Employers’ Use of Vehicular GPS to Track Employees
The Israeli Privacy Protection Authority recently published a statement presenting its position and recommendations on privacy protection as it pertains to the collection of employee geolocation data using designated applications and vehicular GPS systems. The statement explains to employers what they should examine when using GPS, to avoid violating their employees’ right to privacy. It also details employers’ obligations pursuant to the Privacy Protection Law.
Following are highlights of the Privacy Protection Authority’s statement.
May employers use vehicular GPS to track their employees?
Employers may use GPS only for a predefined, legitimate, justified, and essential purpose. Employers must first ascertain if the type of work and the nature of an employee’s job are such that justify tracking his or her geolocation data, and if such tracking fulfills a legitimate purpose. Not every type of job justifies tracking an employee’s geolocation data. For example, an employer would struggle to justify continuous collection of an employee’s geolocation data if the employee’s job mainly involves routine office work. On the other hand, employers may be able to justify such tracking when an employee’s job requires high mobility. Hence, employers must initially determine if the nature of work justifies the monitoring of geolocation data. They should also confirm the legitimate purpose behind its use.
Within this context, the Privacy Protection Authority stated that, as a rule, it will not recognize the collection of employees’ geolocation data after their actual work hours as serving a legitimate purpose, and recommended employers avoid this.
Should employers consider alternatives to GPS?
Yes. GPS usage should be limited to cases where no alternative exists. This should follow a careful assessment of the balance between benefits and potential privacy violations to employees. Within this context, the guiding principle is proportionality, a recurring theme in the Privacy Protection Authority’s statement.
Employers should first ascertain if there are alternatives that infringe less on employees’ privacy. If no alternatives exist, configuring trackers is key. Monitoring should occur only during work hours, excluding breaks and after-work periods. In addition, data must be stored or encrypted in an unidentifiable manner.
Must employers inform employees they are being tracked?
Absolutely. Prior to commencing data collection, employees should receive clear information about the employer’s customary policy provisions. This encompasses the extent of geolocation data usage, including data utilization purposes, tracker operational hours, data retention duration, authorized personnel with access to the information, and more. Employees also have the right to review data collected about them when utilizing GPS trackers. Therefore, employers should formulate a clear policy regarding GPS tracking and present it to their employees with full transparency.
Must employers obtain their employees’ consent to GPS tracking?
Yes. The nature of continuous employee surveillance, even beyond the workplace, necessitates specific consent for GPS tracking. This ensures compliance with legal and ethical considerations. The consent should be customized and limited to the collection of geolocation data. Moreover, this consent should not tie in to other actions that require obtaining the employees’ consent.
The Privacy Protection Authority’s Position
The publication of the aforesaid statement is part of a broad course of action the Privacy Protection Authority is taking to regulate the work environment in a manner that protects employees’ rights to privacy. Accordingly, the Privacy Protection Authority recently published its position paper entitled “Privacy Aspects When Monitoring Employees Who Are Working Remotely” (May 2023) and a policy document for public comments entitled “Collection and Use of Biometric Information in the Workplace” (July 2023). Employers should be aware and properly regulate the ways they collect and retain information about their employees during work hours.
***
Dr. Avishay Klein, head of Barnea Jaffa Lande’s Privacy, Data Protection and Cyber Department, and Adv. Netta Bromberg, head of the firm’s Employment Department, are happy to answer questions regarding employee monitoring and privacy.