Privacy & Information Security Law Blog

On August 12, 2021, the UK Information Commissioner’s Office (“ICO”) published a call for views on data protection and employment practices. The ICO intends to update its employment practices code and associated guidance, originally produced under the Data Protection Act 1998, which has now been replaced by the UK General Data Protection Regulation (“UK GDPR”) and Data Protection Act 2018 (“DPA 2018”). The ICO is requesting responses from large and small employers, workers, volunteers, trades unions, employment dispute resolution bodies, recruitment agencies, professional and trade bodies, and suppliers of employment technology solutions.

The ICO stated that it intends to replace its existing guidance with a more user-friendly online resource with topic-specific areas, including recruitment and selection, employment records, monitoring of workers, and information about workers’ health. In addition to the evolving data protection landscape, the ICO pointed to changes in the way that employers use technology and interact with staff as reasons for providing an updated set of guidance. For example, the ICO commented that artificial intelligence and machine learning are already impacting the way that employers make decisions regarding staff, and that monitoring technologies are more widespread. In addition, the new guidance is likely to address COVID-19 issues and the impact of the pandemic on remote working practices.

The ICO requested views on the changes in data protection law that the ICO should focus on in its guidance, any other developments that are having an impact on employment practices that should be addressed (including technological and cultural changes), and any case studies that respondents would like to see in the guidance.