Overview of the transfers of employee data

Handing over personal data at work is an activity that most people accept is just a normal part of their job.

But for employers, and their lawyers, it is crucial to be aware of the rules regulating employee data, especially if employers are operating in more than one jurisdiction. As it will become apparent in this guidance note, different jurisdictions take very different approaches to regulating employee data which can cause confusion and may result in unnecessary penalties.

There are many questions that different data protection laws have attempted to answer worldwide. For example, when a jobseeker completes an online application, or hands over their CV, are they relinquishing ownership of that personal information? Do they need to provide consent if their prospective employer, or employer, wants to use it? When an employee sends an email, can their employer read it or use its meta data? For what purpose? What about employees’ web browsing history on their work laptops? Can employers send their employees’ data to another country?

This guidance note provides practical guidance on how different jurisdictions regulate the protection of employee data. Often, employee data is not distinguished from personal data in the way it is regulated. The regulation of personal data is covered specifically in Understanding personal data, but is also covered here to the extent it is relevant to employee data.

In this subtopic, you will learn about:

  • the regulation of employee data in Australia, Asia, and Europe;
  • what specific employee data is protected under each regulatory framework (see Protecting employee data);
  • how employers are allowed to handle their employees’ data, including whether they can transfer it across borders (see Cross-border transfers of employee data));
  • whether in certain jurisdictions, a distinction is made legally between “personal data” and “employee data”; and
  • instances where employers have failed to comply with employee data protection laws and the repercussions of non-compliance (see Understanding employee data privacy obligations in Europe).