IGF 2022 WS #213 Privacy in Practice: Ensuring Data Protection in Workplaces

Organizer 1: Daphne Stevens, Youth Coalition on Internet Governance
Organizer 2: Olumayowa Oluwasanmi, Youth Observatory
Organizer 3: Stella Anne Ming Hui Teoh, Internet Society IGF Youth Ambassador Program

Speaker 1: Daniel Jr Dasig, Technical Community, Asia-Pacific Group
Speaker 2: Rilla Gusela Sumisra, Government, Asia-Pacific Group
Speaker 3: EMMANUEL KWASI GADASU, Private Sector, African Group
Speaker 4: Nicolas Fiumarelli, Civil Society, Latin American and Caribbean Group (GRULAC)

Moderator

Daphne Stevens, Civil Society, Western European and Others Group (WEOG)

Online Moderator

Olumayowa Oluwasanmi, Civil Society, Intergovernmental Organization

Rapporteur

Stella Anne Ming Hui Teoh, Technical Community, Asia-Pacific Group

Format

Round Table - U-shape - 90 Min

Policy Question(s)

How can employers be more incentivised to implement the requirements coming from data protection legislation in the workplace?
How can a balance be created between security, usability and privacy in the workplace?
What regulatory approaches could be effective in upholding privacy rights of employees and offering adequate remedies in case of rights violation?

Connection with previous Messages: The session aims to build further on the following IGF 2021 message: “With the expansion of platform and digital work, regulators need to ensure that labour dimensions are added to broader digital policies and regulations, so that the rights and interests of workers are adequately protected.”

This session aims to look at a specific right of workers, namely the right to privacy and data protection in the workplace. This is a right that often seems to be overlooked in discussions about workers’ rights, which is being brought to the public’s attention during this session.

SDGs

8.8


Targets: The session links with the SDG Targets 8.8 and 16.10. Starting a discussion about privacy and data protection in the workplace will make sure that a first step is taken with the goal that a specific human right, namely the right to privacy, is protected in working environments, therefore promoting a safe and secure working environment for all workers where the right to privacy is respected. Furthermore, by creating more awareness of the right to privacy and the remedies that are available when this right is breached, the public has access to knowledge about this, which would allow them to protect a fundamental right.

Description:

More and more countries are starting to implement data protection legislation, for example the European Union, Ghana, South Africa, Japan, Brazil and Canada. This creates more substantive privacy rights for individuals, but employers often struggle with the implementation of the data protection rules in their companies. Privacy-infringing actions often make life in the workspace easier, for example by using biometric data to provide access to workspaces, monitoring the behavior of employees while they are browsing online for security reasons or sharing personal information of employees with third parties. However, it is possible for companies to work effectively and securely while also complying with data protection legislation. This session aims to discuss the manner in which employers can be further incentivised to implement the requirements flowing from data protection legislation in the workplace.

A succinct example for the conundrum between security, usability and privacy can be explained through BYOD workplaces, where employees are allowed to bring in their own devices instead of using company issued devices. While bringing your own device might lead to increased employee satisfaction and reduced long term costs for the company, a security-oriented workplace would either advise against this or try to rigidly control these devices, leading to potential privacy infringements (for example by putting internet filters on an employee’s personal laptop). This example emphasizes the complexity of finding the right balance between security, usability and privacy, which can lead to difficult discussions in companies. This session aims to share best practices to create a balance between these three factors that are of great importance in the workplace - security, usability and privacy.

Due to the employer-employee relationship, it is more difficult for an employee to speak up about breaches of privacy rights at work. Remedies that are currently available (for example in the form of invoking specific privacy rights and making complaints to regulatory authorities) seem to remain unknown to employees and, when they are invoked, ineffective in having an actual impact - namely to fulfill the aim of halting the right-breaching behavior. Therefore, this session also aims to assess manners in which action can be taken in case breaches of privacy rights are discovered and this behavior is not changed after the breach has been pointed out to the employer.

Expected Outcomes

The primary outcome of this session will be capacity building in the area of data protection; giving attendees a view into global issues impacting privacy in the workplace, and starting a discussion how data protection regulation can be further implemented in the workplace. As privacy regulations are emerging in more and more countries, the session aims to guide the private sector who has to comply with these rules, and the civil society to learn more about how privacy and data protection rights can be ensured. Thus, the main outcome of the session is expected to be triggering a long-term, yet intensive process of discussions on data protection in the workplace on various multi-stakeholder platforms, also other than the Internet Governance Forum (IGF). To do this, the session organizers are planning to conduct a one- or two-weeks follow-up online advocacy campaign on social media (mainly Facebook, Twitter, Instagram, and Vote. One). The campaign will be conducted via short Instagram-friendly “swipeable” posts prepared by the organizers which will contain the policy outcomes of the session. The session organizers will prepare and disseminate the messages on all possible online platforms among their contacts and networks. The aim is to create more awareness about the importance of privacy in the workplace and to continue the discussion about this subject.

Hybrid Format: The session aims to facilitate a panel discussion where participants are able to contribute, ask questions and leave comments both online and onsite. For this purpose, the session will feature both online and onsite moderators who will have regular communication to keep the participants equally engaged. While the onsite moderator will direct the session and hear the participants’ questions, physically attending the session, the online moderator will be keeping an eye on the questions and comments that are shared online and bring these into the discussion by communicating them to the onsite moderator. The session is going to ensure interactions through a Q&A and comment section in the online application where the session will be taking place (e.g. Zoom). The organizers may potentially utilize the Slido application for live Q&A and comments as an alternative. Both online and onsite moderators will make sure that the questions and comments are not overlooked, but play an important role throughout the session. In this regard, the organizing team is planning to ensure stable and effective communication between onsite and online moderators.

Online Participation



Usage of IGF Official Tool.