The legality of microchipping employees – People Management

10 / 01 / 2019

The article was originally published by People Management on January 10, 2019.

As a Swedish firm reportedly enters discussions with several UK businesses about fitting employees with microchips, Emily Matthews and James Castro-Edwards examine the legal implications

Swedish firm Biohax has already microchipped 4,000 employees, while a UK firm, BioTeq, has reportedly fitted 150 people with implants in the UK. The chips are the size of a large grain of rice (2 x 12mm) and are typically inserted in an individual’s hand. They can be used for security access, logging onto computers and making payments.

Currently, the chips do not contain tracking systems. They use near field communication technology, also used in contactless credit cards or mobile payments, and are ‘passive’ until activated by a reader.

Supporters promote the technology’s convenience, removing the need to carry a key fob, credit card or security pass; however, for many, the threat the chips pose to individual privacy outweighs the convenience and makes the concept inherently troubling.

The key legal issues which need to be considered are:

  • rights to monitor activity
  • rights upon termination
  • issues of consent

Monitoring

Microchipping employees raises legitimate concerns around privacy. The chips potentially allow employers to access sensitive information for example, around health and location.

This information is likely to be personal data. To comply with the General Data Protection Regulation (GDPR) and Data Protection Act 2018, where employers are using the chips for monitoring purposes, they need to be transparent with employees about the data collected and how it is used, and rely on a lawful basis to justify the processing and retention of the data.

Employers also need to be aware of the duty of trust and confidence implied into all employment relationships. Using the chips to monitor outside of agreed parameters could fundamentally breach that duty.

Article 8 of the European Convention on Human Rights also provides individuals with the right to privacy. Although breaches of this right may be justifiable, case law suggests this argument is unlikely to succeed where employees have a reasonable expectation of privacy (eg where the employer fails to inform them of potential monitoring).

Termination

Typically, access cards, company credit cards and company mobile phones are expressly stated to be company property (often in the employment contract) which must be returned on termination. However, unlike these items, microchips cannot be removed easily or turned off, instead requiring a surgical procedure for their removal (albeit minor). They are also likely to have collected non-work related data, which is personal to the employee.

If employers expect employees to return the chips on termination, they would need to: be clear from the outset that they are company property; obtain consent for their removal (which may be withdrawn or refused); and inform employees about how their data would be used post-employment, and how long it would be retained. As it is unlikely that employers could force employees to return the chips on termination, they may be able to agree that employees will either return them or repay the cost of the chip (approximately £150).

Consent

An employer cannot legally require an employee to be microchipped and would struggle to make it a condition of employment. To lawfully introduce microchips in the workplace, employees would need to obtain freely given express consent.

Consent has always been problematic in an employment context, given the imbalance of power between employer and employee, and the requirements for valid consent have been tightened by GDPR. Employers need to be certain that consent is freely given, clear and unambiguous, and can be withdrawn at any time.

It is also important that employers do not treat employees who refuse the procedure differently. For example, there could be religious reasons why employees refuse, which in turn, could give rise to the risk of discrimination claims if they suffer any detriment as a result of their refusal.

Conclusions

In addition to the issues already identified, there are potential security and health risks. For example, hackers could potentially obtain access to huge amounts of employee information via the chips, or the chips could cause unforeseen health risks, leading to potential personal injury claims.

Although wearable tech and the use of biometric data is becoming more widely accepted, the concept of human microchipping takes it one step further and will be hugely controversial. For those considering this technology, the key is to be transparent and have clear policies about how the chips will work and be used.