Image credit: REUTERS/Kai Pfaffenbach
In Part 1 or our year in review, we focus on employment and data protection and privacy, while Part 2 will cover financial services and compliance.
Part 1 – Employment and data protection and privacy
2021 was a busy year in terms of developing trends for businesses and their legal advisers to grapple with, although legislative reforms did not move through as quickly as expected in some areas, suggesting that the pace may pick up next year. We revisited some of the key themes of the last 12 months in selected practice areas, according to our experts at Practical Law, and take a look ahead to 2022.
Last year was once again dominated by Covid-19. Managing hybrid working arrangements has been a pressing issue even for those employers who have put specific policies in place. For example, staff requests to work from abroad are bringing up employment, data protection, tax, and immigration complications. Employers also are working through how home-working impacts other policies such as disciplinary rules (for example, whether time-wasting constitutes misconduct). Using monitoring technologies to track employees’ time and productivity is creating data protection concerns, with the Information Commissioner’s Office (ICO) and the press now taking a keen interest in such practices.
Managing health and safety issues has raised some vexed questions—notably whether making vaccination a condition of employment could raise the spectre of potential claims for unfair dismissal or indirect discrimination. A mandatory vaccination policy could be indirect discrimination against employees with protected characteristics, unless it can be objectively justified as a proportionate means of achieving a legitimate aim.
Elanne Pimstone, Director of Practical Law Employment, says, “While there’s a very good argument that protecting the health and safety of the workforce is a legitimate aim, it’s strongly arguable that mandatory vaccination isn’t a proportionate means of achieving that aim because there are less discriminatory means of achieving it, for example testing or homeworking.”
For those in sectors where vaccination is mandatory, questions around obligations to collectively consult, how to re-deploy those who refuse vaccinations, and the potential for mass dismissals, will need to be thrashed out. So will data protection considerations, where employers seek to track employees’ vaccination status.
The focus on new working models will continue. The UK government is proposing to allow workers to request flexible working from day one. Calls for rights for workers to be able to disconnect from work out of hours are growing louder, with the Scottish government considering whether to take the lead as far as its own employees are concerned.
Recruitment and retention will remain a challenge, and we could see staff poaching and team moves starting up again, which could trigger a greater emphasis on restrictive covenants next year. Competition for talent is likely to put the pay and benefits, career development, and training employers offer under the spotlight, as well as their performance on diversity and inclusion and ESG (environmental, social and governance) credentials. Those values are increasingly important to candidates and existing staff.
Novel legal concepts created by Covid-19 could surface in case law. For example, the courts may be asked to rule on claims by staff arguing they should have been furloughed not made redundant.
Practical Law’s practice area editors have contemplated the main developments expected to affect legal practitioners in England and Wales in 2022 and beyond; Practical Law: What to expect in 2022 across practice areas
Data protection and privacy
Building on the data protection and privacy issues above, ensuring that monitoring of employees is fair and lawful, but also proportionate, has been a major challenge. Data protection impact assessments are vital to manage these issues appropriately. Security is also critical, especially where staff are using their own devices and making more use of cloud computing and remote apps. Employers have had to think about developing guidance for disposing of confidential waste at home, and whether online meetings should be recorded.
“In data protection terms, all this has reinforced the importance of accountability and evidencing those decisions,” says Shelley Malhotra, Senior Editor on Practical Law’s Data Privacy and Cybersecurity team. “We’re hoping to see an updated ICO employment code of practice in 2022 that will cover some of these issues we’ve been experiencing recently.”
More widely, the government launched a consultation on data protection regime reforms, the next iteration of which is expected next year. Reform is welcome on certain proposed changes to access requests, for example, but some concerns exist around changes to the accountability framework, which currently works well in relation to issues such as large-scale processing.
The extent to which data can flow freely between the UK and EU was unknown at the start of the year, but an ‘adequacy’ finding in June allowing it to do so was good news. The ICO has produced a draft data transfer agreement, which should be finalised in 2022.
Importantly, the ICO also acknowledged the difficulties caused by Covid-related disruption when responding to complaints and data subject access requests. Other privacy questions brought to the fore in 2021 include the use of CCTV following the video doorbell case and leaked footage of former Health Secretary Matt Hancock.
Several other themes which emerged last year will continue to attract attention. What shape will litigation take now that the Supreme Court has thrown out a class action against Google for allegedly tracking iPhone users? Will the government’s data protection reforms be robust enough? What more will be done to improve the ad tech space as the ICO’s investigation resumes? Look out for the government’s AI white paper too.
Recent criticism and intensifying scrutiny of UK and EU regulators and a new information commissioner could spark changes on the horizon. There are concerns the ICO could even lose its independence.
Further developments on e-privacy regulations in the UK and EU, notably around tackling unsolicited communications, can be expected. Agreeing ‘adequacy’ partnerships with other countries like Singapore could feature next year too, allowing a freer flow of data across borders. And we may see increased collaboration between regulators at home and abroad, for instance to work together on investigations.
Another big talking point will be the role of privacy-enhancing technologies like pseudonymisation and anonymisation (for which further ICO guidance is expected). The importance of privacy by design also will be highlighted as innovations like ‘live shopping’ (a mix of e-commerce, social media, and live video-streaming) take off, with implications for real-time predictive analytics, mass data processing, and conversion tracking.
There is plenty for businesses and their legal advisers to be alert to and stay abreast of as the new year dawns. Read Part 2 of our Year in Review: Financial Services and Compliance or watch our Recent Webinar to hear our sector specialists explore all the topics touched on here in more detail.
Practical Law Year in Review: Selected themes of 2021 and looking ahead to 2022, Part 2; Financial services and compliance