Wearables cannot be used for monitoring staff, even with their explicit permission or when done anonymously, so says The Netherlands’ Data Protection Authority in a new ruling against two companies.
That could put a pin in the future of the quantified self at work, particularly as the Dutch law is derived from the EU’s data protection framework, meaning other European countries could soon rule this as an unpalatable intrusion into people’s personal lives.
Do you want to be a cryptocurrency millionaire?
Don't get your hopes up.
This particular case involved two unnamed companies, both of which were monitoring movement, one of which was also looking at the sleep patterns of its staff.
The agency said: “Data on the amount of movement and data on sleep patterns is sensitive personal data… [processing this has] strict legal requirements.”
Employers are not even allowed to use a third-party company to process the data, or the wearable supplier itself, the ruling says.
This is not the first time that the Dutch Data Protection Authority has raised concerns about wearables, with the organization ruling late last year that the Nike+ app violates data privacy regulations.
Of course, countries like the US are not in any way beholden to the same laws as EU countries, with Oral Roberts University in Oklahoma famously forcing all of its students to wear Fitbits to ensure they’re moving enough each day.
But – whether designed to help people be healthier or not – this might yet be an intrusion too far for many citizens if it becomes a widely used practice. Expect wearable bonfires in the streets of Europe imminently.
➤ Employers should not process health data from wearables (Dutch) [Dutch Data Protection Authority via The Register]