PROTECTION OF PRIVACY IN AN EMPLOYMENT RELATIONSHIP

SOURCES OF LAW Data Protection Act (1050/2018) General Data Protection Regulation (GDPR) Act on the protection of privacy in working life 759/2004

CONCEPTS personal data any information on a private individual and any information on his/her personal characteristics or personal circumstances, where these are identifiable as concerning him/her or the members of his/her family or household processing of personal data collection, recording, organisation, use, transfer, disclosure, storage, manipulation, combination, protection, deletion and erasure of personal data, as well as other measures directed at personal data personal data file a set of personal data, connected by a common use and processed fully or partially automatically or sorted into a card index, directory or other manually accessible form so that the data pertaining to a given person can be retrieved easily and at reasonable cost controller a person, corporation, institution or foundation, or a number of them, for the use of whom a personal data file is set up and who is entitled to determine the use of the file, or who has been designated as a controller by an Act data subject the person to whom the personal data pertains

EMPLOYEE’S PERSONAL DATA(1) Prerequisites of processing Personal data must be collected primarily from the employee himself Exceptions to fulfil statutory duty Necessity requirement Restrictions in processing sensitive data Description of file Controller, purpose, group of data subjects, data, regular destinations of disclosed data, principles on securing the data, source of data Open to employees Subject to the Co-operation procedure

EMPLOYEE’S PERSONAL DATA(2) Data subject’s rights Information on the processing of data Right of access Controller may refuse only exceptionally Security, criminal issues, privacy of other individuals Written certificate Right of rectification If the controller refuses => written certificate

TRANSFERRING EMPLOYEE’S PERSONAL DATA(3) Within the company only to those who need the data when performing their job By virtue of law to authorities, insurance companies, shop steward Occasional transferring allowed if it is in accordance with the purpose of the file and evidently known by the data subject Data subject has the right to prohibit the controller to transfer personal data for purposes of Direct advertising or marketing Distance selling Market research Opinion polls Public registers Genealogical research, Transferring generally allowed only within the EU:n ja EEA

HEALTH INFORMATION Regarded as sensitive data, the processing of which is basicly prohibited Employer may process health information to only To pay sick leave To establish whether there is a justifiable reason for absence If the employee expressly wishes his/her working capacity to be assessed on the basis of information If otherwice stipulated by law Employer may process health information only if collected from the employee himself or with his consent Only necessary information Health information may only be processed by nominated persons in the company

PERSONALITY AND APTITUDE ASSESSMENTS Allowed if necessary when determining Capabilities of performing the work in question Need for training or occupational development Only with the employee’s consent Only by experts Only by reliable methods Employee must be provided with a written statement on the assessment free of charge

DRUG TESTS Employer must prove the necessity of the test During employment relationship the criteria for requiring drug test certificate are more strict than in an employment situation : Justifiable cause to suspect that the employee is under the influence of drugs at work The type of work in question requires special precision, reliability, quick reactions etc. Performance of duties while addicted to drugs seriously endangers life or health, traffic safety, causes risk of environmental damage etc. Employer must have a written action programme on intoxicants If the test result is positive, participation in the programme can be set as a prerequisite for continuation of the employment relationship

RETRIEVING AND OPENING ELECTRONIC MAIL MESSAGES BELONGING TO THE EMPLOYER Employer must minimise the need to open employee’s email Employer is entitled to open a sent/received message that is apparently due to the employer if Employee is absent from the workplace, The sender/receiver of the message can’t be reached and The issue is urgent The message can be opened in the presence of two persons A written report of the opening shall be drawn up for the employee Confidentiality requirement

CAMERA SURVEILLANCE IN THE WORKPLACE Allowed, if the purpose is to ensure Personal security of employees, Protection of property or Supervising the proper operation of production processes And there are no other means that interfere less with the privacy of employees Not allowed in places designated for the personal use of employees, except To prevent obvious threat of violence To prevent or investigate property crimes if the employee’s work is to handle property of high value On the request of an employee Whithin the co-operation procedure, duty to inform Recordings can be used only for the original purposes Shall be destroyed asap, no later than one year