New Ways of Working

Explore and keep track of key legal and compliance considerations for multinational employers as new ways of working become increasingly embedded as the pandemic begins to recede. Learn more about the response taken in specific countries or build your own report to compare approaches taken around the world.

Choose countries

 

Choose questions

Choose the questions you would like answering, or choose all for the full picture.

02. Outline the key data protection risks associated with remote working in your jurisdiction.

02. Outline the key data protection risks associated with remote working in your jurisdiction.

Flag / Icon

Belgium

  • at Van Olmen & Wynant

Employees who process data at home could create a data leak when they lose the data or improperly dispose of it after it is no longer useful for the company. It is also more difficult to protect digital data in a non-professional setting and a private network might be more vulnerable to breaches.

Article 9.3 of CBA No. 149 states that company data used and processed by teleworkers for professional purposes must be protected. Employers should inform teleworkers of the company's rules on data protection and, in particular, the restrictions and penalties for the misuse of IT equipment and tools. Considering this, it is strongly recommended for companies to draft and implement an IT policy.

Also, employees’ personal data could be at risk since teleworking often means a direct insight into the personal life of the employee, using remote-monitoring devices. Such devices or software could register data that is not purely linked to their work and might possibly breach several GDPR principles, such as data minimisation.

Last updated on 21/09/2021

Flag / Icon

France

  • at Proskauer Rose
  • at Proskauer Rose
  • at Proskauer Rose

Employers must ensure the protection of their company’s data but also of employees’ data.

According to article L. 1222-10 of the French labour code, the employer must inform the teleworking employee of the company's rules regarding data protection and any restrictions on the use of computer equipment or tools. Once informed, the employee must respect these rules.

The collective national agreement of 26 November 2020, provides more details in article 3.1.4. It is the employer's responsibility to take necessary measures to protect the personal data of a teleworking employee and the data of anyone else the employee processes during their activity, in compliance with the GDPR of 27 April 2016 and the rulings of the National Commission for Technology and Civil Liberties (the CNIL).

The CNIL said in its 12 November 2020 Q&A on teleworking that employers are responsible for the security of their company's personal data, including when they are stored on terminals over which they do not have physical or legal control (eg, employee's personal computer) but whose use they have authorised to access the company's IT resources.

The National Agreement of 26 November 2020 recommends three practices:

  • the establishment of minimum instructions to be respected in teleworking, and the communication of this document to all employees;
  • providing employees with a list of communication and collaborative work tools appropriate for teleworking, which guarantee the confidentiality of discussions and shared data; and
  • the possibility of setting up protocols that guarantee confidentiality and authentication of the recipient server for all communications.
Last updated on 21/09/2021

09. What are the risks to an employer making entry to the workplace conditional on an individual worker having received a covid-19 vaccination?

09. What are the risks to an employer making entry to the workplace conditional on an individual worker having received a covid-19 vaccination?

Flag / Icon

Belgium

  • at Van Olmen & Wynant

As stated above, the employer risks a violation of the GDPR and the Anti-discrimination Act.

In principle, the GDPR prohibits the processing of sensitive data regarding the health status of persons, unless there is a valid ground for such processing. As employees cannot freely give their explicit consent for this processing to their employer (as per their hierarchical relationship), such processing would require a legal basis, which does not exist. A violation of the GDPR could result in a fine by the Belgian Data Protection Authority (up to 20 million euros). The Belgian Data Protection Authority has confirmed that without a legal basis, it is not possible to process data on the vaccination of employees.

Next, such a condition could be seen as discrimination based on health status, according to the Anti-discrimination Act of 2007. However, a distinction based on health status can be justified by a legitimate aim and when the measures to reach this aim are appropriate and proportional. One could argue that the prevention of the spread of covid-19 is a legitimate aim and that an obligation to get vaccinated is appropriate. However, some would state that mandatory vaccination is not proportionate, as employers can take other measures (eg, social distancing, teleworking) to prevent the spread of the virus. At least Unia does not seem to believe that a mandatory vaccination can be justified. A discrimination claim could, for example, result in a damages claim (lump-sum compensation of three to six months’ salary). A legal basis for mandatory vaccination would take away this risk of discrimination.

The Federal Public Service of Work also notes that a mandatory vaccination would violate the Act of 22 August 2002 regarding patients’ rights. This Act provides for freedom of choice for all patients undergoing medical treatment.

Last updated on 21/09/2021

Flag / Icon

France

  • at Proskauer Rose
  • at Proskauer Rose
  • at Proskauer Rose

For employees for whom vaccination is not mandatory, employers cannot make entry to the workplace conditional on vaccination, nor can they threaten to dismiss the employee if they have not had the vaccine.

If an employer makes the return to the company premises conditional on vaccination, they are violating the employees’ privacy and medical confidentiality, and employees may freely refuse it. In case of dismissal, it could be judged null and void since it may violate the employee's privacy and medical secrecy.

On the other hand, for employees working in the above-mentioned establishments (bars, restaurants, department stores, shopping centres etc.), the employer may make the return of the employee to work conditional on the presentation of a health pass (either a negative PCR test, or proof of vaccination status concerning covid-19, or a certificate of recovery following a covid-19 contamination).

Finally, for health professionals, there will be no risk for the employer. The employer will be able to condition the return to the premises on proof of vaccination status.

Last updated on 21/09/2021

10. Are there some workplaces or specific industries or sectors in which the government has required that employers make access to the workplace conditional on individuals having received a Covid-19 vaccination?

10. Are there some workplaces or specific industries or sectors in which the government has required that employers make access to the workplace conditional on individuals having received a Covid-19 vaccination?

Flag / Icon

Belgium

  • at Van Olmen & Wynant

Until now, there have been no such requirements. But as stated above, this will be the case in the healthcare sector, starting from 1 April 2022.

Last updated on 01/12/2021

Flag / Icon

France

  • at Proskauer Rose
  • at Proskauer Rose
  • at Proskauer Rose

Please see above (questions 8 and 9) regarding the workplaces and specific industries concerned by making the access to the workplace conditional on individuals having received a Covid-19 vaccination.

Last updated on 21/09/2021