UK: New guidance and a Fine for TikTok
Authors: Charlie Urquhart, Ruth Bonino and Sophie Jackson
Many employers carry out some form of monitoring of their employees to check the quality and quantity of their work, but with more people working from home and advances in technology, monitoring of employees only looks set to increase. With this in mind, the ICO has published new guidance for employers on how monitoring can be done lawfully. The guidance also includes good practice advice and checklists.
Workers’ health data is amongst the most sensitive data that employers handle. The Information Commissioner’s Office has published new guidance for employers on handling workers’ health data. This includes guidance on how employers can comply with their legal obligations, examples of good practice and checklists. The guidance also looks at specific points such as managing sick absence records and occupational health schemes, conducting drugs and alcohol testing and how to approach sharing employee health data.
The Data Protection Commission, Ireland’s data protection regulator, has fined TikTok EUR345 million. The fine follows a finding that TikTok infringed the GDPR’s principle of fairness and requirements for data protection by default and design when processing personal data relating to children. Earlier this year, the UK’s Information Commissioner’s Office (ICO) also fined TikTok for the misuse of children’s personal data. These fines demonstrate the willingness of authorities to use their powers to issue substantial fines for data protection breaches.
Key Action Points for Human Resources and In-House Counsel
The new guidance should be helpful for employers when looking at how to comply with their data protection obligations when it comes to dealing with health data and employee monitoring.