New Ways of Working

Explore and keep track of key legal and compliance considerations for multinational employers as new ways of working become increasingly embedded as the pandemic begins to recede. Learn more about the response taken in specific countries or build your own report to compare approaches taken around the world.

Choose countries

 

Choose questions

Choose the questions you would like answering, or choose all for the full picture.

02. Outline the key data protection risks associated with remote working in your jurisdiction.

02. Outline the key data protection risks associated with remote working in your jurisdiction.

Flag / Icon

Austria

  • at Littler
  • at Littler
  • at Littler

The potential data protection risks associated with remote working are largely equivalent to those associated with working in a regular workplace, but are arguably even more prevalent.

A significant potential risk factor is the transfer of personal data if it is no longer securely stored on a company's servers. In addition, employers thereby transfer responsibility for the safekeeping and use of sensitive data to the worker. In doing so, employers have a significantly reduced ability to exert any influence. Nevertheless, companies are still generally regarded as being responsible for data protection within the meaning of the General Data Protection Regulation (GDPR), which creates a certain amount of friction.

It is also questionable whether a so-called privacy impact assessment must be carried out when working in a home office.

In principle, such an assessment must be conducted if data processing – especially when using new technologies – is likely to result in a high risk to the rights and freedoms of natural persons due to the nature, scope, circumstances, and purposes of the processing.

At present, it cannot be assumed that the threshold for the use of new technologies has already been exceeded in the context of remote working. In individual cases, however, it could amount to an "organisational solution" within the meaning of the GDPR, which also triggers the obligation of a privacy impact assessment by the data controller.

Insecure data connections that might not be constantly checked and maintained should also be considered. Another potential risk arises from it being easier for third parties to obtain access to sensitive data, whether it be persons in the same household or others at public places of work.

From a legal perspective, compliance with data security can also be adequately ensured for remote work, considering the GDPR and the corresponding national legal basis (Austrian Data Protection Act).

In home-office agreements, however, it is advisable to make further reference to data protection aspects. Here, companies should refer to the secure and data protection-compliant transport of sensitive hardware. Additionally, companies should take technical and organisational measures to ensure data security (eg, use of VPN, two-factor authentication with mobile phones, encryption of USB sticks, provision of a LAN network, requirements for secure storage of access data).

Last updated on 21/09/2021

Flag / Icon

France

  • at Proskauer Rose
  • at Proskauer Rose
  • at Proskauer Rose

Employers must ensure the protection of their company’s data but also of employees’ data.

According to article L. 1222-10 of the French labour code, the employer must inform the teleworking employee of the company's rules regarding data protection and any restrictions on the use of computer equipment or tools. Once informed, the employee must respect these rules.

The collective national agreement of 26 November 2020, provides more details in article 3.1.4. It is the employer's responsibility to take necessary measures to protect the personal data of a teleworking employee and the data of anyone else the employee processes during their activity, in compliance with the GDPR of 27 April 2016 and the rulings of the National Commission for Technology and Civil Liberties (the CNIL).

The CNIL said in its 12 November 2020 Q&A on teleworking that employers are responsible for the security of their company's personal data, including when they are stored on terminals over which they do not have physical or legal control (eg, employee's personal computer) but whose use they have authorised to access the company's IT resources.

The National Agreement of 26 November 2020 recommends three practices:

  • the establishment of minimum instructions to be respected in teleworking, and the communication of this document to all employees;
  • providing employees with a list of communication and collaborative work tools appropriate for teleworking, which guarantee the confidentiality of discussions and shared data; and
  • the possibility of setting up protocols that guarantee confidentiality and authentication of the recipient server for all communications.
Last updated on 21/09/2021

05. What potential issues and risks arise for employers in the context of cross-border remote-working arrangements?

05. What potential issues and risks arise for employers in the context of cross-border remote-working arrangements?

Flag / Icon

Austria

  • at Littler
  • at Littler
  • at Littler

Labour Law:

The essential issue regarding labour law is the question of which labour law should apply. Often, employers will want to apply a uniform labour law to all employees. However, this becomes impossible if in cross-border remote-working arrangements the labour law of the state of residence provides certain overriding mandatory rules and minimum standards (eg, in wage dumping and working time). Additionally, it may prove difficult for employers to keep track of the ever-changing legal landscape in various jurisdictions. Allowing for cross-border remote-working arrangements will oftentimes lead either to higher staffing requirements in the in-house legal department or increased recourse to local external partners. Both are associated with costs. There is also the question of work permits, depending on the applicable local law. 

