Is That Lawful? Data Privacy and Fitness Trackers in the Workplace

Philippa M Collins, Stefania Marassi

Research output: Contribution to journalArticle (Academic Journal)peer-review

Abstract


Data collected from fitness trackers worn by employees could be very useful for businesses. The sharing of this data with employers is already a well-established practice in the United States, and companies in Europe are showing an interest in the introduction of such devices among their workforces. Our argument is that employers processing their employees’ fitness trackers data is unlikely to be lawful under the General Data Protection Regulation (GDPR). Wearable fitness trackers, such as Fitbit and Apple Watch devices, collate intimate data about the wearer’s location, sleep and heart rate. As a result, we consider that they not only represent a novel threat to the privacy and autonomy of the wearer, but that the data gathered constitutes ‘health data’ regulated by Article 9. Processing health data, including, in our view, fitness tracking data, is prohibited unless one of the specified conditions in the GDPR applies. After examining a number of legitimate bases which employers can rely on, we conclude that the data processing practices considered do not comply with the principle of lawfulness that is central to the GDPR regime. We suggest alternative schema by which wearable fitness trackers could be integrated into an organization to support healthy habits amongst employees, but in a manner that respects the data privacy of the individual wearer.
Original languageEnglish
Pages (from-to)65–94
Number of pages29
JournalInternational Journal of Comparative Labour Law
Volume37
Issue number1
Publication statusPublished - 1 Feb 2021

Keywords

  • fitness trackers
  • GDPR
  • data protection
  • workplace monitoring
  • privacy
  • Fitbit

Fingerprint Dive into the research topics of 'Is That Lawful? Data Privacy and Fitness Trackers in the Workplace'. Together they form a unique fingerprint.

Cite this