VdA's Privacy and Data Protection and Cybersecurity practice will now contribute with articles and legal updates regarding Portugal to The DAC Beachcroft newsletter, a publication of reference in the Privacy and Data Protection sector.
See here the recent article prepared by Magda Cocco (partner responsible for the practice), Inês Antas de Barros (Senior associate) and Maria de Lurdes Gonçalves (associate).
The DAC BeachCroft is an international law firm with headquartes in London, United Kingdom, and has a network of 1.400 lawyers throughout United Kingdom, Europe, Asia-Pacific, Latin America and North America.
|
Portugal Guidelines on the use of geolocation devices in the workplace setting |
|
|
Maria de Lurdes Gonçalves |
The Portuguese Data Protection Authority (PDPA) has recently published an opinion (Opinion) that imposes certain obligations on all companies and public entities dealing with geolocation data and which sets out important rules for car manufacturers, car rental, leasing and fleet management companies, electronic communications operators, and all suppliers of platforms providing the necessary monitoring technology for geolocation devices. In this Opinion, the PDPA sets out strict conditions applicable to processing of personal data obtained through the use of geolocation devices made available by the employer to the employees, namely those used in motor vehicles (which is allowed only for specific purposes) and in smart mobile devices such as mobile phones, tablets and laptops (which is generally forbidden). Also, the PDPA forbids using geolocation technology to monitor an employee's professional performance or to monitor employees during their free time. These provisions oblige companies and public entities to adopt 'Privacy by Design' mechanisms as well as to inform the employees, in writing, of the conditions of use of the relevant equipment. In light of this Opinion, it is advisable that companies and public entities check their contracts, internal regulations and activities regarding personal data collection and processing involving geolocation systems in order to ensure they comply with the conditions set out. Furthermore, the data processing of employees' geolocation data is subject to the PDPA's prior authorisation. |
|
The PDPA's Opinion is available here (Portuguese). What action could be taken to manage risks that may arise from this development? Clients using geolocation devices in its equipment should ensure they comply with the requirements provided by the Portuguese Data Protection Law and the PDPA's Opinion with respect to the use of this type of technology and the data processing there through (including the request of the PDPA's prior authorization). Applicable internal policies and regulations should be reviewed. Provided by Vieira de Almeida & Associados - Sociedade de Advogados, R.L, Portugal. (For more information, please contact Magda Cocco (mpc@vda.pt), Inês Antas de Barros (iab@vda.pt) or Maria de Lurdes Gonçalves (mlg@vda.pt).) |
|
Media:
