New Ways of Working

Explore and keep track of key legal and compliance considerations for multinational employers as new ways of working become increasingly embedded as the pandemic begins to recede. Learn more about the response taken in specific countries or build your own report to compare approaches taken around the world.

Choose countries

 

Choose questions

Choose the questions you would like answering, or choose all for the full picture.

02. Outline the key data protection risks associated with remote working in your jurisdiction.

02. Outline the key data protection risks associated with remote working in your jurisdiction.

Flag / Icon

Argentina

  • at MBB Balado Bevilacqua
  • at MBB Balado Bevilacqua
  • at MBB Balado Bevilacqua

There is no specific statutory regulation on this matter related to employees under the home office framework. However, it is advisable to create a clear general policy on data protection or include in employment agreements provisions regarding data protection in order to clarify to employees the extent of their obligation. We recommend executing those documents in Spanish, due to the protective nature of local labour law; if there is a conflict with employees, a labour court is likely to dismiss all documents in a foreign language.

As a result, the Personal Data Protection Law (PDPL), Law No. 25,326, establishes the full protection of personal information recorded in personal files, registers, banks, or other technical means of data storage and processing. Therefore, employers must comply with the PDPL and take steps to ensure that this law applies throughout their organisation.

The main aspects of the PDPL are:

  1. The purpose of collecting employee data must be communicated to employees and written consent needs to be obtained.
  2. However, consent is not required if the data has been obtained from a public source; collected for the performance of the state’s duties; consists of lists limited to name, ID number, tax or social security identification, occupation, date of birth, domicile, and telephone number; or arises from a contractual relationship, either scientific or professional, of the data owner, and are necessary for its development or fulfilment.
  3. In addition, this Law establishes the employee’s right to access and modify any incorrect or false information. Furthermore, the collection of information related to an employee’s private life is permissible as long as the information collected complies with the following requirements: it is not used for discriminatory purposes; it does not violate the individual’s right to privacy; and it is reasonably used.
  4. When an employer requests personal data from an employee, they must be notified in advance and in an express and clear manner about: the purpose for which the data needs to be processed and who can use such data; the existence of the relevant data file or register, whether electronic or otherwise, and the identity and domicile of the responsible person; the compulsory or discretionary character of the information requested; the consequences of providing the data, of refusing to provide such data, or if it is inaccurate; and the data owner’s rights to data access, rectification, and suppression.
  5. Indeed, the processing of personal data requires express consent from the data owner, which must be accompanied by appropriate information, prominently and expressly explaining the nature of consent sought. This can be achieved by the employee signing a general consent form on entering employment. However, consent may be withdrawn by an employee.
  6. Various restrictions apply to the disclosure of personal data to third parties. This is generally only allowed if it is in the legitimate interests of the database owner (eg, the employer) and the data owner (eg, the employee) has consented. This consent can be revoked at any time by the data owner.
  7. The transfer of personal data to another country – which does not guarantee a proper level of data protection – is forbidden. Nevertheless, such prohibition is not applied when the individuals, whose personal information is intended to be transferred, give their express written consent.

All data regarding employees’ health is sensitive information, so the employer must get the express authorisation of the employee for any transfer of such date, and employers should stop or restrict the transfer to other companies or its employees that lack sufficient clearance to deal with health information, including covid-19 information.

Last updated on 13/07/2022

Flag / Icon

Australia

  • at People + Culture Strategies

In the context of an employer-controlled workplace, it is generally much easier to control and mitigate risks to an organisation’s confidential and sensitive information. There are physical protections intrinsic to the workplace (including by generally being off-limits to non-staff) and cyber-networks often have institutional protections in place, such as virtual private networks, firewalls, anti-virus software and secure IP addresses.

Other data protections that normally exist in an employer-controlled workplace include:

  • the use of private meeting rooms to conduct meetings and discussions involving sensitive and confidential information;
  • the secure storage of private, confidential and sensitive information (both hardcopy and in electronic form) on employer-controlled premises;
  • restrictions on the use of personal electronic devices in the workplace; and
  • the content of phone calls or video calls, and even information simply displayed in the workplace (including on computer screens), being kept private under the confines of the physical workplace.

However, the risks to data protection can be much harder to mitigate in the remote-working environment. These risks are heightened for several reasons, including that an employer has much less “visibility” over how employees deal with the employer’s (and any client’s) information in the home environment and much less when it comes to others who may be sharing that space. In this context, one obvious risk is the inadvertent and even deliberate sharing of sensitive information with one’s housemates, family members or guests.

Last updated on 21/09/2021

Flag / Icon

Austria

  • at Littler
  • at Littler
  • at Littler

The potential data protection risks associated with remote working are largely equivalent to those associated with working in a regular workplace, but are arguably even more prevalent.

A significant potential risk factor is the transfer of personal data if it is no longer securely stored on a company's servers. In addition, employers thereby transfer responsibility for the safekeeping and use of sensitive data to the worker. In doing so, employers have a significantly reduced ability to exert any influence. Nevertheless, companies are still generally regarded as being responsible for data protection within the meaning of the General Data Protection Regulation (GDPR), which creates a certain amount of friction.

It is also questionable whether a so-called privacy impact assessment must be carried out when working in a home office.

In principle, such an assessment must be conducted if data processing – especially when using new technologies – is likely to result in a high risk to the rights and freedoms of natural persons due to the nature, scope, circumstances, and purposes of the processing.

At present, it cannot be assumed that the threshold for the use of new technologies has already been exceeded in the context of remote working. In individual cases, however, it could amount to an "organisational solution" within the meaning of the GDPR, which also triggers the obligation of a privacy impact assessment by the data controller.

Insecure data connections that might not be constantly checked and maintained should also be considered. Another potential risk arises from it being easier for third parties to obtain access to sensitive data, whether it be persons in the same household or others at public places of work.

From a legal perspective, compliance with data security can also be adequately ensured for remote work, considering the GDPR and the corresponding national legal basis (Austrian Data Protection Act).

In home-office agreements, however, it is advisable to make further reference to data protection aspects. Here, companies should refer to the secure and data protection-compliant transport of sensitive hardware. Additionally, companies should take technical and organisational measures to ensure data security (eg, use of VPN, two-factor authentication with mobile phones, encryption of USB sticks, provision of a LAN network, requirements for secure storage of access data).

Last updated on 21/09/2021

Flag / Icon

Belgium

  • at Van Olmen & Wynant

Employees who process data at home could create a data leak when they lose the data or improperly dispose of it after it is no longer useful for the company. It is also more difficult to protect digital data in a non-professional setting and a private network might be more vulnerable to breaches.

Article 9.3 of CBA No. 149 states that company data used and processed by teleworkers for professional purposes must be protected. Employers should inform teleworkers of the company's rules on data protection and, in particular, the restrictions and penalties for the misuse of IT equipment and tools. Considering this, it is strongly recommended for companies to draft and implement an IT policy.

Also, employees’ personal data could be at risk since teleworking often means a direct insight into the personal life of the employee, using remote-monitoring devices. Such devices or software could register data that is not purely linked to their work and might possibly breach several GDPR principles, such as data minimisation.

Last updated on 21/09/2021

Flag / Icon

Brazil

  • at Pinheiro Neto
  • at Pinheiro Neto Advogados

In a remote-working environment, employees are more likely to use their personal devices and Wi-Fi and might share their workspace with family members or roommates. In addition, employees are more prone to mix personal and work-related data. These may lead not only to potential issues involving one’s privacy but also cyber threats and data leakage. Therefore, employers are strongly advised to implement strict policies on remote working, use of personal devices and data storage, as well as to provide the appropriate training.  

Last updated on 21/09/2021

Flag / Icon

France

  • at Proskauer Rose
  • at Proskauer Rose
  • at Proskauer Rose

Employers must ensure the protection of their company’s data but also of employees’ data.

According to article L. 1222-10 of the French labour code, the employer must inform the teleworking employee of the company's rules regarding data protection and any restrictions on the use of computer equipment or tools. Once informed, the employee must respect these rules.

The collective national agreement of 26 November 2020, provides more details in article 3.1.4. It is the employer's responsibility to take necessary measures to protect the personal data of a teleworking employee and the data of anyone else the employee processes during their activity, in compliance with the GDPR of 27 April 2016 and the rulings of the National Commission for Technology and Civil Liberties (the CNIL).

The CNIL said in its 12 November 2020 Q&A on teleworking that employers are responsible for the security of their company's personal data, including when they are stored on terminals over which they do not have physical or legal control (eg, employee's personal computer) but whose use they have authorised to access the company's IT resources.

The National Agreement of 26 November 2020 recommends three practices:

  • the establishment of minimum instructions to be respected in teleworking, and the communication of this document to all employees;
  • providing employees with a list of communication and collaborative work tools appropriate for teleworking, which guarantee the confidentiality of discussions and shared data; and
  • the possibility of setting up protocols that guarantee confidentiality and authentication of the recipient server for all communications.
Last updated on 21/09/2021

Flag / Icon

Germany

  • at CMS Hasche Sigle

As in other countries in Europe, the provisions of the EU General Data Protection Regulation (GDPR) and its German implementation in the shape of the German Federal Data Protection Act (BDSG) must be observed. Against this background, special measures must be taken to protect personal data in connection with remote work. This especially concerns third-party access to systems when computers and other portable devices are used in the home or on the go. To this end, employers often issue guidelines of standards with which employees must comply.

