Labour market matching involves the use of personal data. To prevent identity fraud and ensure adequate use, this data needs to be protected and used appropriately. This issue has become ever more important with the rise of digital tools and interfaces that support labour market matching.
Digital and data-driven tools hold huge value and potential to improve labour market inclusiveness, matching and functioning. Still, they need to be designed in ways that avoids bias and respects the privacy of job seekers and workers.
Regulation governing data protection must be conducive to job creation, labour market functioning and social innovation. Data protection rules therefore need to be clear, implementable and aligned to labour market goals, rules and developments.
In 2018 the EU General Data Protection Regulation (GDPR) was the first of many modern data privacy laws that established frameworks on the use and protection of personal data. This Regulation sets one regulatory framework on the use and protection of personal data in Europe and replaces the various national regulations on data protection that had been in place so far.
Labour market matching and protection of personal data is no trade-off, nor should it be. To this end the World Employment Confederation includes the protection of personal data as one guiding principles of its Code of Conduct. To help implementation in the industry, the World Employment Confederation-Europe has created a toolbox for its national federation members and developed guidelines to clarify the allocation of the ‘Processor’ and ‘Controller’ roles in the context of the different HR services most commonly provided by WEC members.
California’s CCPA and CPRA, Brazil’s LGPD and may other jurisdictions have subsequently implemented similar regulations. Also, many states in the United States implemented consumer or more general data protection laws.
The NIS2 Directive is an EU-wide legislation on cybersecurity that came into force in 2023. It updates the legal framework initially introduced in 2016 by providing legal measures to boost the overall level of cybersecurity in the European Union.
WEC’s Data Privacy Taskforce created a Guidance document to help its members understand what the Directive means for the HR services industry.