Social Security Law:
 

While temporary covid-related work at home in other EU or EEA countries (and Switzerland) should not lead to any change in social security responsibilities, the corresponding provision in Austria was limited until 31 December 2021 and restricted to pandemic-related work at home. According to the information provided by the Austrian social insurance institution, covid-related work at home should not have any social insurance and tax law implications. Apart from an exceptional situation such as this, for workers who are working in more than one member state, working or earning more than 25% of the working time or remuneration in the country of residence leads to a change of the applicable social security regulations there. This is naturally associated with (sometimes) considerable administrative effort. The corresponding declarations must be made, and the payment of contributions must be ensured.

From the employer’s point of view, especially regarding accident insurance protection, it is important to note that the exact location of the remote workplace must be specified individually.

While insurance coverage in the home office is expressly clarified, the details concerning remote work in general are still controversial. These uncertainties are exacerbated in cross-border situations.

Tax Law:

If remote work is carried out across borders, this can have (potentially negative) effects on taxation. First, it must be considered that a domestic employer may employ workers who carry out their work both domestically and, for example, in a home office abroad. This may result in the establishment of a foreign permanent establishment through that home office. This would lead to a limited tax liability for the domestic employer abroad. A limited tax liability may also be accompanied by the obligation to deduct income tax via PAYE (pay as you earn). Since national legislation must be considered, this can lead to a considerable administrative effort.

In general, employees should not stay abroad for more than 183 days per year as otherwise they will be taxed in the country in which they are active. Finally, it must be considered whether there are taxation agreements between the countries and how these are structured.

Last updated on 31/01/2022

Flag / Icon

France

  • at Proskauer Rose
  • at Proskauer Rose
  • at Proskauer Rose

Cross-border remote working can accentuate some of the problems caused by teleworking or create new ones.

Among the existing problems, the loss of social ties is accentuated if the teleworker decides to work from another country. Indeed, the employee abroad will never physically see his colleagues, which will create a distance between the employee working from abroad and other employees.

Similarly, employers must ensure the protection of the health and safety of workers (article L. 4121-1 labour code). This is a difficult obligation to meet in teleworking, especially because employers do not have access to remote employees’ workplaces. It is even more difficult if the employee works from another country because the sanitary, electrical and other standards are different and potentially less protective than French rules.

As for social security law, in principle, the employee depends on the social security system of the country where they work. The employee can only continue to benefit from the French social security system if they are in a secondment situation. Moreover, this is only a temporary solution because the secondment implies a temporary mission. The employer will therefore have to register the employee with the social security system of the country where they are working, which will cause problems in terms of social contributions.

Another question that may arise is whether an employer should accept a work stoppage prescribed by a foreign doctor.

Finally, another problem that may arise is the employee's right to disconnect. Indeed, the employer and the employee must agree on a time slot during which the employee can not be contacted to respect his private life as much as possible.[4] It can be difficult to establish a time slot that suits both the employee and the employer in case of major time zone discrepancies.


[4] National agreement of November 26, 2020

Last updated on 21/09/2021

10. Are there some workplaces or specific industries or sectors in which the government has required that employers make access to the workplace conditional on individuals having received a Covid-19 vaccination?

10. Are there some workplaces or specific industries or sectors in which the government has required that employers make access to the workplace conditional on individuals having received a Covid-19 vaccination?

Flag / Icon

Austria

  • at Littler
  • at Littler
  • at Littler

In principle, there is already the legal possibility to impose vaccinations for certain professions in the health sector. However, this option has not been exercised yet. There is no legal basis for compulsory vaccination in most sectors.

Workers may choose from three options (3-G rule) when they want to enter their employer’s premises. As of now, there is no regulation stipulating an entry requirement to the workplace for vaccinated workers. However, employers may only tighten access restrictions in substantiated cases. Individuals who are not employees may be subject to stricter conditions (proof of vaccination) as a result of the employer’s right of domicile.

Last updated on 31/01/2022

Flag / Icon

France

  • at Proskauer Rose
  • at Proskauer Rose
  • at Proskauer Rose

Please see above (questions 8 and 9) regarding the workplaces and specific industries concerned by making the access to the workplace conditional on individuals having received a Covid-19 vaccination.

Last updated on 21/09/2021