Profiling in Employment Situations (Fraud)

  • Nils Leopold
  • Martin Meints

Profiling in employment related situations has found increasing application during the last ten years as an instrument for electronic (and in some cases highly automated) employee monitoring. In the first part of this article the European legal grounds for workers’ data protection are described; the Data Protection Directive 95/46/EC is only one but an important part of the existing European legal framework. General principles for data protection at the workplace derived from this European legal framework are outlined.

In the second part, examples of profiling practice in employment situations will be described and analysed concerning legal and technological aspects based on case studies that are raised in, among others, Privacy Commissions in Germany. Core elements of a legally compliant implementation will be outlined. The case studies include: e-mail analysis and profiling applied by intrusion detection / intrusion prevention systems, skill management tools and fraud prevention, for example, in the retail sector through embezzlement by cashiers

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Art. 29 Data Protection Working Party, WP No. 48 Opinion 8/2001 on the processing of personal data in the employment context, adopted on 13 September 2001. Available at: http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2001/wp48en.pdf.
  2. Art. 29 Data Protection Working Party, WP No. 55 Working document on the surveillance of electronic communications in the workplace, adopted on 29 May 2002. Available at: http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2002/wp55_en.pdf.
  3. Bennett, C., J., Bayley, R.M., ‘Video Surveillance and Privacy Protection Law in Canada’, in Nouwt, S., de Vries, B.R., Prins, C. (eds.), Reasonable Expectations of Privacy? Eleven Country Reports on Camera Surveillance and Workplace Privacy, T.M.C. Asser Press, the Netherlands, 2005, pp. 61–90.Google Scholar
  4. Bergkamp, L., ‘EU Data Protection Policy. The Privacy Fallacy: Adverse Effects Of Europe’s Data Protection Policy in An Information-Driven Economy’, Computer Law & Security Report, Vol. 18, No. 1, Elsevier, Netherlands, 2002, pp. 31–45.Google Scholar
  5. Blas, D.A., ‘Transfers of personal data to third countries in the employment context: the use of international databases for workers’ data’, Privacy & Informatie, Jaargang 4, No.1 Kluwer Juridische Uitgevers, Belgium, 2002, pp. 24–28.Google Scholar
  6. Business for Social Responsibility Education Fund, Striking a Balance: e-Privacy in the Workplace, 2001.Google Scholar
  7. Blok, P., Het recht op privacy. Een onderzoek naar de betekenis van het begrip ‘privacy’ in het Nederlands en Amerikaans recht, Den Haag: Boom Juridische uitgevers, 2002.Google Scholar
  8. Blok, P., ‘Protection des données aux Etats-Unis’ Chapter 1, Title IV in De Hert, P., (ed.), Manuel sur la vie privée et la protection des données, Ed. Politéia, Brussels, update No. 7 (2001), pp. 3–40.Google Scholar
  9. Crichard, M., ‘E-Mail Monitoring- Eavesdropping At Work — Is It Legal?’, Computer Law & Security Report, Vol. 17, No. 2, Elsevier, Neth., 2001, pp. 120–121.Google Scholar
  10. De Hert, P. & De Schutter, O., ‘Straatsburg, videosurveillance en het vorderingsrecht van verenigingen’ [Video-Surveillance and Organisations before the European Court], Algemeen Juridisch Tijdschrift (A.J.T.), No. 16, Mys en Breesch, Gent, 1998, pp. 504–511.Google Scholar
  11. De Hert, P., ‘Internetrechten in het bedrijf. Controle op e-mail en Internetgebruik in Belgisch en Europees perspectief’, [Employer control of e-mail and Internet in Belgium and Europe], Auteur&Media, No. 1, 2001, pp. 110–116.Google Scholar
  12. De Hert, P., ‘Kenbaarheid van bedrijfscontrole op e-mail en internetgebruik. Factoren die spelen bij de chaos rond dit leerstuk [Foreseaability of Surveillance by Employers of E-mail and Internet. Factors that Contribute to the Vagueness of Privacy Protection], Privacy & Informatie, Jaargang 4, No. 1, Kluwer Juridische Uitgevers, Belgium 2002a, pp. 26–30.Google Scholar