Also, remote working poses many data protection risks in terms of IT security and confidentiality. For example, cybercrime exploits the vulnerabilities inherent to remote working to infiltrate IT systems and steal confidential data, for instance through phishing attacks. At the same time, the confidentiality of a phone call, for example, is harder to protect while working in a co-working space, on a train or at home than in a typical workspace. Therefore, remote working may require different security measures and employers should inform their employees accordingly. In this regard, the European Union Agency for Cybersecurity last year published cybersecurity tips for remote working, both for employees (connecting to the internet via secure wi-fi networks, fully updating antivirus software and using a secure connection) and for employers (providing initial and regular feedback to employees on how to react if problems arise and restricting access to sensitive systems, etc.).

Last updated on 21/09/2021

Flag / Icon

Greece

  • at Kyriakides Georgopoulos Law Firm
  • at Kyriakides Georgopoulos Law Firm
  • at Kyriakides Georgopoulos Law Firm

Although necessitated by the circumstances, the transition of employees from corporate networks to largely unmonitored and vulnerable private networks outside the reach of perimeter-based security tools finds most employers unprepared and, thus, exposed to greater cyber threats and personal data breaches compared to on-site work. Employers are urged to take into consideration the increased risks a remote working environment poses to their data, systems, and networks and to invest heavily in IT security, while employees are encouraged to carefully follow all IT security guidelines, stay alert to security incidents, and be vigilant with phishing attacks. Within this framework, the Hellenic Data Protection Authority (HDPA) issued “Guidelines for implementing safety measures in the context of teleworking” on 15 April 2020, including appropriate safety measures concerning network access, the use of email or messaging applications, the use of terminal or storage media and how teleconferencing takes place to mitigate data protection risks associated with remote working.

On the other hand, many of these measures may result in more extensive collection and processing (recording, use, disclosure, etc) of employees’ personal data, including monitoring procedures. The key issue for most employers amid these circumstances is to find the right balance between protecting their IT systems and data, on the one hand, and safeguarding the data protection and privacy rights of their employees while working from home on the other.

Last updated on 14/07/2022

Flag / Icon

Hong Kong

  • at Lewis Silkin
  • at Lewis Silkin
  • at Lewis Silkin

As a result of the covid-19 pandemic, many companies in Hong Kong encouraged their staff to work remotely. This meant taking documents home from the office and using video conferencing, cloud computing and intranet platforms, where those software solutions were available, and also using personal devices to work more. As a result, confidentiality and security of data became more at risk.

Due to space constraints in Hong Kong, it is not practicable to expect employees to work or conduct confidential discussions in an isolated area away from others. Often employees are sharing workspace with family members and may also share a laptop or PC with them. If working from home is not an option for an employee, he or she may be working from cafes or public spaces. As a result, non-employees may overhear confidential discussions or see confidential documents. If these conversations and documents contain personal data (of employees, customers, clients, suppliers or other third parties), then the potential leakage of this data may constitute a breach of the Personal Data (Privacy) Ordinance (PDPO). There may also be contractual confidentiality breaches.

A typical home network is unlikely to have the same stringent security protections in place that an office network does. Attackers have seen an opportunity to steal user credentials from personal devices, which are now being used for work and likely do not have the same security protections as corporate devices. Using unsecured networks and devices may lead to data leakage or theft, which would be in breach of the PDPO.

If personal data is being processed by new third parties as a result of having to implement remote-working arrangements, an employer will need to notify its employees of this. This can be done by issuing employees with a revised or new Personal Information Collection Statement (PICS) setting out the change. The PDPO specifies that a data user, when collecting personal data directly from a data subject, must take all reasonably practicable steps to ensure that the data subject is informed of the intended use of their data and who will be handling such data. A PICS is therefore used to comply with these notification requirements and is a statement regarding a data user’s privacy policies and practices in relation to the personal data it handles. 

Last updated on 11/10/2021

Flag / Icon

India

  • at Nishith Desai
  • at Nishith Desai

An individual’s sensitive personal data or information (SPDI), which includes information on passwords; financial information such as a bank account, credit card or debit card or other payment instrument details; physical, physiological and mental health conditions; sexual orientation; medical records and history; or biometric information or other details related to such information provided to a body corporate for the provision of services or such information received for processing under a lawful contract or otherwise and its storage are protected under Indian data privacy rules. There are certain mandatory obligations for collectors of such SPDI in electronic forms, including obtaining the consent of the data provider, formulating, publishing, and complying with a privacy policy for treatment of such data and adopting certain standards of security practices. However, these obligations are not specific to remote-working arrangements; they govern the terms of the data being collected by the employer.

With employees working remotely, employers are facing a challenge with protecting the security of client data and other confidential information, which may be duplicated or disclosed to third parties by employees working remotely on unsecured personal devices.

Last updated on 08/07/2022

Flag / Icon
Ireland

Ireland

  • at Littler

The Data Protection Commissioner has issued guidance on the protection of personal data when working remotely (see here).

The key risks identified relate to protecting and preventing access to laptops, USBs, phones, tablets and other devices; emails; using unsecured networks to transmit data or to access company networks; and ensuring the security and confidentiality of hard-copy documents.

Employers should update data protection policies to take account of remote working and should also consider any data protection issues that may arise from an employee moving to work outside of Ireland.

Last updated on 21/09/2021

Flag / Icon

Italy

  • at Toffoletto De Luca Tamajo

Data security requirements applicable to all employees working at the company premises continue to apply to employees working remotely. In addition, the National Protocol on Smart Working specifies that the employer should promote the adoption of a policy also concerning data breach management and the implementation of proper security measures.

The main risks are linked to the transmission of company data outside the company premises, in places not necessarily identified.

Last updated on 14/07/2022

Flag / Icon

Mexico

  • at Marván, González Graf y González Larrazolo
  • at Marván, González Graf y González Larrazolo
  • at Marván, González Graf y González Larrazolo

Security controls

The common risks associated with remote working derive from the absence of security controls over equipment, software, and data, and not having any policies for remote-working schemes, leading to:

  • employees storing sensitive information in their local machines, without the control of employers over such tools;
  • compromised security controls; and
  • Wi-Fi networks and routers in homes are more easily compromised, increasing the risk of exposure.

Companies have the right to install security controls for the equipment and tools to be used by teleworkers to avoid any leaks of information and limit their use, because this hardware is the property of the employer. The common practice in Mexico is to implement a security data policy and a work tools policy.

Additionally, even though there are no specific legal provisions concerning the plausible risks associated with data protection in remote-working schemes, the Federal Law for the Protection of Personal Data in Possession of Private Individuals or Entities, the Federal Law for the Protection of Industrial Property, and their regulations and guidelines, establish provisions for the protection of rights concerning personal data, confidential information, and trade secrets, which also apply to remote-working schemes; therefore, all employees working remotely must comply with these laws and regulations. To prevent and avoid the disclosure of this information, the prevailing practice is to enter into agreements with employees establishing specific obligations in connection to confidentiality and data privacy. Such obligations usually refer to the policies and processes established by employers to ensure information security, and the corresponding penalties in the event of any breach.

Last updated on 21/09/2021

Flag / Icon

Netherlands

  • at Rutgers & Posch
  • at Rutgers & Posch

Employees who process data at home could create a data leak if they lose the data or improperly dispose of it after it is no longer useful for the company or their work. It is also more difficult to protect digital data in a non-professional setting and a private network might be more vulnerable to breaches. If a data breach does occur, the employee should, in principle, report this to the Dutch Data Protection Authority within 72 hours.

Employers are advised to update data protection policies to take into account remote working, and should also consider any data protection issues that may arise from an employee moving to work outside of The Netherlands.

Last updated on 08/03/2022

Flag / Icon

Poland

  • at Bird & Bird
  • at Bird & Bird

Telework or remote work should be organised in a way that ensures the protection of confidential information and other legally protected secrets, including trade secrets or personal data, as well as information whose disclosure could harm the employer.

Certain risks are present when employees perform work remotely:

  • they may use their own private equipment;
  • they may use company equipment for private purposes;
  • they may use an unsecured internet connection, including without a VPN (Virtual private network) connection; and
  • they may work from various unregulated locations, including coworking areas. 

Therefore, it is recommended that employers develop instructions regarding data protection and information safety (usually as part of their teleworking policy, which must be introduced with the participation of the employees' representatives) and ensure that these are introduced and applied effectively in the day-to-day work of remote workers.

Last updated on 21/03/2022

Flag / Icon

Portugal

  • at Cuatrecasas
  • at Cuatrecasas

Until the pandemic, teleworking was used rather infrequently, and most Portuguese employers were not prepared – namely in terms of technology and data storage – to suddenly have their workforce almost entirely and permanently working from home or remotely.

For those reasons, teleworking mainly raised – and continues to raise – concerns regarding the employer’s capacity to ensure that information is protected and that it stays confidential despite being remotely accessed and processed. Remote working enhances security vulnerabilities, which can lead to data breaches.

We would also like to highlight the use of technological solutions that, on one hand, allow employers to exercise their powers of management and control over work performance, but that, on the other, do not violate the general rule prohibiting the use of remote surveillance to control employees' professional performances, or that do not cause excessive restrictions on employees’ private lives.

Last updated on 13/07/2022

Flag / Icon

Qatar

  • at Clyde & Co
  • at Clyde & Co

Data loss, cyber security, privacy and maintaining confidentiality are the key data risks associated with working remotely.  Taking precautions against importing viruses, compromising system security, and maintaining confidentiality while working remotely are key considerations for employers. Internal policies and procedures should be put in place to ensure employees are aware of their obligations, and operating through virtual private networks could minimise potential risks. 

