Key Points

• Employers have been increasingly offering wristbands or smartwatches, also known as ‘mHealth devices’, to their employees.
• The use of mHealth devices at work may come at a price for employees, who may unknowingly or unwillingly share their health information with their employer and third parties, such as mHealth providers. This could lead to data privacy breaches and discrimination in the workplace.
• The EU regime has recognized that the use of mHealth devices raises issues in the workplace, and Article 29 Working Party has stated that employees’ free consent to the processing of mHealth data is highly unlikely because of the sensitive nature of health data and the unequal nature of the employment relationship.
• However, the current EU regime leaves room for some exceptions and uncertainty: first, under GDPR, employees’ health data may be processed if the employer can show that such processing is necessary for preventive and occupational medicine; second, GDPR only provides a positive definition of ‘health data’, which leaves room for ambiguity regarding some type of mHealth data, such as lifestyle data.
• Although the current EU regime recognizes the challenges raised by the use of mHealth devices in the workplace, further clarification would be welcome, as it would enable to create a culture of trust between employees, employers and mHealth developers.

中文翻译：

---

追踪还是不追踪？公司健康，移动医疗和GDPR时代的员工数据隐私†

关键点

• 雇主越来越多地向员工提供腕带或智能手表，也称为“ mHealth设备”。
• 对于员工而言，在工作中使用mHealth设备可能会付出一定的代价，他们可能在不知不觉中或不愿意与雇主和第三方（例如mHealth提供者）共享其健康信息。这可能导致违反工作场所数据隐私和歧视行为。
• 欧盟政权已经认识到使用mHealth设备会在工作场所引起问题，第29条工作组指出，由于健康数据的敏感性质和不平等性质，员工极不可能自由同意处理mHealth数据雇佣关系。
• 但是，当前的欧盟制度为某些例外情况和不确定性留有余地：首先，根据GDPR，如果雇主可以证明需要进行预防和职业医学处理，则可以处理员工的健康数据；其次，GDPR仅提供了“健康数据”的正面定义，这为某些类型的mHealth数据（例如生活方式数据）留下了歧义的余地。
• 尽管当前的欧盟制度认识到在工作场所使用mHealth设备带来的挑战，但仍欢迎进一步澄清，因为这将有助于在员工，雇主和mHealth开发人员之间建立信任文化。