Teleworking has been the Government's immediate response to stop the economic slowdown resulting from the pandemic. The use of so-called information technologies has come to the rescue of what can be called one of the greatest economic and social crises worldwide. As a result, companies and businesses have given in to the digitalization process with the use of ICT.
The evolution of teleworking in times of COVID-19
The Eurofound survey“Living, working and COVID-19” pointed out that almost four out of every ten working people (thirty-seven percent) began to telework due to the pandemic (thirty percent in Spain). This has contributed to the fact that the number of hours worked has decreased less in those countries where teleworking increased to a greater extent. Similarly, in a survey of SMEs carried out by CEPYME, teleworking is assumed to be the star measure to face the coronavirus crisis, in forty-six percent of cases. In some countries the figures clearly reflect this preference for use: for example, in Finland during the pandemic the use of teleworking reached sixty percent. Likewise, in countries such as France, Portugal or Italy, the use of remote work was configured with a certain degree of obligation or preference over other forms of business action during the pandemic.
As an important sector of the doctrine points out, the teleworking voluntary requirement has been sacrificed for the preservation and protection of public health[Yo]. The figure of teleworking as a form of remote work is gaining popularity compared to the traditional business organization, which undoubtedly brings with it new and more flexible practices, causing organizational changes and the strengthening of training and employability.
Teleworking as we experience it today is enormously far from the figure regulated until then in our system. What's more, although Royal Decree-Law 28/2020, of September 22, on remote work proclaims this option, it is clear that it refers us to work carried out from the worker's home without prior guarantees or financial compensation. From what has been seen until then, it is recognized certain drawbacks: increase in security breaches, processing of personal data with poor or non-existent security measures, continuous hours, hyperconnectivity, computer fatigue, work isolation, difficulties in reconciling work and family life, burnout syndrome, etc.
What happens with the processing of personal data during the imposition of teleworking due to the health crisis?
An important sector of doctrine has attributed the following name to labor standards during the pandemic: Labor Law of the Health Emergency. During the state of alarm, teleworking was established as a work modality imposed par excellence. Once the initial stage has been transcended, the recent regulation of remote work aims to fill the gaps and uncertainties that during these months of staging have proven insufficient. A high and uncontrolled risk arises when teleworking is carried out with the worker's personal resources, in a public environment, with a home internet connection and without tangible limits between the worker's personal and work content in the use of digital tools. By the way, the latter also translates into an affectation of the aforementioned Conciliation of work and family life because the boundaries between work hours and personal time during confinement became more than a gray area.
The Royal Decree-Law refers to the right to privacy, data protection and the right to digital disconnection as banners of Law in relation to the use of digital media. However, its reference is quite lax and even repetitive (art. 18) in relation to the terms established in article 88 of Organic Law 3/2018, of December 5. In this sense, we have a new regulation that, compared to certain risk factors, continues to keep us exposed. Consequently, regulations planned to avoid the negative effects of teleworking have proven to lack guarantees.
Given this, what actions can we take?
The company is responsible for ensuring compliance with the measures or instructions associated with data protection, emphasizing its powers of business control transferred to the use of digital media. Fortunately, in the absence of clear regulatory provisions, the Spanish Data Protection Agency issued a document called: Recommendations to protect personal data in mobility and teleworking situations. Below, we cite the most relevant considerations to take into account:
- Previously define a policy of information protection for mobility situations resulting from a reasoned agreement between the employer and the workers' representatives.
- Choose IT solutions and reliable service providers with guarantees to facilitate teleworking.
- Restrict access to information through levels of access to resources and information.
- Review and configure periodically the equipment and devices used in mobility situations.
- Monitor and identify abnormal patterns in access to the corporate network coming from abroad.
- Rationally manage certain data protection and security measures and guarantees. Remote access applications and solutions must be planned and evaluated taking into account privacy principles by design and by default.
Finally, the security measures and the assumptions of proactive responsibility inherent to the data protection mechanisms within a company are maintained and transferred to the home of each worker. Added to due diligence and the recommendations of the AEPD, we can make a practice like teleworking a safe practice.
[Yo] A much more detailed study on the background of this standard can be consulted in: Sanguineti Raymond, W., ¿La tiempo del teleworking?, Trabajo y Derecho 66/2020 (June), No. 66, June 1, 2020m, Wolters Kluwer editorial .
