•  
  •  

Osgoode Home > Osgoode Digital Commons > Journals > CLLPJ > Vol. 45 (2025) > Iss. 3

 

Comparative Labor Law & Policy Journal

Abstract

Technological advancements pose serious threats to workers’ privacy. This article focuses on practices that greatly blur the line between workers’ private life and life at work, such as the practices of “bring your own device,” and linking cloud storage to personal and work devices. The first sees workers allowed to use personal devices for work-related activities, potentially for several employers. The second sees workers using online storage for personal and professional reasons, linking this storage to personal and work devices. Such practices can be useful for workers. However, they also present challenges for workers’ privacy, particularly when other legal frameworks are implicated. Employers may have legitimate reasons and a legal basis to request access to, control, and search of workers’ devices on the basis of, inter alia, data protection, freedom of information, and civil procedural rules. These rules may promote other legitimate goals. However, when individuals do not separate their private and professional activities cleanly within or across devices in a way that can be searched, the legal regimes in question can pose threats to privacy. These regimes may require analysis of unseparated material through accessing data and devices. This article examines this trend with a primary focus on United Kingdom and European law. We propose that workers’ right to private life should be understood as a right to supported separation of work and private contexts and a right to control the process of a search of data and devices.

References

Abraha, H. H. (2024). Hauptpersonalrat der Lehrerinnen: Article 88 GDPR and the interplay between EU and Member State employee data protection rules. The Modern Law Review, 87(2), 484–496. https://doi.org/10.1111/1468-2230.12849

Adavi, K. A. K., & Acker, A. (2023). What is a file on a phone? Personal information management practices amongst WhatsApp users. Proceedings of the ACM on Human-Computer Interaction, 7(CSCW2), Article 372, 1–28. https://doi.org/10.1145/3610221

Albin, E. (2025). The three-tier structural legal deficit undermining the protection of employees’ personal data in the workplace. Oxford Journal of Legal Studies, 45(1), 81–107. https://doi.org/10.1093/ojls/gqae033

Aloisi, A., & De Stefano, V. (2022). Your boss is an algorithm: Artificial intelligence, platform work and labour. Hart Publishing. https://doi.org/10.5040/9781509953219

Armitage, C., Botton, N., Dejeu-Castang, L., & Lemoine, L. (2023). Study on the impact of recent developments in digital advertising on privacy, publishers and advertisers: Final report. Publications Office of the European Union. https://data.europa.eu/doi/10.2759/294673

Atkinson, J. (2018). Workplace monitoring and the right to private life at work. Modern Law Review, 81(4), 688–700. https://doi.org/10.1111/1468-2230.12357

Barocas, S., & Nissenbaum, H. (2014). Big data’s end run around anonymity and consent. In J. Lane, V. Stodden, S. Bender, & H. Nissenbaum (Eds.), Privacy, big data, and the public good: Frameworks for engagement (pp. 44–75). Cambridge University Press. https://doi.org/10.1017/cbo9781107590205.004

Bietti, E. (2020). Consent as a free pass: Platform power and the limits of the informational turn. Pace Law Review, 40(1), 310–398. https://doi.org/10.58948/2331-3528.2013

Blair, L. (2018). Contextualizing bring your own device policies. Journal of Corporation Law, 44(1), 151–170. https://jcl.law.uiowa.edu/sites/jcl.law.uiowa.edu/files/2021-08/Blair_Final_Web.pdf

Bogg, A., Collins, H., Davies, A. C. L., & Mantouvalou, V. (2024). Human rights at work: Reimagining employment law. Hart Publishing. https://doi.org/10.5040/9781509938766

Boyd, D. (2002). Faceted Id/entity: Managing representation in a digital world [Doctoral dissertation, Massachusetts Institute of Technology]. https://www.media.mit.edu/publications/faceted-identity-managing-representation-in-a-digital-world/

Chin, M. (2021, September 22). Students who grew up with search engines might change STEM education forever. The Verge. https://www.theverge.com/22684730/students-file-folderdirectory- structure-education-gen-z

Collins, H. (2018). Is the contract of employment illiberal? In H. Collins, G. Lester, & V. Mantouvalou (Eds.), Philosophical foundations of labour law (pp. 48–67). Oxford University Press. https://doi.org/10.1093/oso/9780198825272.003.0003

Collins, H. (2021). An emerging human right against unjustified dismissal. Industrial Law Journal, 50(1), 36–69. https://doi.org/10.1093/indlaw/dwaa003

Collins, H. (2025). Privacy and the right to (dis)connect. Comparative Labor Law & Policy Journal, 45(3), In this issue.

