Employee Health Data in European Law : Privacy is (not) an Option?
Enqvist, Lena and Litins'ka, Yana LU
(2022)
In Nordic Journal of European Law
5(1).
p.40-66
- Abstract
- While there are many feasible reasons for employers to process employee health data, the protection of such data is a fundamental issue for ensuring employee rights to privacy in the workplace. The sharing of health data within workplaces can lead to various consequences, such as losing a sense of privacy, stigmatisation, job insecurity and social dumping. At the European level, the Convention for the Protection of Human Rights and Fundamental Freedoms (ECHR) and EU General Data Protection Regulation (GDPR)–two interconnected instruments–offer the most enforceable protection of employee health data. The article analyses the limits of employees’ right to privacy regarding health data, as delineated by the ECHR and GDPR. Using three fictive... (More)
- While there are many feasible reasons for employers to process employee health data, the protection of such data is a fundamental issue for ensuring employee rights to privacy in the workplace. The sharing of health data within workplaces can lead to various consequences, such as losing a sense of privacy, stigmatisation, job insecurity and social dumping. At the European level, the Convention for the Protection of Human Rights and Fundamental Freedoms (ECHR) and EU General Data Protection Regulation (GDPR)–two interconnected instruments–offer the most enforceable protection of employee health data. The article analyses the limits of employees’ right to privacy regarding health data, as delineated by the ECHR and GDPR. Using three fictive examples, we illustrate how the level of protection differs in these two instruments. In particular, we show that the protection of health data offered by the GDPR is seen as an objective act of processing at the time it is carried out, where the actual impact caused by the processing on private life is not considered. On the contrary, the ECHR’s applicability and offered level of protection in the employment context depend on subjective factors, such as the consequences of sharing the data. (Less)
Please use this url to cite or link to this publication:
https://lup.lub.lu.se/record/dd9d6778-8bd2-4ea3-acf2-49676ff29480
- author
- Enqvist, Lena
and Litins'ka, Yana
LU
- organization
- publishing date
- 2022-08-31
- type
- Contribution to journal
- publication status
- published
- subject
- keywords
- Human rights, Public law, GDPR, European Convention on Human Rights (echr), Right to privacy, Employee, Medical law, Health data, Infectious disease, Infectious disease control, Mental health, Data processing, Data protection, Mänskliga rättigheter, Offentlig rätt, GDPR, ECHR, Rätt till privatliv, Anställd, Medicinsk rätt, Hälsodata, Smittsam sjukdom, Smittskydd, Psykisk hälsa, Databehandling, Dataskydd
- in
- Nordic Journal of European Law
- volume
- 5
- issue
- 1
- pages
- 27 pages
- ISSN
- 2003-1785
- DOI
- 10.36969/njel.v5i1.24498
- project
- Improved preparedness for future pandemics and other health crises through large-scale disease surveillance
- language
- English
- LU publication?
- yes
- id
- dd9d6778-8bd2-4ea3-acf2-49676ff29480
- date added to LUP
- 2022-08-08 20:39:51
- date last changed
- 2023-04-03 10:41:38
@article{dd9d6778-8bd2-4ea3-acf2-49676ff29480,
abstract = {{While there are many feasible reasons for employers to process employee health data, the protection of such data is a fundamental issue for ensuring employee rights to privacy in the workplace. The sharing of health data within workplaces can lead to various consequences, such as losing a sense of privacy, stigmatisation, job insecurity and social dumping. At the European level, the Convention for the Protection of Human Rights and Fundamental Freedoms (ECHR) and EU General Data Protection Regulation (GDPR)–two interconnected instruments–offer the most enforceable protection of employee health data. The article analyses the limits of employees’ right to privacy regarding health data, as delineated by the ECHR and GDPR. Using three fictive examples, we illustrate how the level of protection differs in these two instruments. In particular, we show that the protection of health data offered by the GDPR is seen as an objective act of processing at the time it is carried out, where the actual impact caused by the processing on private life is not considered. On the contrary, the ECHR’s applicability and offered level of protection in the employment context depend on subjective factors, such as the consequences of sharing the data.}},
author = {{Enqvist, Lena and Litins'ka, Yana}},
issn = {{2003-1785}},
keywords = {{Human rights; Public law; GDPR; European Convention on Human Rights (echr); Right to privacy; Employee; Medical law; Health data; Infectious disease; Infectious disease control; Mental health; Data processing; Data protection; Mänskliga rättigheter; Offentlig rätt; GDPR; ECHR; Rätt till privatliv; Anställd; Medicinsk rätt; Hälsodata; Smittsam sjukdom; Smittskydd; Psykisk hälsa; Databehandling; Dataskydd}},
language = {{eng}},
month = {{08}},
number = {{1}},
pages = {{40--66}},
series = {{Nordic Journal of European Law}},
title = {{Employee Health Data in European Law : Privacy is (not) an Option?}},
url = {{http://dx.doi.org/10.36969/njel.v5i1.24498}},
doi = {{10.36969/njel.v5i1.24498}},
volume = {{5}},
year = {{2022}},
}