Last updated on 08/11/2021

Flag / Icon

Saudi Arabia

  • at Clyde & Co
  • at Clyde & Co

Data loss, cyber security, privacy and maintaining confidentiality are the key data risks associated with working remotely in most jurisdictions. These risks are heightened in Saudi Arabia as there are no specific data protection laws in place. Taking precautions against importing viruses, compromising system security, and maintaining confidentiality while working remotely are key considerations for employers. Internal policies and procedures should be put in place to ensure employees are aware of their obligations, and operating through virtual private networks could minimise potential risks.

Last updated on 29/11/2021

Flag / Icon

Spain

  • at Cuatrecasas
  • at Cuatrecasas

Apart from the general personal data protection issues to be considered, there are two significant risks.

First, under article 17 of Law 10/2021, any digital program or software to monitor remote workers must grant employees privacy and protection of personal data according to the Organic Law on Personal Data Protection and Digital Rights Guarantees. In particular:

  • an employer’s access to the digital technology provided to the remote worker must be limited to checking compliance with labour obligations and to guaranteeing the integrity of the devices;
  • employers must establish the terms of use of the digital devices, and the workers’ representatives must participate in drafting them;
  • employers must inform remote workers about the terms of use of the digital devices; and
  • regardless of the terms of use, an employer’s access to the digital means must be necessary for the employer to achieve a legal purpose, appropriate for such legal purpose and proportional to achieve such legal purpose. Based on this, the employer should implement the least invasive way of monitoring remote workers’ activity to achieve the legal purpose the employer is pursuing.

Any measure to monitor employees’ activity should meet these requirements; otherwise, an employer’s decision arising from such monitoring could be deemed unfair, and there could be a breach of the employee’s privacy, which could lead to a damages claim and an administrative fine.

Second, employers must comply with the principles of personal data processing under article 5 of the GDPR, especially purpose limitation and data minimisation, which means that the personal data the employer can process should be only what is the minimum necessary data for the performance of the labour contract or compliance with their legal obligations. Therefore, employers are not entitled to, for instance, force remote workers to turn on their cameras during working hours.

Third, despite remote working, employers must comply with health and safety obligations, which could lead to the employer or its health and safety services provider visiting an employee’s home to evaluate its risks. In that case, employers should issue a report justifying the visit and provide it to the remote worker and the health and safety workers’ representatives in advance. Additionally, to access any remote worker’s home, the employer must first obtain their consent.

If they do not give their consent, measures on health and safety should be based only on the information provided by the remote workers.

Last updated on 21/09/2021

Flag / Icon

Sweden

  • at DLA Piper
  • at DLA Piper
  • at DLA Piper

Pursuant to the GDPR, personal data should, inter alia, be processed in a manner that ensures appropriate security and confidentiality for the processing of that data, including by preventing unauthorised access to or use of personal data. For natural reasons, there may be additional challenges associated with this obligation when employees are working remotely, including an increased risk of personal data breaches when employees are working from home. The Swedish Authority for Privacy Protection mentions in its Privacy Protection Report of 2020 the increase in employees working from home as a result of the covid-19 pandemic, and the increased use of cloud service providers. The Authority highlights that data in cloud services is often transferred to countries outside the EU/EEA, and especially to the US. As a result of the Schrems II ruling in 2020, the use of, eg, cloud service providers that transfer data to  such jurisdictions (eg, in connection with IT maintenance) is problematic and may need to be addressed in relation to remote working.   

In light of the above, it is important as an employer to consider what measures are necessary in terms of IT security when working from home (eg, instructions to employees).

Last updated on 21/09/2021

Flag / Icon

Switzerland

  • at Lenz & Staehelin

Employers are required to respect the general Swiss data protection principles and rules. In particular, the Swiss Code of Obligations (SCO) states that the Federal Act on Data Protection (FADP) applies to the handling of employer personal data. The term "personal data" is defined as any information relating to an identified or identifiable person (individuals and companies).

Employers must ensure the security of the data they process. They must take appropriate organisational and technical measures to protect personal data against unauthorised processing or access, such as accidental or unauthorised destruction, loss, technical errors, falsification, theft, unlawful use, alteration, copying or any other undue processing. Moreover, employers also must control access and operations undertaken by employees.

One particularity of remote working is that employees' workstation and business data are located off sites. Meaning that third parties potentially could access this data.

To prevent data protection breaches, employers must institute appropriate technical and organisational measures and raise employee's awareness of data protection risks. These measures may include securing information systems, setting up authorisations and limiting access to concerned employees, and using a VPN. In addition, employees also should be made aware of the risks and procedures through in-house training and user manuals for the IT and security systems.

Last updated on 30/09/2021

Flag / Icon

Turkey

  • at Gün + Partners
  • at Gün + Partners
  • at Gün + Partners

The key data protection risks associated with remote working are data security and the processing of additional personal data while working remotely.

Under article 12 of the Personal Data Protection Law numbered 6698 (the DPL), data controllers must take all administrative and technical measures necessary to prevent unlawful processing of personal data, to prevent unlawful access to personal data and to ensure the security of personal data.

The Regulation also stipulates that the employer must inform remote workers about workplace rules and applicable legislation concerning the protection and transfer of data related to the workplace and their assignments (which may include personal data). The Regulation also emphasises that employers must take all necessary measures for the security of data. Per the Regulation, in the remote-working agreement, the employer must determine the definition and scope of data that needs to be protected.

There is no guidance from the Turkish Data Protection Authority (DPA) concerning measures to be taken specifically for remote working. Its general Guideline for Personal Data Security (Data Security Guideline) and the principal decision of the Turkish Data Protection Board concerning measures required to be taken by data controllers for processing sensitive personal data (Board Resolution for Sensitive Personal Data Security) should be considered by employers. The measures listed in the Data Security Guideline and the Board Resolution for Sensitive Personal Data Security are not exhaustive. Employers must consider all necessary measures for cyber security. International guidelines and IT sector developments should also be considered.

Employers who have failed to take appropriate measures to protect the unlawful processing of or access to personal data may be required to pay an administrative fine amounting to between 40,179 Turkish lira and 2,678,859[1] Turkish lira. Furthermore, additional technical measures taken for remote-working opportunities must also be communicated to the Data Controllers’ Registry if the employer is required to register data-processing activities (eg, employers located in Turkey that have more than 50 employees or have a balance sheet of more than 25 million lira fall under this obligation). Otherwise, although it may not be an imminent risk, an administrative sanction amounting to between 53,572 lira and 2,678,859 lira may be applied against the employer.

Lastly, if having remote-working employees requires an employer to process additional employee data, then the employer must inform their employees accordingly by providing an appropriate privacy notice under the DPL. Otherwise, they may be fined between 13,391 lira and 267,886 lira. The employer should determine what legal ground should be applied to the data processing due to remote working. If the applicable legal ground is consent but consent is not obtained lawfully from employees, then the employer may face an administrative fine of between 40,179 lira and 2,678,859 lira for unlawful processing. 


[1] All administrative fine amounts mentioned in this questionnaire will be updated for each year based on a re-evaluation determined annually.

Last updated on 09/02/2022

Flag / Icon

UAE

  • at Clyde & Co
  • at Clyde & Co

Data loss, cyber security, privacy and maintaining confidentiality are the key data risks associated with working remotely in most jurisdictions. Taking precautions against importing viruses, compromising system security and maintaining confidentiality while working remotely are key considerations for employers. Internal policies and procedures should be put in place to ensure employees are aware of their obligations, and operating through virtual private networks could minimise potential risks. 

Last updated on 15/03/2022

Flag / Icon

United Kingdom

  • at Littler

The key data protection risk associated with home working is data security.

In response to this, the UK’s data protection regulator – the Information Commissioner’s Office (ICO) – has issued guidance on the protection of personal data when working from home, using bring-your-own-device (BYOD) and working remotely (see: here).

The specific issues addressed include implementing appropriate workplace policies, IT security (including cloud-based storage security), the risk of theft and confidentiality.

Employers should update data protection policies to take account of remote working, in light of the ICO’s recommendations, and should also consider any data protection issues that may arise from an employee moving to work outside of the UK.

Last updated on 21/09/2021

Flag / Icon

United States

  • at Littler
  • at Littler
  • at Littler

Data privacy rules vary from state to state. Remote work, in particular, raises issues where employers have less control over the working environment and employees are potentially accessing sensitive information in their home that they share with others.  Employers should ensure that employees working remotely can demonstrate that their location provides sufficient privacy, security, and safety to secure the confidentiality of the employee’s work, company information and materials.  Additionally, health-related data must be protected and employers should be required to protect trade secrets and other confidential data. Employers must also maintain reasonable security measures to protect sensitive personally identifying information. 

Up-to-date information on the USA’s response to the pandemic, including State-level news and developments, can be found at Littler’s covid hub here.

Last updated on 21/09/2021

06. Do employers have any scope to reduce the salaries and/or benefits of employees who work remotely?

06. Do employers have any scope to reduce the salaries and/or benefits of employees who work remotely?

Flag / Icon

Argentina

  • at MBB Balado Bevilacqua
  • at MBB Balado Bevilacqua
  • at MBB Balado Bevilacqua

The home office framework establishes that teleworking employees have the same rights and duties as those working at an employer’s main offices (including union rights), and their salary must not be less than what they would receive if they worked at an employer’s offices. Therefore, once employees are assigned to remote working, their compensation cannot be reduced due to this change.

In general terms, employers have the right to redesign or reassign job responsibilities. Such a right is known as an employer’s right to modify labour conditions (Ius Variandi). In this sense, local laws allow unilateral amendments to terms and conditions of the employment contract provided they do not adversely affect essential labour conditions and do not cause any moral or material damage to the employee and the changes are reasonable.

