Legislation proposed on protection of personal integrity at work

In March 2002, a commissioner appointed by the Swedish government submitted a proposal for a new law on the protection of personal integrity and privacy in working life. Under the proposal, the protection of the personal integrity of employees, job applicants and former employees would be strengthened in two main areas - the use of information technology, and medical examinations and drug tests. For example, there would be a general ban on employers reading employees' personal e-mail.

On 5 March 2002, a proposal for new legislation on the protection of 'personal integrity in working life' (Personlig integritet i arbetslivet, SOU 2002:18) was submitted to the government by the commissioner it had appointed to look into the issue, Reidunn Laurén (a former president of the Administrative Court of Appeal). The commissioner was asked in September 1999 to examine the risks to 'personal integrity' and privacy raised by modern working life, with a view to possibly proposing increased protection for employees and job applicants related to new technology, medical examinations and drug testing (SE9911105N).

At present, there are no cohesive rules in Sweden on the protection of personal integrity in working life. The aim of the new legislation proposed by the commissioner, which would apply to both the public and private sectors, is to strengthen the protection of the integrity of current and former employees and job applicants.

Personal data

The commissioner has concentrated on trying to limit employers' rights to process personal data in situations where an employee's personal integrity may be considered to be seriously at risk. The current Personal Data Act (Personuppgiftslagen, SFS 1998:204) which applies to all automatic data processing and registration, provides the best existing protection related to the processing of personal data, according to the commissioner's proposal. It is therefore natural and in practice inevitable that the new draft law be based on the Personal Data Act, the commissioner asserts.

The 1998 Personal Data Act implemented into Swedish law the 1995 EU Directive (95/46/EC) on the protection of individuals with regard to the processing of personal data and on the free movement of such data. The fact that the proposed draft law will be based on the Personal Data Act means that the basic principles of 'relevance' and 'finality' that governed the formulation of the EU Directive will also apply to the proposed Swedish legislation on protection of personal integrity in working life. These principles, which permeate the draft law, mean that

• the personal data collected must be adequate and relevant in relation to the purposes for which they are processed;

• the purpose must be specified, explicit and legitimate, and

• personal data may not be processed for purposes that are incompatible with the intentions for which they are collected

The proposed legislation would be a 'special' Act, with the effect that, where appropriate, its provisions would take precedence over the provisions of the Personal Data Act. In connection with employers' processing of personal data relating to employees, there is thought to be a danger of violations of integrity even if the data is processed entirely manually (the Personal Data Acts covers automatic processing). The commissioner therefore proposes that the new law should also apply to manual processing of personal data. This means that processing of all documented personal data, including written notes on loose pieces of paper, should be covered.

The proposal contains a provision that personal data should primarily be collected from employees themselves. Only in cases where this was impossible could an employer, with the employee's consent, collect information from another source.

Use of information technology

The increased use of information technology in working life is considered to have increased the risks of intrusion into employees' personal integrity, and to have changed the nature of these risks. New technology gives employers more opportunities of monitoring employees, and this may occur without the employee in question being aware of the monitoring. One issue that has been given much attention in Swedish public debate concerns whether an employer has the right to read private e-mails sent or received at work or other private information that is available electronically. Another issue concerns the employer's use of technology that automatically collects data on the employees' activities. Both of these questions are addressed in the commissioner's proposal.

Employers have the right to preside over the use of their technical equipment and to decide over whether and to what extent an employee may use the equipment for private purposes, the commissioner states. The proposed draft law, however, contains a provision intended to define and limit the employer's right to read private electronic data. Thus, a prohibition is proposed on employers reading employees' private e-mail or other private electronic data. However, it is not possible to guarantee absolute protection of personal integrity with regard to private e-mails and other private electronic data, the committee points out. To ensure that the employer can use its information technology in a rational way, the proposed prohibition would refer only to deliberate intrusion - ie the employer must be aware that the information in question is the employee's private data.

An employee should also be able to consent to the employer reading such data, it is proposed. Furthermore, there should be an exception from the general prohibition on employers reading employees' private e-mail and other private electronic data if the employee may, on reasonable grounds, be suspected of being guilty of an offence in connection with the use of the employer's equipment, or of behaviour so disloyal that there are impartial grounds for dismissal or cause for contractual liability for damages. Safety concerns might be another exception.

