data or Information) Pointers, 2011 (“IT Pointers”) present some steering , although not specific not notably regarding employee privateness. Half 43A of the IT Act and Pointers 5 and 6 of the IT Pointers emphasize that getting consent for personal data is a ought to, and Sections 70B and 72A prescribe penalties and punishment in case of unlawful disclosure of data. The COVID-19 pandemic has not solely led to an increase inside the amount of surveillance due to distant work settings nevertheless has moreover elevated the need for a sturdy mechanism to sufficient safeguard in opposition to the invasion of privateness of workers and their data.

Further, because of COVID-19 pandemic and the evolving nature of labor, the strains between what constitutes non-public space and what constitutes work or workplace have flip into blurred, thereby rising the publicity of personal and delicate data and information inside organizational applications. The definition of the time interval “workplace” is evolving, and points that will come up due to distant work are the recording of extra time, the statutory price requirements, and maintenance of data. Obscure terminology in current authorized pointers and the dearth of a sturdy legislative framework that caters to the protection of workers’ privateness rights make them suspect of misuse by organizations.

Inside the context of the employer-employee relationship and knowledge privateness, one ought to look to the Personal Data Security Bill, 2019 (“the Bill”). Half 13 of the Bill permits employers to forego buying consent for processing delicate non-public knowledge in two circumstances; one, when consent is simply not acceptable, or two, when the employee should make a disproportionate effort to amass the consent from the employee. Further {{qualifications}} have been supplied on the subject of the wants for which employers can accumulate non-public data with out consent, which might include attendance, assessing effectivity, recruitment, termination, and provision of any service or revenue. This leaves a big ambition for employers to conduct surveillance, with out being matter to lots scrutiny. The Joint Parliamentary Committee (“JPC”) in its options inside the Data Security Bill, 2021, stated that the availability must be redrafted, as a result of it confers a wide range of unfettered power to the employers over their workers’ data. The JPC report emphasised that the employees ought to have a reasonable expectation of their data being collected and processed, and solely in such circumstances would surveillance by the employer be acceptable. Nonetheless, quite a few analysis reveal that workers’ data is captured and processed, normally to their dedication, with out giving them uncover and with out their consent.

In opposition to this backdrop, it is vitally vital concentrate on protection and regulatory formulations adopted to deal with workplace surveillance and workers’ privateness in several jurisdictions. One noteworthy occasion is the European Union’s Fundamental Data Security Regulation (“the GDPR”).

Whereas Article 9(1) of the GDPR prohibits the processing of personal data, employers can nonetheless legally accumulate and course of the non-public data of workers if the requirements laid down beneath Article 9(2) are met. Employers can justify processing non-public data for ending up obligations and exercising specific rights in employment (Art work. 9(2)(b)) or inside the public curiosity (Art work. 9(2)(i)). In addition to, the processing of such data ought to moreover conform to the concepts set out in Article 5, along with goal limitations along with lawfulness, fairness, and transparency. Further, a three-pronged examine laid down in Article 6(1) must be glad when the employer claims to course of data because it’s in his ‘skilled curiosity’ – that of goal, necessity, and balancing. Further, it is vitally vital discover that the GDPR stresses the precise consent of the employee in case of data processing.

If such a rights-based framework which supplies due regard to factors harking back to educated consent, necessity and proportionality, and balancing {of professional} pursuits of every employers and workers is adopted in India as properly, it’d help make it possible for monitoring and surveillance methods utilized by employers are utilized solely when a lot much less pervasive methods are normally not accessible, only for their supposed goal, the digital and privateness rights of workers are given sufficient security, and most importantly, the affected workers are aware of and consent to being monitored.


In newest events, we’ve now witnessed an evolution in one of the best ways we work. Organizations have shifted to distant work at an unprecedented tempo, which has moreover expanded workplace surveillance. Employers are adopting novel utilized sciences to watch their workers’ habits, contemplate their effectivity and make it possible for their productiveness ranges keep extreme once they’re ‘on the clock. Nonetheless, steadily, such methods of surveillance are pervasive, and generally override primary concepts of educated consent and privateness of the employees. Whereas these methods are used to deal with speedy productiveness and effectivity, and should extra signal a perception deficit and a shortage of transparency. These measures could trigger tensions inside the employer-employee relationship, with decreased productiveness as an closing end in the long run, and workers might devise methods to recreation the system and evade surveillance.

Due to the pandemic, there was a shift inside the monetary system and the labor market. Whereas in positive sectors and circumstances, workers can leverage their requires and have entry to alternate job options, it isn’t the case when it comes to jobs the place workers are matter to surveillance. Workers won’t have the power to withhold consent when it comes to being monitored. The difficulty is acute, notably for marginalized groups, low-income earners, and professions marked with low social mobility. The stability of power appears to be titled in favor of the employer, even when seen from the angle of distant work.

The extent of security afforded to workers’ data beneath the present legislative framework in India appears largely inadequate. Whereas employers can have entry to workers’ data for skilled causes, these must be appropriately justified and the gathering and processing of data shouldn’t be on the value of the privateness rights of the latter. If the power inside the palms of employers and organizations is left unchecked, the power imbalance between employers and workers is simply extra more likely to develop.

[1] Tomczak DL and Behrend TS, ‘Digital Surveillance and Privateness’ in Richard N Landers (ed), The Cambridge Handbook of Know-how and Employee Conduct (Cambridge School Press 2019)

(Vrinda and Namrata are regulation undergraduates at Nationwide Regulation School Jodhpur. The creator(s) may be contacted by means of mail at [email protected] and/ or [email protected])

Cite as: Vrinda Nargas and Namrata Jeph, ‘A Watchful Eye at Work: Evolving Workplaces and Rising Employee Privateness Issues (Half-2)’ (The RMLNLU Regulation Consider Weblog26 June 2022) date of entry