As a result, if an employer unilaterally decides to reduce the salaries or benefits of remote workers, and the change is considered to be unreasonable, resulting in material or moral damage to the employee involved, he or she can file an injunction to restore the original conditions of employment. If the employer refuses to do so, the employee may claim constructive dismissal and file for severance compensation and any applicable fines.

Last updated on 13/07/2022

Flag / Icon

Australia

  • at People + Culture Strategies

An employee’s salary and contractual benefits are entitlements that are contractual and employers cannot unilaterally vary such entitlements. Similarly, an employee’s remuneration may reflect the minimum rate of pay provided for in an industrial instrument such as a Modern Award and employers will not be able to reduce the remuneration or benefits without running the risk of undermining the minimum entitlements provided in the instrument.

Employers can consult with staff about a proposal to restructure their hours and pay, but generally, no such changes can be implemented without employees being given an opportunity to consider the proposed changes and agreeing to those changes.

The minimum wage order provides that an employee cannot be paid less than the national minimum wage.

Last updated on 21/09/2021

Flag / Icon

Austria

  • at Littler
  • at Littler
  • at Littler

Employers cannot unilaterally reduce employees' salaries because of remote work. A salary reduction is only possible either by mutual agreement or through a dismissal, with the option of re-employment on altered conditions.

Regarding benefits, we believe that a distinction must be made according to whether they were granted with working on office premises in mind and whether the employer has reserved a right to revoke them. In the latter case, employers may reduce or revoke benefits unilaterally. In addition, it can also be argued that, for example, meal vouchers for the company canteen are no longer issued and are not reimbursed. Such and other “social benefits by the company” can be limited to use at the company’s workplace.

Last updated on 21/09/2021

Flag / Icon

Belgium

  • at Van Olmen & Wynant

In general, this would be considered a unilateral modification of the employment contract, which can be seen as an irregular termination of the employment contract by the employer, who will have to pay in lieu of notice if an employee claims this. However, the employer will no longer have to pay any agreed commuting expenses (but if the employer pays for a public transport subscription, this would just continue).

Last updated on 21/09/2021

Flag / Icon

Brazil

  • at Pinheiro Neto
  • at Pinheiro Neto Advogados

Employers cannot reduce the salaries or benefits of employees solely because they work remotely. Note that the federal government has introduced certain measures to help companies survive through the pandemic and avoid layoffs (eg, reducing employees’ working hours and salaries, suspending employment contracts temporarily, remote working (with fewer requirements than those set forth by the CLT), and delaying the collection of certain labour charges). These alternatives apply to all employees regardless of their work arrangement (ie, remote workers or not). Therefore, it may be the case that employees were shifted to a remote model and have had their working hours and salaries reduced. Other than that, salary reductions would depend on prior negotiation with the applicable union.

Last updated on 21/09/2021

Flag / Icon

France

  • at Proskauer Rose
  • at Proskauer Rose
  • at Proskauer Rose

Teleworkers have the same rights as employees who work from a company's premises (article L. 1222-9 III of the Labor Code).

Employers cannot modify employees’ remuneration without obtaining agreement.[5] This rule also applies to teleworkers.

In some countries such as the United States, employers can adjust the remuneration of teleworking employees to the cost of living in the employee's place of residence. This practice is not prohibited in France but the employer must be careful in doing so as it could constitute discrimination based on the place of residence, which is prohibited by the labour code[6]if it is not justified by objective elements. 

However, employers can withdraw a few benefits from teleworking employees. Indeed, even if the Ministry of Labor says in a Q&A that the telecommuting employee must receive lunch vouchers like other employees, some jurisdictions believe that the employer can stop paying these vouchers to teleworkers because they are not in a comparable situation to employees who work from a company's premises.[7]

As for transportation costs, the employer must cover half of the cost of the transportation pass used to travel to the office and to return home from the office (article L. 3261-2 of the labour code). If the employee does not have to travel to work during the month, the employer does not have to pay transportation costs.


[5] Cass. Soc, 18 oct. 2006, n°05-41.644

[6] Article L. 1132-1 Labour code

[7]TJ Nanterre, 10 mars 2021, n° 20/09616

 

Last updated on 21/09/2021

Flag / Icon

Germany

  • at CMS Hasche Sigle

The employer is required to pay remuneration based on an employment contract or collective bargaining agreement. Normally, there are no clauses in that contract that provide for a reduction in salary if the employee works remotely. However, special allowances for the reimbursement of expenses that become obsolete due to working from home (such as meal allowances or reimbursement of travel expenses) may no longer apply in individual cases.

Last updated on 21/09/2021

Flag / Icon

Greece

  • at Kyriakides Georgopoulos Law Firm
  • at Kyriakides Georgopoulos Law Firm
  • at Kyriakides Georgopoulos Law Firm

Equal treatment between employees working remotely and those working at the company’s premises are guaranteed. Any reduction of salaries may be implemented only following the employee’s consent (ie, by signing an amendment of the employment agreement).

Last updated on 14/07/2022

Flag / Icon

Hong Kong

  • at Lewis Silkin
  • at Lewis Silkin
  • at Lewis Silkin

Unless the employee has a clear policy or a contractual provision that permits it to reduce salaries or benefits in this situation, it is unlikely that the employer could lawfully make such reductions without the employee’s consent. Where an employee has elected to work remotely and there is such a policy or contractual provision in place, the reduction in salary or benefits is unlikely to be challenged by the employee. Where an employee has been forced to work remotely by their employer (due to covid-19 or otherwise), such a reduction may be challenged as the remote working has not occurred at the employee’s request.

Generally, if an employer changes an employee’s salary or benefits unilaterally, an employee could bring potential claims against it for unlawful deduction from wages, unreasonable variation of employment terms or constructive dismissal.

Last updated on 11/10/2021

Flag / Icon

India

  • at Nishith Desai
  • at Nishith Desai

“Wages including the period and mode of payment”, “contribution paid, or payable, by the employer to any provident fund or pension fund or for the benefit of the workmen under any law for the time being in force”, “compensatory and other allowances”, “hours of work and rest intervals”, “leave with wages and holidays” and “withdrawal of any customary concession or privilege or change in usage” are some of the protected conditions of service under the Indian labour law. For changing any such service conditions to the detriment of the workers, the employer is required to provide 21 days’ prior notice and inform the labour authorities in a prescribed format.

Additionally, the payment of salary and benefits is largely a matter of contract between the parties, beyond the minimum requirements under the labour laws in terms of wages, bonus, social security, insurance, overtime, etc. Hence, the terms of the individual employment contract and policies also need to be considered while reducing wages or removing benefits. These are generally sensitive matters and could also lead to HR issues for the employer, especially if the employees are unionised.

Last updated on 08/07/2022

Flag / Icon
Ireland

Ireland

  • at Littler

Any unilateral reduction of salary or benefits by an employer without the consent of an employee can be challenged by way of a breach of contract claim, an unlawful deduction of wages claim, or a claim of constructive dismissal on the part of an employee. However, such a reduction could be agreed upon between the parties as part of an agreement, for example, to permit the employee to work remotely permanently.

Last updated on 21/09/2021

Flag / Icon

Italy

  • at Toffoletto De Luca Tamajo

Under Smart Working regulations, employees who work remotely are entitled to receive an overall economic treatment equal to that paid to employees working at the company’s premises. Therefore, generally speaking, employers cannot reduce salaries/benefits of employees working remotely. Nonetheless, recent Italian case law considered it possible for employers to revoke meal tickets from remote workers (except in the case of specific contractual obligations), as it is not part of the normal salary of the employee.

Last updated on 14/07/2022

Flag / Icon

Mexico

  • at Marván, González Graf y González Larrazolo
  • at Marván, González Graf y González Larrazolo
  • at Marván, González Graf y González Larrazolo

No, any reductions to employees’ salaries or benefits are considered a unilateral modification to employment conditions, and therefore are grounds for justified rescission of the employment contract with total responsibility attributed to the employer. If this were to happen, severance will have to be paid as if it were an unjustified dismissal.

Last updated on 21/09/2021

Flag / Icon

Netherlands

  • at Rutgers & Posch
  • at Rutgers & Posch

In principle, this is not the case unless the individual employee provides his consent therewith. However, special allowances for the reimbursement of expenses that become obsolete due to working from home (e.g, travel expenses) may no longer apply in individual cases.

Last updated on 08/03/2022

Flag / Icon

Poland

  • at Bird & Bird
  • at Bird & Bird

No. Any such action could be considered as discrimination or other unequal treatment. Remote workers must be remunerated based on the same rules as all other staff, including in terms of their access to other benefits. 

Likewise, within the principles adopted for all staff, remote workers may visit their employer’s office or premises, communicate with other employees, use the employer’s rooms, facilities and company social facilities, and may benefit from social activities organised by the employer.

Last updated on 21/03/2022

Flag / Icon

Portugal

  • at Cuatrecasas
  • at Cuatrecasas

Teleworking employees have the same rights and obligations as any other employees, which implies that no reduction in salaries or benefits is admissible, in principle. Under Portuguese labour law, employers cannot reduce basic remuneration unless there is a demotion, which must be, in any case, expressly authorised by both the employee and the Authority for Working Conditions (ACT).

Reducing or cancelling any other payments to remote workers would be deemed discriminatory, and therefore illegal, except for situations where valid grounds could justify it.

Moreover, concerning reducing or suppressing benefits, the fact that benefits have been granted regularly over the years may lead to their qualification as acquired rights of the employees and part of employees’ remuneration, which would mean restrictions on the termination, reduction or alteration of such payments.

