Regulating algorithmic employment decisions through data protection law

Abstract

The regulation of algorithmic management falls under the purview of multiple legal domains including but not limited to labour law, non-discrimination law and data protection law. While labour law does not have explicit provisions to adequately protect workers from algorithmic harms, existing non-discrimination and data protection laws can address some aspects of these harms. This article examines the extent to which the GDPR offers the necessary tools to protect workers from harm stemming from algorithmic management. It argues that while the provisions tailored to automated decision-making (ADM) and the rest of the GDPR provide workers with some limited protections, significant gaps remain. It then suggests some policy options on how the existing protections under the GDPR can be further complemented, particularised, and strengthened through a combination of legislative and non-legislative measures.