EU consults on data privacy changes

IT looks set to be the subject of further legislation from London and Brussels in the next year.

IT looks set to be the subject of further legislation from London and Brussels in the next year.

IT managers across the European Union can expect changes to their national workplace data protection regulations in the wake of a wide-ranging and detailed public consultation launched by the European Com-mission.

Brussels has already concluded that the widely divergent rules and practices among member states must be harmonised so legislation will inevitably be tabled.

The only questions are what issues will be covered and when Brussels will act.

In the meantime, the commission has asked for views from what it calls the EU social partners, federations including the UEAPME (the EU's crafts, trades and small business group), the Union of Industrial and Employers' Confederations of Europe, the European Trade Union Confederation, and Eurocadres (the council of European professional and managerial staff).

They will respond to a detailed paper from the commission, which spells out its position. Notably, it says that employees should not be forced to consent to the processing of sensitive personal data as an employment condition, where it covers ethnicity, politics, religion, trade union membership, health or sexual orientation.

It also wants clear EU rules on the handling of health data, especially on whether employers should receive all the results of a medical examination.

The commission added that it wants firm limits on the use of employee drug test results and signals that it may move to ban the use of genetic testing of workers altogether.

Although many member states do not ban this practice, the commission said it falls outside the EU Charter of Fundamental Rights.

"The EU needs clearer, simpler rules on protection of workers' personal data, which take better account of the employer/worker relationship," said Anna Diamantopoulou, EU commissioner for employment and social affairs.

Business groups have six weeks to respond to the commission paper, after which the commission can propose firm legislation.

European Commission

Read more on IT risk management