In practically all use of information technology, activities are logged. The data may concern relatively harmless circumstances, such as the time an employee logs his or her personal computer into the company network. However, the commissioner argues, by using more advanced technology an employer can record all the actions taken by an employee, as for example in the information and communications technology (ICT) business and in the transport sector. However, the commissioner does not wish to propose any new provisions regulating the logging of such data, believing that the rules in the Personal Data Act are satisfactory in this aspect. A reference to the relevant provisions in the Personal Data Act is made in the draft law.

Health and drug tests

The draft law also covers medical examinations, drug tests and personality tests.

Personal data on health or the use of drugs is sensitive information and must be handled very restrictively, states the commissioner. It is thus proposed that, as a general rule, there should be a prohibition on employers processing personal data on employees' health or use of drugs. There should be exceptions, however, notably when it is necessary for the safety of the employee, other employees, the workplace or the general public for the employer to ascertain whether employees are capable of carrying out their work tasks. The employer would also be entitled to process personal data on an employee's state of health in order to ensure that the employee has the physical capacity - eg in terms of sight or hearing - required for the job.

The commissioner also proposes a provision prohibiting the processing by employers of personal data on employees' criminal offences. Employers currently have practically unlimited opportunities to process manually personal data on criminal offences. This opportunity will disappear, under the proposal. An employer will thus no longer be able to demand extracts from records, more or less as a matter of routine, as a condition of employment.

Personality tests are commonly used during the recruitment process. These tests, which aim to assess the personality and the abilities of the person being tested in certain situations, can also lead to risks of violations of personal integrity, it is thought. The proposed draft law would stipulate that the processing of personal data collected through personality tests may be carried out only with the consent of the employee or the job applicant. This means that the employee or applicant would maintain control over the information resulting from the test.

Social partner involvement

The responsibility and commitment of the social partners will be necessary for the proposed law to provide employees and job applicants with the protection of integrity that is intended, the commissioner states. The efficiency of the law will be significantly dependent on trade union commitment, both at the central level and locally. The parties should be able to conclude collective agreements containing provisions that define the jurisdiction of the law in this area and that take conditions within individual industries or specific workplaces into account.

Commentary

Lena Svenaeus, a former Equal Opportunities' Ombudsman, has stated that she would lie to see a very different type of legislation on the protection of personal integrity in working life than that proposed by the commissioner - a Human Rights Act, with only very limited exceptions from the right to personal integrity. She states that any situation in working life that does not lead to personal data processing - such as DNA tests, camera monitoring, bugging and other forms of overhearing - is wholly left outside the scope of the proposed draft law. Furthermore, she believes that a Human Rights Act would be easy to use and effective. Trade union representatives have problems in dealing with the current Personal Data Act, which is very difficult even for a lawyer to understand, claims Ms Svenaeus, and a complementary Act on integrity in working life will probably only add to the difficulties. She adds that a law on the protection of personal integrity should have a certain 'dignity', but the proposed draft law gives no such signals, giving the impression of being merely a series of administrative provisions.

The white-collar trade unions' representative in the social partner reference group which assisted the commissioner, Ingmar Hamskär, the chief lawyer at the Confederation of Salaried Employees (Tjänstemännens Centralorganisation, TCO), is also negative about the proposals. He notes particularly that no proposals have been made on whether employees and job applicants should be obliged to submit to compulsory medical tests and drug tests.

The possibility set out in the draft law of concluding collective agreements adapted to individual workplaces may put real pressure on the trade unions in future. The unions would have to take more responsibility in this area than they do currently with regard to the 'ordinary' personal integrity matters dealt with by the Personal Data Act (which covers all citizens, workers included). The current author believes, however, that apparent difficulties for local trade union representatives in interpreting the law can be overcome with the help of unions at central level and their trained lawyers. As for concluding local collective agreements on protecting personal integrity, the proposed law will leave a wide scope of possibilities for local solutions. (Annika Berg, Arbetslivsinstitutet)