During the beginning of the covid-19 pandemic, there was debate over whether employees were still entitled to a meal allowance if they were teleworking, since the cause for payment would cease to exist (ie, employees would no longer be forced to spend money on out-of-home meals). However, the government clarified that, under the special compulsory teleworking regime (whenever the nature of the functions being performed was compatible with it), employees retain the right to a meal allowance, based on the principle of equal rights for on-site employees and teleworkers. It is now fairly and widely accepted that such meal allowances cannot be withdrawn based on the circumstances of teleworking employees.

Last updated on 13/07/2022

Flag / Icon

Qatar

  • at Clyde & Co
  • at Clyde & Co

Any reduction in contractual salary or benefits cannot be unilaterally imposed and will need to be mutually agreed upon with the employee.  There may be scope to unilaterally amend non-contractual benefits depending on how they have been structured.

Last updated on 08/11/2021

Flag / Icon

Saudi Arabia

  • at Clyde & Co
  • at Clyde & Co

Any reduction in contractual salary or benefits cannot be unilaterally imposed and will need to be mutually agreed with the employee. There may be scope to unilaterally amend non-contractual benefits depending on how they have been structured.

Last updated on 29/11/2021

Flag / Icon

Spain

  • at Cuatrecasas
  • at Cuatrecasas

Article 4 of the Law on Remote Working provides equal rights for remote and on-site workers, so they receive equal pay and are entitled to the same schedule, breaks and work-life balance, and they are expressly included in equality plans and harassment prevention protocols.

Last updated on 21/09/2021

Flag / Icon

Sweden

  • at DLA Piper
  • at DLA Piper
  • at DLA Piper

The employer is not entitled to unilaterally reduce the employee’s salary or other employment benefits unless provided for in the individual employment agreement or a collective bargaining agreement. Hence, such a measure would require an agreement between the employer and the employee. If the employer implements unilateral salary deductions, the employer may be held liable to pay damages for a breach of contract. Moreover, there is a risk that the employee can claim that the deductions imply an unlawful termination of employment, which could make the employer liable to pay both compensation for losses sustained (capped at 32 months’ salary) as well as general damages.

Last updated on 24/01/2022

Flag / Icon

Switzerland

  • at Lenz & Staehelin

The payment of salary constitutes one of the employers' main obligations under an employment contract. This obligation exists even in the case of remote working and, therefore, it is not possible to reduce salary due to remote working.

Regarding benefits, a distinction must be made between different types. For example, it could be considered that employers who provide a car or a transport pass to employees could waive this benefit or reduce it proportionally if employees carry out all, or part, of their professional activity from home. However, if employees are paid meal allowances, it may be more difficult to justify removing this benefit, although the situation is less clear in situations in which employers provides employees with free meals.

Last updated on 30/09/2021

Flag / Icon

Turkey

  • at Gün + Partners
  • at Gün + Partners
  • at Gün + Partners

As per article 14 of the TLA, remote workers cannot be treated differently from a comparable worker solely due to the nature of their employment contract. Employers cannot reduce the salaries or benefits of employees who work remotely merely on grounds of remote working. However, if there is other justification, such treatment may be acceptable.

Last updated on 21/09/2021

Flag / Icon

UAE

  • at Clyde & Co
  • at Clyde & Co

Any reduction in contractual salary or benefits cannot be unilaterally imposed and will need to be mutually agreed upon with the employee. There may be scope to unilaterally amend non-contractual benefits depending on how they have been structured.

Last updated on 08/11/2021

Flag / Icon

United Kingdom

  • at Littler

No, unless they implement the reductions formally with the agreement of the employee or (if relevant) the union.

Any unilateral reduction of salary or benefits by an employer without the consent of an employee can be challenged by way of a breach of contract claim, an unlawful deduction of wages claim, or a claim of constructive dismissal on the part of an employee.

However, it is possible that such a reduction could be agreed between the parties as part of an agreement, for example, to permit the employee to work remotely on a permanent basis.

Last updated on 21/09/2021

Flag / Icon

United States

  • at Littler
  • at Littler
  • at Littler

Most jurisdictions in the US have at-will employment, so that with appropriate advance notice, salaries and benefits of at-will employees can be reduced without issue (ie, assuming no contract and the pay does not fall below the threshold for minimum wage or to maintain any particular exemption).  However, as with any workplace policy, the law mandates that selection for wage reduction be without regard to protected status such as race, age or disability. Thus, there may be an exposure to risk of claims to the extent that those who work remotely are seeking an accommodation or there is a potential for disparate impact.  Thus, employers should ensure that there is no "disparate impact" on any protected status that is required to work remotely.

Up-to-date information on the USA’s response to the pandemic, including State-level news and developments, can be found at Littler’s covid hub here.

Last updated on 21/09/2021

08. Can employers require or mandate that their workers receive a covid-19 vaccination? If so, what options does an employer have in the event an employee refuses to receive a covid-19 vaccination?

08. Can employers require or mandate that their workers receive a covid-19 vaccination? If so, what options does an employer have in the event an employee refuses to receive a covid-19 vaccination?

Flag / Icon

Argentina

  • at MBB Balado Bevilacqua
  • at MBB Balado Bevilacqua
  • at MBB Balado Bevilacqua

The covid-19 vaccine has not yet been included in the National Vaccination Program (NVP); therefore, it is not mandatory for Argentine citizens in any industry. In addition, there are no proposals to make the vaccine compulsory in any industry, so employers may not compel their employees to receive a covid-19 vaccination.

However, Resolution No. 4/2021 establishes that employees who choose not to be vaccinated must act in good faith and do everything they can to reduce any health risk their decision may cause to employers. In this sense, if an employee may not or does not want to be vaccinated (it is voluntary), employers should offer an alternative to office working, such as working from home. Moreover, if an employer does not allow unvaccinated or untested employees to enter their premises and does not offer any other alternative, those employees may argue the existence of a discriminatory action on the employer´s side or arbitrary modification of  labour conditions causing potential liability for the employer.

In addition, the following provisions apply regarding vaccination:

  1. employees may act in good faith and provide reliable proof of vaccination, or state (in an affidavit) the reasons why they were not able to access the vaccination, as applicable;
  2. employers may request that all employees (regardless of their age and risk condition) return to their workplace if they have received their first dose (at least) of any approved covid-19 vaccine and 14 days have passed since that dose;
  3. in case an employee needs to work remotely (and not in-person) due to a health issue, he/she must present a health exam certificate as evidence. The exception to this rule is when both parties agree to the remote working modality.
Last updated on 13/07/2022

Flag / Icon

Australia

  • at People + Culture Strategies

It is our view that in most cases Australian employers will be able to lawfully direct staff to get vaccinated under the rubric of existing health and safety obligations, and we note that several major Australian employers have already implemented mandatory vaccination directives.

Many sectors are subject to public health orders that effectively require employers in those sectors to have mandatory vaccination programmes in place (including the aged-care sector), and these employers have the government’s support for vaccine mandates.

While the government has stopped short of endorsing mandatory vaccinations for employers across other industries, we consider that on balance a direction to staff to get vaccinated will amount to a “reasonable” direction and recommend employers adopt this approach, which is in line with the duty to eliminate (or if that is not possible, minimise) the risk of exposure to covid-19 in the workplace.

Of course, employers should adopt a case-by-case approach when considering whether to enforce a mandatory vaccination policy or directive in respect of an individual worker. We note there may be individuals in a workforce who have a legitimate basis on which to exempt themselves from any requirement to be vaccinated (for example, a worker who has an underlying medical reason for refusing the vaccine or a conscientious objection on religious or cultural grounds), and may be able to claim that they have been discriminated against if they are subjected to any adverse action as a result of refusing to get vaccinated.

Last updated on 21/09/2021

Flag / Icon

Austria

  • at Littler
  • at Littler
  • at Littler

Vaccination is not compulsory at present (but see below and question 10). Employers will not be able to force workers to have a covid-19 vaccination, as long as no corresponding legal basis has been established. However, the legal situation of workers who refuse vaccination has not yet been fully clarified.

Employers might struggle to comply with their duty of care if workers remain unvaccinated. Co-workers, but also customers, would be exposed to a greater risk of infection if workers are unwilling to get vaccinated. Moreover, the set-up of additional protective measures might lead to a considerable increase in costs the employer is unwilling to bear.

Therefore, the employer has two options:                                                                                                                                                                                                                                                                                                                      A transfer of the worker to another workplace with a reduced risk of infection (no contact with customers or co-workers) should be considered first. If the employment contract does not provide for a transfer of workers and the worker refuses to change his or her workplace, the employer could give notice of dismissal with the option of reemployment on altered conditions. Here, for example, a change in working conditions or a change in the place of work would constitute an adequate rearrangement.

However, a dismissal or a dismissal with the option of reemployment on altered terms may not be conditional on vaccination. Yet, if there is no such opportunity for employment, the worker might be legally dismissed as he or she has nowhere to work. The question here too is if the worker can provide other evidence to meet the requirement of a reduced incidence of infection. Besides vaccination, a negative test result or a confirmation of a Covid-19 recovery will serve this purpose.

On 19 November 2021, the government announced that Austria will be the first European country to introduce compulsory vaccination against covid for all people from February 2022. The draft law is in the legislative process. After the National Assembly (one part of the legislative body) gave its approval, the draft will now also be voted on in the Federal Council (the second body). Exceptions to the general obligation to vaccinate will only be possible for medical reasons. For example, religious reasons are not considered according to the draft law. Furthermore, compliance with the vaccination order is "only" ensured by imposing administrative fines for non-compliance.

By creating a corresponding legal basis for a general obligation to vaccinate, it is expected that the employer will be allowed to take action against employees who refuse vaccination. It is conceivable, for example, that the employment relationship could be terminated because the employee cannot be employed due to lack of vaccination and is therefore not ready for work. Nevertheless, the current draft does not bring any legal changes to the workplace for the time being. Here, the 3-G rule continues to apply.