  13. De Hert, P., ‘European Data Protection and E-Commerce: Trust Enhancing?’ in Prins, J.E.J., Ribbers, P.M.A. Van Tilborg, H.C.A. Veth, A.F.L & Van Der Wees, J.G.L. (eds), Trust in Electronic Commerce, The Hague, Kluwer Law International, 2002b, pp. 171–230.Google Scholar
  14. De Hert, P., Loncke, M., ‘Camera Surveillance and Workplace Privacy in Belgium’, in Nouwt, S., de Vries, B.R., Prins, C. (eds.), Reasonable Expectations of Privacy? Eleven Country Reports on Camera Surveillance and Workplace Privacy, T.M.C. Asser Press, the Netherlands, 2005, pp. 167–209.Google Scholar
  15. De Hert, P. & Gutwirth, S., ‘Privacy, data protection and law enforcement. Opacity of the individual and transparency of power’ in Claes, E., Duff, A. & Gutwirth, S. (eds.), Privacy and the criminal law, Antwerp/Oxford, Intersentia, 2006, pp. 61–104.Google Scholar
  16. de Vries, H., ‘Rechtspraak over ‘mailen en ’surfen’, Privacy & Informatie, Jaargang 4, No.1, Kluwer Juridische Uitgevers, Belgium, 2002, pp. 4–9.Google Scholar
  17. European Commission, Second stage consultation with the community social partners on the protection of personal data in the employment context from 30/10/2002. Available at: http://europa.eu.int/comm/employment_social/news/2002/oct/data_prot_en.html.
  18. Fitzpatrick, J., ‘Revitalizing the 1951 Refugee Convention’, Harvard Human Rights Journal, Vol. 9, Harvard Law School and Harvard Human Rights Program, Harvard, 1996, pp. 229–253.Google Scholar
  19. Gold, S., Dutch Employers Can Monitor Employees’ Online Activities”, Newsbytes (01/10/01) Available at: http://www.newsbytes.com/news/01/160295.html.
  20. Gilbert, G., ‘The Legal Protection Accorded to Minority Groups in Europe’, N.Y.I.L., Vol. 23, Cambridge University Press, Cambridge, 1992, pp. 67–104.Google Scholar
  21. Gutwirth, S. Privacy and the Information Age, Lanham, Rowman & Littlefield Publ., 2002.Google Scholar
  22. Hathaway, J., Neve, R.A. ‘Making International Refugee Law Relevant Again. A Proposition for Collectivized and Solution Oriented Protection’, Harvard Human Rights Journal, Vol. 10, Harvard Law School and Harvard Human Rights Program, Harvard, 1997, pp. 112–137.Google Scholar
  23. Hendrickx, F., Protection of workers’ personal data in the European Union: Part I–general issues and sensitive data; Part II–surveillance and monitoring at work; Tilburg 2002. Available at: http://europa.eu.int/comm/employment_social/labour_law/docs/dataprotection_hendrickx_combinedstudies_en.pdf.
  24. Jackson, I.C., ‘The 1951 Convention relating to the Status of Refugees: A Universal Basis for Protection’, International Journal of Refugee Law, Vol. 3, No. 3, Oxford University Press, Oxford, 1991, pp. 403–413.Google Scholar
  25. Koops, B.-J., et al., ‘Should self-regulation be the starting point?’, in Koops, B.-J. et al. (Eds)., Starting Points for ICT Regulation, The Hague, TMC Asser Press, 2006, pp. 109–150.Google Scholar
  26. Lasprogata, G., King, N. J., Pillay, S., ‘Regulation of Electronic Employee Monitoring: Identifying Fundamental Principles of Employee Privacy through a Comparative Study of Data Privacy Legislation in the European Union, United States and Canada’, Stan. Tech. L. Rev. 4, Stanford 2004. Available at: http://stlr.stanford.edu/STLR/Articles/04_STLR_4/index.htm.
  27. Leonard, Th. & Poullet, Y., ‘La protection des données à caractère personnel en pleine (é) volution. La loi du 11 décembre 1998 transposant la directive 95/46/C.E. du 24 octobre 1995’, Journal des Tribunaux, Larcier, Belgium, 22 May 1999, 378 ff.Google Scholar
  28. Parrish, M., ‘Redefining the Refugee: The Universal Declaration of Human Rights as a Basis for Refugee Protection’, Cardozo Law Review, Vol. 22, No. 1, 2000, pp. 223–267. Available at: http://www.cardozo.yu.edu/cardlrev/pdf/221Parrish.pdf.
  29. Solove, D.J., Rotenberg, M., Information Privacy Law, Elective Series, Aspen, 2003.Google Scholar
  30. Working Party, Opinion 8/2001 on the processing of personal data in the employment context, adopted on 13 September 2001, 5062/01/EN/Final, WP 48.Google Scholar

Copyright information

© Springer Science + Business Media B.V 2008

Authors and Affiliations

  • Nils Leopold
    • 1
  • Martin Meints
    • 1
  1. 1.Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein, Germany (ICPP)Germany

Personalised recommendations