Digital ethics: the legal view
Are you implementing digital techologies? Make sure you know all the legals before jumping in
As well as the ethical dilemmas, there are a number of legal issues HR needs to consider when deciding whether or not to implement digital technologies.
Most of the data to be collected is likely to be personal data, says Antonia Blackwell, legal director at Shoosmiths LLP, meaning individuals can be identified from the data, and will therefore be subject to Europe's General Data Protection Regulation (GDPR) and the Data Protection Act 2018. “It will depend on what is being collected but something like data from wearables is likely to be attributable to an individual,” she says.
The main obligations here are making sure there is a lawful basis for processing the data, being transparent with employees around what is being collected and why, only using the data for that purpose, only collecting data that is actually needed, as well as storing it securely and deleting it when it is no longer needed.
Organisations are likely to need to carry out a data protection impact assessment as well as a legitimate interest assessment ahead of implementing new technologies, says Adele Hayfield, partner at Shoosmiths LLP.
“Businesses can look at all these areas and identify what their lawful grounds are for processing that data in a fair way,” she says. It’s also vital organisations have a system that enables them to access the information when requested by the data subject and measures to prevent any data breaches, she adds.
HR also needs to think about other implications from having more information on their workforce, says Blackwell.
“For instance, if you collect wellbeing information which shows a person has sustained high blood pressure, this could then mean you have knowledge that person is disabled in a legal sense or at risk of a heart attack which could then give rise to liability under personal injury or discrimination legislation.”
Hayfield adds: “HR has a role to ensure that the data isn’t just collected but is acted upon appropriately. For this reason, it is very important that HR is involved at the design stage of any new technologies, so it can put forward these important considerations.”
Organisations are likely to need to carry out a data protection impact assessment as well as a legitimate interest assessment ahead of implementing new technologies