Last updated on 31/01/2022

Flag / Icon

Belgium

  • at Van Olmen & Wynant

Although there is an ongoing discussion, the majority of the legal community believes that employers cannot force employees to get the covid-19 vaccine. This opinion is shared by the Federal Public Service of Work, the Belgian Data Protection Authority and the Federal Anti-discrimination Institute (Unia). If there is no legal basis for this obligation, employers seriously risk a violation of the privacy rules of the GDPR and the anti-discrimination Act of 2007 (discrimination based on health status).

Certain voices in the legal community state that an employer could make vaccination mandatory based on an obligation to create a safe and healthy working environment, but this legal basis does not seem specific enough to effectively remove the risks. For now, the Belgian government does not appear eager to create a legal basis for mandatory vaccination, but this could change in the future.

However, the government did reach an agreement regarding the mandatory vaccination of healthcare personnel (which will enter into force in 2022). For now, the legislative proposal has not yet been approved by parliament.

Last updated on 25/01/2022

Flag / Icon

Brazil

  • at Pinheiro Neto
  • at Pinheiro Neto Advogados

This is still a very controversial matter in Brazil. Recent decisions issued by the Supreme Federal Court have recognised the constitutionality of mandatory vaccination on a federal, state and municipal level in the public system (through the adoption of indirect measures). That being said, it may be possible to apply the same rationale to private work relations. This is mainly because, under Brazilian Law, employers must ensure a safe and healthy work environment that encompasses, for instance, the adoption of preventive measures to tackle covid-19 – including, in a broad interpretation, the vaccine. If on one hand employers must ensure a healthy and safe workplace, then on the other employees must comply with company rules in that regard and cooperate with the company in the implementation of such measures. Thus, considering the Supreme Court’s recent decisions regarding compulsory vaccination and laws on health and safety in the workplace, we understand that there may be some arguments to defend disciplinary measures, even termination of employment with cause, if employees refuse to get vaccinated without a medical justification. This possibility has also been considered enforceable by the Labour Public Prosecutor when publishing certain technical guidelines in January 2021. However, the president of the Superior Labour Court has informally indicated that termination with cause should not be applied in the event of refusal – whereas other justices of the Superior Labour Court have agreed with such a measure. Therefore, there is still no consensus as no decision on this matter has been issued so far by the labour courts. In any case, the following recommendations would apply: the adoption of preventive measures such as educational campaigns about the importance of vaccination and the legal implications of an unjustified refusal; and to evaluate the possibility of terminating an employee with cause on a case-by-case basis. In such an instance, the following will be considered: the reasons for the employee’s refusal; if the employee is under any type of job protection; if the applicable collective bargaining agreement provides for something specific in that regard; if the employee can be moved to a work-from-home arrangement; and if there is any court decision regarding the matter when such termination is planned to occur.

Last updated on 21/09/2021

Flag / Icon

France

  • at Proskauer Rose
  • at Proskauer Rose
  • at Proskauer Rose

Employers can require that their employees are vaccinated only if the vaccination is made mandatory by the French Public Health Code.

In France, vaccination against covid-19 has not been made mandatory (except for health professionals). Therefore, French employers cannot force their employees to be vaccinated. However, they can recommend it to their employees without forcing them (please note that due to the Law of 5 August 2021, employees are entitled to leave to attend covid-19 vaccination appointments).

Please note that a law was passed by Parliament on 5 August 2021 and states:

  1. To make access to certain places, establishments or events conditional upon the presentation of either a negative PCR test, or proof of vaccination status concerning covid-19, or a certificate of recovery following covid-19 infection.

This would only cover the following activities:

  • recreational activities;
  • bars and restaurants (except company restaurants), including terraces;
  • department stores and shopping centres by decision of the Prefect of the district in the event of risks of contamination under conditions guaranteeing access to essential shops and transport;
  • seminars and trade fairs;
  • public transport (trains, buses, planes) for long journeys; and
  • hospitals, homes for the elderly and retirement homes for companions, visitors and patients receiving care (except in medical emergencies).

In those specific cases, from 30 August 2021, an employer undertaking the above activities may ask their employees to present one of these documents, including proof of vaccination status. If an employee is unable to present such documents and chose, in agreement with their employer, to not use paid holidays, the employer can suspend the employee’s contract, on the same day. This suspension, which can lead to an interruption of salary, ends as soon as the employee produces the required proof.

If the suspension goes beyond three working days, the employer shall invite the employee to a meeting to attempt to rectify the situation, including the possibility of temporarily reassigning the employee to another position within the company not subject to this obligation.

  1. Mandatory vaccination for health professionals, including those working in an occupational health service according to article L.4622-1 of the labour code.

The health professionals listed in article 12 of the law of 5 August 2021 (doctors, nurses, doctors working in occupational health services, osteopaths etc) must be vaccinated as of 9 August 2021, unless there is a medical contraindication or a certificate of recovery can be presented.

Please note that the law provides for a transition period as follows:

  • up to and including 14 September, the staff concerned may present a negative test  that is less than 72 hours old (RT-PCR screening test, antigen test or self-test carried out under the supervision of a health professional) if they are not vaccinated;
  • between 15 September and 15 October inclusive, when an employee has received the first dose of vaccine, he or she may continue to work provided that he or she can present a negative test result; and
  • from 16 October 2021, they must present proof of the complete vaccination schedule.

This obligation does not apply to people who perform occasional tasks. The Ministry of Labour defines “occasional tasks” as a very brief and non-recurring intervention that is not linked to the normal and permanent activity of the company. Workers who carry out these tasks are not integrated into the workgroup and their activity is not public-facing.

This may include, for example, the intervention of a delivery company or an urgent repair.

On the other hand, the following are not occasional tasks: carrying out heavy work in a company (eg, renovation of a building) or cleaning services, because of their recurrent nature.

When carrying out an occasional task, the workers concerned must ensure that they comply with social distancing rules.

Employees who have not presented one of these documents can no longer work. Thus, when an employer finds that an employee can no longer carry out their work, the employee must be informed without delay of the consequences of this prohibition, as well as the means to rectify the situation. A dialogue between the employee and employer to discuss ways of rectifying this situation is encouraged.  An employee who is prohibited from working may, with the employer's agreement, use days of rest or paid leave. Otherwise, their employment contract will be suspended.

The suspension of the contract, which leads to the interruption of salary, ends as soon as the employee fulfils the conditions necessary to continue working.

When the employer or the regional health agency finds that a health professional has not been able to carry out their role for more than 30 days, it informs the national council of the order to which they belong.

Please note that, according to the law of 5 August 2021, the employer must inform the new works council (CSE) of measures taken to implement any obligations to verify the vaccination of health professionals or the health passes of employees who come under the aforementioned sectors.

Last updated on 21/09/2021

Flag / Icon

Germany

  • at CMS Hasche Sigle

Employees in health care and nursing facilities will be legally required to be vaccinated against COVID-19 as of March 16.  Accordingly, employees must submit proof of vaccination or recovery by March 15, or they must have proof that they are medically exempt from the requirement to be vaccinated against coronavirus. Employers are supposed to check the vaccination or recovered status of their employees and submit the proof to the health department upon request. Failure to do so will be treated as a misdemeanour.  As of March 15, the health department can then issue a prohibition against affected persons entering the company or facility. If, as a result, the employee is unable to perform his or her contractually agreed activity, he or she has no claim for compensation against the employer. If an employee persistently refuses to provide proof of 2G or a medical certificate of contraindication, the entitlement to continued payment of remuneration ends. Some courts even accept that the employer terminates the continued payment of wages even before a decision by the health authorities. Whether the lack of immunisation also entitles the employer to terminate the contract is disputed, because the obligation to immunise in health care and nursing facilities is due to end on 31.12.2022.

In other sectors will be no legal obligation to be vaccinated against covid-19. Nevertheless, there is an ongoing discussion to change that situation.

Thus, an obligation to be vaccinated cannot be agreed in an employment contract; it would deviate from the basic principles of the statutory rules and therefore be invalid according to the law on general terms and conditions.

Nor can an obligation to be vaccinated be introduced through a works agreement and stipulated by the employer and works council. According to the established case law of the German Federal Labour Court, the parties to a works agreement are bound by the fundamental rights of the German constitution. In this regard, the physical integrity of the employees who are not willing to be vaccinated, which is protected under the German constitution, outweighs the employer's interest in making vaccination compulsory in the workplace.

However, it is not just permissible for employers to promote vaccinations of employees. New legislation leads to the obligation on employers to enable employees to be vaccinated against covid-19 during working hours. Employers shall provide organisational and staffing support to company doctors and the inter-company services of company doctors who carry out protective vaccinations in the company for reasons of population protection. Within the framework of instruction, employees shall be informed by the employer of the health hazards involved in contracting covid-19 and shall be informed about the possibility of protective vaccination. In addition, it is permissible – if controversial – to provide incentives for vaccinations in the form of a bonus. In any event, it is important to avoid discriminating against employees who cannot or do not wish to be vaccinated because of pregnancy, disability or for religious reasons.

Last updated on 14/04/2022

Flag / Icon

Greece

  • at Kyriakides Georgopoulos Law Firm
  • at Kyriakides Georgopoulos Law Firm
  • at Kyriakides Georgopoulos Law Firm

In principle, covid-19 vaccination is not mandatory. By exception, according to a specific legal provision which is currently in force until 31 December 2022, vaccination is mandatory for employees working at nursing homes/care units for people with disabilities and for medical staff (doctors, nurses, etc) and employees working at health care structures (ie, diagnostic centers, rehabilitation centers, clinics, hospitals). Moreover, this obligation applies not only to employees directly employed by such structures, but also to any external employee of a third party provider with an existing contract with the aforementioned health structures  who provides his/her services with physical presence therein for the purposes of execution of said contract, as well as to any other person providing services to those structures or any trainee employee providing services therein under a tripartite internship agreement between the company and the university.  

