Brave New World of Work?

DISCLAIMER: All opinions in this column reflect the views of the author(s), not of EURACTIV Media network.

Promoted content

Credit: FEPS

Justin Nogarede is Digital Policy Adviser at FEPS (Foundation for European Progressive Studies).


With the Covid-19 pandemic, the shift to digital tools and algorithmic systems at the workplace has accelerated. While some of this is obviously helpful – such as remote working software that allows people to work from home – there is also a shift to surveillance and algorithmic control that threatens to undermine people’s autonomy and well-being at work. To change this, a FEPS report recommends making much better use of the General Data Protection Regulation (GDPR) as well as exploring the build-up of new institutions.

Digital surveillance: brought to you by the software industry

Evidence is beginning to surface about the introduction systems that process personal data, for the purpose of far-reaching surveillance and control in the workplace. It is often thought that these phenomena are limited geographically – to the US – and functionally – to the platform economy – but that is incorrect. Such systems are on the rise in Europe and across the labour force. For instance, a recent study by Cracked Labs, focusing on Germany and Austria, provides many examples of detailed monitoring and control systems. They range from sectors like logistics and retail to call centres and healthcare, and more than a few of the software systems are of questionable legality.

The technical possibilities for digital surveillance and control are vast: constant logging of keystrokes and the taking of regular screenshots, as well as the monitoring of internet usage, social media, mails and calls. In addition, sensors, like wearable tracking devices and facial recognition software are increasingly popular. Beyond surveillance, more elaborate algorithmic systems are taking on functions that were previously beholden to management: the automation of decisions to hire, fire or promote employees, the assessment of workers’ performance, or the speeding up of work and directing of how employees carry out their tasks. These systems are often difficult to scrutinise, and hence make it difficult for workers to detect unfair practices – like discrimination – and contest them. They can also have negative impacts on mental health and safety at work.

Making data protection great (again?)

Most digital systems that assess the performance of workers are handling personal data and fall under the GDPR. Therefore, in theory, workers must be informed about personal data collection and its use, and there are limits as to what is legally possible. But in practice, the GDPR suffers from a lack of awareness and enforcement, especially when at the workplace. A recent FEPS report, “No digitalisation without representation. An analysis of policies to empower labour in the digital workplace”, highlights that the workplace is not an enforcement priority for Data Protection Authorities across the EU, who are in any case under-resourced. In its own annual report of 2020, the Dutch Data Protection Authority – one of the better resourced in the EU – concludes that it does not carry out public information campaigns, that it has a backlog of 1500 complaints, and that it fails to check algorithms that process personal data.

When enforcement capacity is so scarce, it is difficult to understand why Data Protection Authorities do not maximise the impact of their activities. For instance, their sanctions decisions are not always made public and not easily accessible across the EU, which prevents learning by other authorities, businesses, and workers. In addition, Data Protection Authorities still seem reluctant to fine illegal behaviour, which mean there are limited incentives for companies to comply. For instance, in the case of Zalando’s controversial employee performance management system – called ‘Zonar’, authorities only acted after public complaints, and did not fine behaviour that it deemed illegal.

Therefore, it is important that trade unions and works councils fill the gaps, by educating workers, and helping them exercise their rights under the GDPR. The report shows that the GDPR offers ample opportunities for workers – and their representatives – to exercise more influence over the implementation of digital systems in the workplace. For example, by being consulted on data protection impact assessments, by challenging the legal bases for data processing, and by contesting automated decisions. However, this does require legal and technical expertise, which is currently lacking in many trade unions and works councils.

Preventing problems, paying attention to design

The design of software involves many value judgments, that determine how the application can be used. For instance, the EU is struggling to ensure crucial online platforms, like social media, do not undermine important values like democracy, transparency, and fairness. This is very hard to do when the infrastructure itself, like Facebooks platform, is designed for different purposes, in this case maximising user engagement to boost advertising revenues.

For work, there is an opportunity to still influence the design of the systems that are now being rolled out, and to ensure work does not become a ‘Taylorist’ nightmare of digital surveillance and micro-management. Right now, the functions of performance management software are often oriented to what is technically possibly, which facilitates abuse. In addition, the incentives are such to create systems that are difficult to understand from the outside and lack transparency, sometimes even for the firm management itself. What if, instead, software was designed to facilitate worker’s involvement and well-being?

The GDPR already requires privacy by design, but it is not clear this has had a decisive impact on the development of GDPR-compliant systems. Just as sustainability is becoming an integral part of software systems – see for instance SAP’s software for tracking products’ carbon footprints – it is time to integrate workers’ well-being and interests into the design of software. This could be sped up if unions, civil society, and universities, perhaps with public support, worked together to audit and certify workplace software systems to ensure compliance with labour law and data protection principles. It would help workers, but also employers, who would find it much easier to comply with the law.

Subscribe to our newsletters