The Israeli Privacy Protection Authority (“PPA”) published an opinion regarding the collection of employee location data by employers on 31.08.2021.
In the opinion, the PPA emphasized that collecting and processing a person's location data is a significant violation of privacy, even when done during work hours, and employers who wish to collect employee location data should do so only after a thorough examination of the benefits that will arise from such collection versus the cost of violation of the employee's right to privacy.
In recent years, and especially in recent times when remote work has become more common, the practice of employers using technological tools to supervise their employees and the quality of their work is increasingly widespread. In most cases, such monitoring systems are used for employees, with regard to which, due to the nature of their duties, such as drivers, couriers and sales agents it is difficult to monitor their working hours and location. This type of tracking can be done through dedicated apps that employees are asked to install on their private cellphone or on the device provided by the workplace or by means of systems that collect location data in a vehicle.
In the opinion published by the Authority, it emphasizes that:
Employers that wish to use a system to collect and process employee location data are required to comply with the provisions of the Privacy Protection Law, and amongst others
- to comply with the proportionality requirement, balancing the benefits that will arise from this, and the damage and violation of the worker's right to privacy during work;
- in the absence of an alternative, which can collect data, without the collection of location data; and
- for a legitimate and essential purpose for the workplace.
The employer should consider whether the type of work and the nature of the employee's role are such that the tracking of location data is justified. In general, the PPA clarifies that it will be difficult to justify continuous collection of location data, for employees whose main place of work is an office.
The PPA also emphasizes that even in cases where there is a legitimate and essential purpose for the workplace, which meets the requirements, the employer must meet the following conditions:
- The information may only be used for the initial purpose for which it was collected;
- The employer must be transparent to employees and bring to their attention in detail, clearly and clearly, before the collection and use of information begins, the rules of policy regarding the scope of use of the location data collected, including the purposes of their use, the range of hours in which the collection system is operated, the duration of the retention of the information, and which officials will be allowed to view the information;
- Explicit, specific and separate consent of the employee is required for the issue of location data collection. It should be clarified that the consent should be tailored and limited solely to the purpose for which it was requested.
- It is necessary to avoid collecting location data of an employee outside of actual working hours, whether it is collecting location data through a dedicated app, or it is a vehicle location that the employer has allowed the employee to use beyond working hours, due to the fear that personal information about the employee's family members will be collected in this framework.
- The employer must meet the security requirements of the information collected in the framework of using the system in accordance with the provisions of the Privacy Protection Regulations (Information Security).
Article provided by INPLP member: Beverley Zabow (BL&Z Law Offices & Notaries, Israel)
Discover more about INPLP, the INPLP-Members and the GDPR-FINE database
Dr. Tobias Höllwarth (Managing Director INPLP)
