Legal Requirements and Technical Metrics for Controlling Privacy of Employees' Location Data

AutorWaldmann, Ulrich; Kunz, Thomas; Schleper, Janine; Kohn, Matthias; Pesch, Paulina Jo
ArtConference Paper
AbstraktCompanies usually store a lot of personal data about their employees. Metrics for automated verification of the compliance with the data minimization and storage limitation requirements provided in the General Data Protection Regulation (GDPR) can help companies meet their monitoring obligations. Furthermore, employees can monitor the processing of their personal data and verify that the processing of their personal data is lawful. In particular, metrics can be used to monitor complex data privacy requirements such as the data minimization or storage limitation. For this purpose, suitable data sources are combined in a meaningful way to obtain indicators of data protection. This paper outlines basic metrics for an application scenario from the field of agile workforce management in logistics. The metrics are intended to verify compliance when processing real-time location data for rescheduling employees. To this end, the local logistics and workforce management system is supplemented by a proxy server and a metrics service – two trusted components within the logistics enterprise network. In particular, the metrics system prevents the internal company network from directly accessing employee location data. Depending on the role in the company (e. g., data subject, management, works council, data protection officer), it can provide different sets of metrics on current data protection.
KonferenzKonferenz "Mensch und Computer" 2023