Last updated on 14/07/2022

Flag / Icon

Hong Kong

  • at Lewis Silkin
  • at Lewis Silkin
  • at Lewis Silkin

As of to date, employers in Hong Kong do not have a statutory right to require their employees to receive covid-19 vaccination. That being said, the government has already made covid-19 vaccination compulsory for civil servants, healthcare workers, care home staff and school teachers. The government has also been urging employers in certain private sectors to mandate covid-19 vaccination for employees.

Further, in order to boost Hong Kong’s vaccination rate, the government has, in February 2022:-

  1. introduced the vaccine pass rules which require all visitors, including employees (except for certain exempted groups), to be covid-19 vaccinated when entering certain premises, such as shopping malls, restaurants, department stores, supermarkets, and hair salons;
     
  2. published the Employment (Amendment) Bill 2022 (the “Amendment”) which provides (amongst other things) that it is a valid reason to dismiss an employee who refuses to comply with a “legitimate vaccination request”. A “legitimate vaccination request” requires a non-exempted employee to show that he/she has received at least one dose of vaccination (the required number of doses of vaccine progressively increases overtime). Although the Amendment has not yet come into force as of to date, it is expected that this will take place soon.

In light of the abovementioned government actions, we have seen an increasing number of employers, especially those in the food & beverage, hospitality, aviation and healthcare sectors, implementing a mandatory vaccination policy for its employees to meet their operational needs.

It is also noted that the Amendment in relation to valid reason for dismissal will have a sunset clause. This means it will be repealed when the pandemic is no longer a matter of public health concern.

Under common law, employees are expected to comply with any “lawful and reasonable” direction from their employer. It is lawful to request that an employee be vaccinated, but there is a question over whether it would be considered reasonable. An employer’s health and safety obligations are often cited as to why such a direction would be reasonable. The reasonableness would largely depend on the particular sector the employee works in, the employee’s role and nature of duties, his or her contact with people, whether the role can be carried out remotely without issue, and whether the vaccine pass rules apply to the employee’s workplace. Certain sectors, such as food & beverage, hospitality, aviation and healthcare, may be able to justify that it is reasonable to mandate employees be vaccinated due to the high-risk nature of the jobs and the workplace they are in.

If an employee refuses to receive a covid-19 vaccination, an employer cannot force the employee to be vaccinated. It could decide to do one of several things:

  • (when the Amendment comes into force) require the employee to comply with a “legitimate vaccination request” and a failure to do so could be a valid reason for dismissal;
  • request that the employee undergo regular covid-19 testing instead;
  • agree with the employee that they can temporarily work from home (if that is possible given the employee’s role): and
  • agree to a change of role for the employee (if their current role requires being in the workplace).

This is not an exhaustive list.

Last updated on 06/04/2022

Flag / Icon

India

  • at Nishith Desai
  • at Nishith Desai

Vaccination in India is voluntary. Employers cannot legally mandate employees to receive a covid-19 vaccination. 

Employers may, however, refuse the entry of employees to the workplace if they are not vaccinated. However, it may not be possible to cut wages or terminate employment on the basis that an employee is not vaccinated.

Please refer to our article published in the International Employment Lawyer on this topic, including recent case law in India. The Indian Supreme Court in the judgment Jacob Puliyel v. Union of India has considered state restrictions against unvaccinated individuals in access to public spaces, resources, and services unconstitutional, although there is no clarification on whether this will impact private individuals imposing entry restrictions upon unvaccinated individuals into private premises. Please also refer to our article published in the International Employment Lawyer on this topic

Last updated on 08/07/2022

Flag / Icon
Ireland

Ireland

  • at Littler

Realistically, no. There is no specific prohibition on employer-mandated vaccination in Ireland, but it will be difficult for employers to justify making vaccination mandatory under existing Irish employment law principles. Employers can, however, encourage employees to get the vaccine.

Employer-mandated vaccination presents several significant risks to employers: breaching the implied term of trust and confidence in employment contracts, giving rise to constructive dismissal claims; legal arguments that the requirement is an unconstitutional encroachment upon an employee’s private life; data protection issues; and discrimination risks.

Current government guidance, as set out in the Work Safely Protocol is that the decision to get a vaccination is voluntary and that workers should therefore make their own decisions in this regard.

However, the guidance does recognise that there may be certain circumstances where it is deemed that an unvaccinated worker is not safe to perform certain work tasks and in such circumstances, the employer may have no option but to redeploy the worker to another work task. Any such decision needs to be agreed upon between the employer and a medical practitioner in consultation with the worker.

Last updated on 13/01/2022

Flag / Icon

Italy

  • at Toffoletto De Luca Tamajo

As a general rule, employers cannot require employees to disclose their vaccination status. On the other hand, according to the current Italian covid-related legislation, the company’s occupational doctor could decide to consider the vaccine as a condition for working in the office, including this measure in the Health Protocol, and/or consider unvaccinated employees as unfit or without the necessary requirements for gaining access to the office (without specifying the reason to the employer). In this hypothesis, the employer should verify whether the employee can work remotely or can be assigned to different duties and, if none of the above options are available, the employer may also suspend the employee without remuneration (once he/she has used up the accrued paid leave and holidays). In this respect, recent Italian case law on this matter (Tribunal of Modena of 19 May 2021 and Tribunal of Rome of 27 July 2021) stated that employees have an obligation to actively cooperate with employers in relation to health and safety in the workplace and that a violation of this obligation may entail consequences for the employment relationship, including the employee possibly being exempted from performing the work activity with no remuneration, confirming in such cases the legitimacy of an employee suspension by the employer.

Last updated on 14/07/2022

Flag / Icon

Mexico

  • at Marván, González Graf y González Larrazolo
  • at Marván, González Graf y González Larrazolo
  • at Marván, González Graf y González Larrazolo

Employers are not authorised to mandate or demand employees to receive a covid-19 vaccination. If an employee refuses the covid-19 vaccine, their employer may not terminate their employment contract or impose any other sanction. However, employers may implement preventive measures according to the provisions for the reopening of workplaces, which employees must comply with. If an employee does not comply with such preventive measures or policies, their employer can terminate the employment contract with justifiable cause. It is important to mention that the employer must have abundant evidence of a policy breach by the employee for the termination to be justifiable if a lawsuit were to be filed by a dismissed employee.

Last updated on 21/09/2021

Flag / Icon

Netherlands

  • at Rutgers & Posch
  • at Rutgers & Posch

An employer cannot require or mandate that their workers receive a covid-19 vaccination. Under Dutch law, as stated in the Dutch constitution, vaccination is voluntary (the sanctity of human life).

Employers may, however, encourage their employees to get vaccinated of their own free will, for example by promoting vaccination. Still, it is vital to exercise caution when promoting vaccination, as employees might easily feel that they are being “pressured” by their employer and are being limited in their decision whether or not to get vaccinated.

Furthermore, an employer can ask employees about their vaccination status, if the employer has a 'good reason' to do so. Such “good reason” entails that the question on the vaccination status is (i) proportionate, (ii) necessary to achieve a legitimate purpose and (iii) the purpose cannot be achieved by less dramatic measures. Possibilities seem limited. Employers must also take into account the GDPR, as they are not permitted to process data about the vaccination status of their employees.

More information can be found here

Last updated on 08/03/2022

Flag / Icon

Poland

  • at Bird & Bird
  • at Bird & Bird

No, a blanket requirement is highly risky for most employers.

Employers cannot force employees to be vaccinated. Consequently, employees cannot be exposed to any adverse consequences for not being vaccinated.

Vaccines are available only via the government-run National Vaccination Programme, and all employees qualify for the vaccine (individual reasons may disqualify a person from vaccination).

However, all employers may actively promote vaccination. The Polish Labour Inspectorate has confirmed that employers may offer non-financial incentives to promote vaccination (ie, an extra day off to be vaccinated). If this option is chosen, we recommend that you plan ahead, have a clear, consistent communication strategy, and actively engage with employees.

Last updated on 21/03/2022

Flag / Icon

Portugal

  • at Cuatrecasas
  • at Cuatrecasas

No, vaccination against covid-19 is not compulsory in Portugal, not even for so-called risk groups such as medical personnel or social workers. For the time being, employers cannot force employees to be vaccinated or ask them to provide information on their vaccination status; they can only generally recommend vaccination. Without the Portuguese parliament passing a law making vaccination compulsory, no private or public entity can force its employees to get vaccinated.

Furthermore, to implement a compulsory policy, employers would most likely have to obtain vaccination certificates from their employees, which would be unlawful under the provisions on privacy and health data protection established in the Portuguese labour law.

Last updated on 13/07/2022

Flag / Icon

Qatar

  • at Clyde & Co
  • at Clyde & Co

At present, there is no policy of mandatory vaccination in Qatar. It is therefore not compulsory for individuals to get vaccinated.  

If employees are unvaccinated or do not reveal their status, an employer would need to consider alternatives; including permitting remote work if this is suitable for the employee’s role or potentially putting in place other measures in the workplace such as separating unvaccinated employees from vaccinated employees, or requiring negative PCR tests instead of vaccinations.

Employers have the right to terminate employment contracts. Any termination must be carried out in compliance with the terms of the Qatar Labour Law and the employment contract (including the notice period if applicable and the payment of all pending entitlements).

