The UK Information Commissioner’s Office (ICO) published its final guidance on monitoring workers on 3 October 2023 (the Guidance). The Guidance is aimed at employers across both the private and public sector. Responding to the rise of remote working and new technologies available to monitor employees, the ICO has looked to provide clear direction on
data protection
The new German Works Council Modernization Act


The “Act to Promote Works Council Elections and Works Council Activities in a Digital Working World” (Betriebsrätemodernisierungsgesetz – Works Council Modernization Act) came into force on June 18, 2021. The Act is intended to facilitate the activities of works councils and to strengthen the co-determination rights of works councils with regard to the use of artificial intelligence (AI) and the plans for more mobile working in companies.
Promoting works council elections
UK Pensions: Data transfers from the EU likely to continue uninterrupted

We’re pleased to report what looks like some good news for pension schemes on data protection.
The European Commission has published a draft decision as to the “adequacy” of the UK’s data protection laws. If the draft decision is formally approved by EU Member States, this would allow personal data to flow from the EU…
New EU rules for protection of whistleblowers

On 7 October 2019, the EU Council formally adopted the new Whistleblowing Directive that will guarantee whistleblowers EU-wide standards of protection. The Directive obliges both public and private organisations and authorities to set up secure reporting channels, so that whistleblowers can report violations of EU law as safely as possible. Member States have two years…
German court: Protection of whistle-blower confidentiality does not generally override the data subject access right

On the scope of subject access requests under the EU General Data Protection Regulation (GRPR) in the context of compliance and whistle-blowing regimes, the Regional Labour Court (Landesarbeitsgericht) of Stuttgart decided that an employer was required not only to provide an employee with the records containing performance and behavioural data, but…
Vicarious liability in the data breach context – bad news for UK employers
The Court of Appeal has upheld a decision of the High Court holding that an employer can be vicariously liable for data breaches caused by the actions of an employee, even where the employee’s actions were specifically intended to harm the employer. This decision is significant as it means a company can be held liable…
RGPD : nouveau facteur de risque en droit social?

Le règlement général sur la protection des données (« RGPD ») est entré en vigueur le 25 mai 2018. Il modifie la législation antérieure sur le traitement des données personnelles en supprimant notamment le principe de déclaration préalable à la CNIL. Cette déclaration est remplacée par une obligation pour l’entreprise de démontrer la conformité de…
The GDPR – What does it mean for Employers?

You cannot fail to have noticed that the GDPR (General Data Protection Regulation ((EU) 2016/679)) came into force today. The Data Protection Act 2018 received Royal Assent on 23 May and ensures that the standards set out in the (GDPR) have effect in the UK.
The GDPR affects the processing of employment data – but…