Last updated on 08/11/2021

Flag / Icon

Saudi Arabia

  • at Clyde & Co
  • at Clyde & Co

The MHRSD has mandated vaccination for all adults over 18 years of age if they wish to attend the workplace, with an implementation deadline of 1 August 2021.  Within KSA, all individuals must have downloaded the Tawakalna App and show their “green” status to enter all public spaces (which includes the workplace, malls, cinemas and, stores). Following the expiry of the 1 August deadline, the MHRSD issued guidance to employers regarding non-vaccinated employees, instructing them to take the following graduated measures:

  • permit employees to work from home if their role permits this;
  • ask employees to take their accrued untaken leave;
  • ask employees to go on unpaid leave; or
  • take measures in line with the KSA Labour Law, which potentially could include termination of employment.

With such a strong government policy in place, employers must enforce compulsory vaccination.

Last updated on 29/11/2021

Flag / Icon

Spain

  • at Cuatrecasas
  • at Cuatrecasas

No, they cannot require it. Indeed, employers are not even permitted to ask their employees whether they are vaccinated.

This is personal health data, which is a special category of personal data under article 9 of the GDPR, and its processing is subject to stricter requirements than ordinary personal data.

As such information is not necessary for carrying out the employee’s obligations under the employment contract, and there is no legal authorisation for employers to process such data, employers cannot ask for this information and, if employees voluntarily provide it, employers cannot implement any measure for employees based on it. If employers implement any such measure, it could be deemed null, as it could be seen as a retaliation against the right to refuse vaccination.

Last updated on 21/09/2021

Flag / Icon

Sweden

  • at DLA Piper
  • at DLA Piper
  • at DLA Piper

There are no statutory regulations regarding vaccination requirements in Sweden. However, an employer cannot compel an employee to get vaccinated, and as a main rule, a refusal by an employee to get vaccinated does not constitute a basis for termination of employment. A requirement by an employer for employees to get vaccinated has not been tried legally, but the possibility to demand an employee to get vaccinated is likely very limited. That being said, pursuant to the Work Environment Act, employers must take all necessary measures to avoid risks of injury or ill-health at work. If no other measures than the vaccine are available to ensure a safe environment (eg, other protective measures such as social distancing, wearing face masks or cleaning are deemed inadequate), and if the business cannot eliminate the risk of infection through other protective measures such as working from home, it may be justified to require employees are vaccinated to work from the office. A refusal to get vaccinated by the employee may in such a case have consequences for their employment; for example, the employer may be entitled to move the employee to another position. Such measures shall only be taken if there are special reasons for doing so, based on the needs of the business. The nature of the business will be of importance when making such a legal assessment; for example, if the nature of the work performed justifies such a requirement (health workers in certain medical fields). The legal assessment must thus be made based on the circumstances in each case.

It is important to note that a refusal does not automatically mean that the employer may terminate the employee. The employer must observe the formal rules in the Swedish Employment Protection Act and ensure that there is “just cause” for termination. This would, inter alia, include an obligation to review and offer the individual any free positions within the company the employee is qualified for (and for which the employee doesn’t need to be vaccinated for work environment reasons) before termination of employment can come into question and the threshold for just cause for termination may be reached. 

Last updated on 24/01/2021

Flag / Icon

Switzerland

  • at Lenz & Staehelin

Generally speaking, employers must take measures to protect the health of employees. However, in principle, they are not entitled to require employees to be vaccinated, unless there is an overriding interest based on the principle of proportionality.

The State Secretariat for Economic Affairs (SECO) has stated that an employer can require employees to be vaccinated under specific circumstances, such as when there is an elevated risk of contamination that cannot be mitigated via other protection measures. Further, the employer must weigh the different interests (ie, the employee's private life versus the covid risk) for each individual case. Moreover, the SECO has stated that a company may not impose a general vaccination obligation.

If vaccination can be mandatory and if an employee refuses to be vaccinated, their employer could terminate the employment contract. That decision must be proportionate and must be based on the specific circumstances of the case.

Last updated on 20/01/2022

Flag / Icon

Turkey

  • at Gün + Partners
  • at Gün + Partners
  • at Gün + Partners

As per the Constitution, a person’s physical integrity cannot be interfered with except for medical necessity and exceptions set out by the law. As the covid-19 vaccination is not defined as a mandatory vaccine under the applicable laws, employers cannot make vaccinations mandatory for employees in principle. Indeed, the Ministry of Health announced that covid-19 vaccinations are voluntary.

The only mandatory vaccine under the current legislative framework is the smallpox vaccine.

The majority of Turkish academics take the view that termination for refusal to take a vaccine would not constitute rightful or valid grounds for termination. It also would not comply with the principle of termination being the last resort, as employers may proceed with other options such as encouraging employees to get vaccinated or implementing remote working. However certain academics argue that refusing to take a covid-19 vaccine may be valid grounds for termination in exceptional cases (such as employees in elderly care institutions).

The Ministry of Labour and Social Security issued a general letter dated 2 September 2021 regarding vaccination and testing policies that employers may apply in workplaces. The letter suggested  employers should: (i) inform all employees about protective and preventive measures against potential health and safety risks at the workplace; (ii) provide separate information in writing to employees whose covid-19 vaccinations are not complete; (iii) inform unvaccinated employees about the potential results of receiving a covid-19 diagnosis due to unvaccination within the scope of the labour and social security legislation; (iv) require that unvaccinated employees have regular PCR tests once a week as of 6 September 2021; and (v) record the test results at the workplace for any necessary action.

The fact that these arrangements were introduced by a letter from the Ministry  was heavily criticised by legal academics and practitioners, and legislators were expected to bring a law into force soon. However, pursuant to the changing policies of Turkish government regarding covid-19 as evidenced in a letter dated 14 January 2022 from the Ministry of Health, the Ministry of Internal Affairs issued a new general letter on 15 January 2022 that limited the scope of mandatory PCR testing.

Please see question 10 regarding a new general letter issued by the Ministry of Internal Affairs concerning limits on mandatory PCR testing requirements.

Last updated on 09/02/2022

Flag / Icon

UAE

  • at Clyde & Co
  • at Clyde & Co

At present, there is no policy of mandatory vaccination in the UAE. It is, therefore, not compulsory for individuals to get vaccinated but it should be noted that in the Emirate of Abu Dhabi the authorities have taken steps to make it very difficult for individuals who are not vaccinated to access public spaces. While vaccination is not mandatory, the UAE government both on a federal and emirate level have taken steps to encourage vaccination and aim to have all adults in the UAE vaccinated by the end of 2021. Employers are, therefore, in a good position to encourage employees to get vaccinated and can take several measures to encourage it.  

If employees are unvaccinated or do not reveal their status, an employer would need to consider alternatives, including permitting remote work if this is suitable for the employee’s role or potentially putting in place other measures in the workplace such as separating unvaccinated employees from vaccinated employees, requiring negative PCR tests instead of vaccinations.

In the absence of a UAE government-mandated vaccination requirement to attend the workplace, termination for failure to take the vaccination could be assessed by a Labour Court as unfair.

Last updated on 08/11/2021

Flag / Icon

United Kingdom

  • at Littler

In almost all cases, no, an employer could not issue such a requirement or mandate. However, this answer needs to be read in conjunction with the answer to question 9, below.

Absent specific legislation enabling them to do so, employers who attempt to force their staff to be vaccinated may face potential constructive dismissal claims, data protection issues, and discrimination allegations.

At the time of publication this issue remains a highly controversial one, producing significant public debate, and the legal position may change quickly.

Specific legislation dealing with this issue is very limited. In the care homes sector, regulations were made requiring staff to be vaccinated, with effect from 11 November 2021. There are limited exemptions, including on medical grounds and for emergencies. The government is exploring whether to extend this to all health and social care workers with face-to-face contact with patients and service users, unless they are exempt. On current proposals, this would be effective from 1 April 2022, but it is not yet binding law and faces substantial opposition.

The Government has stated that it has no current intention of making Covid-19 vaccination mandatory more generally, but this position needs to be monitored.

Without specific legislation, the general legal position in the UK is that an employer has a legal right to issue “lawful and reasonable” instructions to employees, which they are required to comply with. Although the position has not yet been tested before the UK’s courts and tribunals, it is unlikely that a generic requirement or mandate for employees to be vaccinated would meet this test.

There may be a case for making vaccines mandatory for specific workers undertaking specific activity in certain health-care-related roles; however, again in the absence of legislation the issue is not so much whether the employer can mandate vaccination as opposed to what steps the employer is entitled to take if an employee is not vaccinated. Even if a case could be made for requiring staff to be vaccinated, an employer would need to carefully consider issues relating to data protection and discrimination.

Finally, ACAS has issued recent guidance on supporting staff through the vaccination process: see here.

Last updated on 13/01/2022

Flag / Icon

United States

  • at Littler
  • at Littler
  • at Littler

Federal anti-discrimination laws don't prohibit employers from requiring all employees who physically enter the workplace to be vaccinated for covid-19, accommodations must be made for those with religious objections or a disability.  Another option is to consider having employees show vaccination proof or submit to weekly covid-19 testing, wear masks, and keep physically distant from other workers and visitors.  Employers can also encourage and incentivise employees to get vaccinated by offering prizes, developing vaccination education campaigns, offering vaccinations on-site, covering any costs that might be associated with getting the vaccine, or providing paid time off for employees to get the vaccine and recover from any potential side effects. However, state lawmakers have introduced dozens of legislative proposals to make it harder for employers to require that employees get a covid-19 vaccine.

Up-to-date information on the USA’s response to the pandemic, including State-level news and developments, can be found at Littler’s covid hub here.

Last updated on 21/09/2021