Commission Nationale de l’Informatique et des Libertés. (2022, January 5). Le droit d’accès des salariés à leurs données et aux courriels professionnels. CNIL. https://www.cnil.fr/fr/le-droit-dacces-des-salaries-leurs-donnees-et-aux-courriels-professionnels

Cook, C. (2011, September 19). Gove faces probe over private e-mails. Financial Times. https://www.ft.com/content/cc4b8272-e2c4-11e0-897a-00144feabdc0

Corfield, G. (2018, January 8). FCA “gold-plates” EU rule, hits BYOD across entire UK finance sector. The Register. https://www.theregister.com/2018/01/08/fca_mifid_gold_plating_bans_byod/

Dalla Corte, L. (2019). Scoping personal data: Towards a nuanced interpretation of the material scope of EU data protection law. European Journal of Law and Technology, 10(1). https://ejlt.org/index.php/ejlt/article/view/672/909

Davidov, G. (2016). A purposive approach to labour law. Oxford University Press. https://doi.org/10.1093/acprof:oso/9780198759034.001.0001

Durrant, T., Lilly, A., & Tingay, P. (2022). WhatsApp in government: How ministers and officials should use messaging apps — and how they shouldn’t. Institute for Government. https://www.instituteforgovernment.org.uk/sites/default/files/publications/whatsapp-in-government.pdf

Dutton, W. H. (1999). Society on the line: Information politics in the digital age. Oxford University Press.

Ekbia, H. R., & Nardi, B. A. (2017). Heteromation, and other stories of computing and capitalism. MIT Press. https://doi.org/10.7551/mitpress/10767.001.0001

Ellison, N. B. (2004). Telework and social change: How technology is reshaping the boundaries between home and work. Praeger. https://doi.org/10.5040/9798216024132

Eustace, A. (2025). Bring your whole self into work, keep your whole self out. European Labour Law Journal, 16(1), 74–86. https://doi.org/10.1177/20319525241312773

Griggio, C. F., Nouwens, M., & Klokmose, C. N. (2022). Caught in the network: The impact of WhatsApp’s 2021 privacy policy update on users’ messaging app ecosystems. Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems (CHI ’22), Article 104, 1–23. https://doi.org/10.1145/3491102.3502032

Gulacti, U., Lok, U., Hatipoglu, S., & Polat, H. (2016). An analysis of WhatsApp usage for communication between consulting and emergency physicians. Journal of Medical Systems, 40(6), 130. https://doi.org/10.1007/s10916-016-0483-8

Haag, S. (2015). Appearance of dark clouds? — An empirical analysis of users’ shadow sourcing of cloud services. Proceedings of the Wirtschaftsinformatik 2015 Conference, 1438–1452. https://aisel.aisnet.org/wi2015/96

Harris, J., Ives, B., & Junglas, I. (2012). IT consumerization: When gadgets turn into enterprise IT tools. MIS Quarterly Executive, 11(3), 99–112. https://aisel.aisnet.org/misqe/vol11/iss3/4/

Hendrickx, F., & Van Bever, A. (2013). Article 8 ECHR: Judicial patterns of employment privacy protection. In F. Dorssemont, K. Lörcher, & I. Schömann (Eds.), The European Convention on Human Rights and the employment relation (pp. 183–208). Hart Publishing. https://doi.org/10.5040/9781474200301.ch-008

HM Government. (2023, March 30). Using non-corporate communication channels (e.g. WhatsApp, private email, SMS) for government business. GOV.UK. https://www.gov.uk/government/publications/non-corporate-communication-channels-for-government-business/using-non-corporate-communication-channels-eg-whatsapp-private-email-sms-forgovernment-business-html

Home Office. (2022, May 17). Extraction of information from electronic devices: Code of practice. GOV.UK. https://www.gov.uk/government/consultations/extraction-of-information-fromelectronic-devices-code-of-practice

Information Commissioner’s Office. (2020, June). Mobile phone data extraction by police forces in England and Wales: Investigation report (Version 1.1). ICO. https://ico.org.uk/media/aboutthe-ico/documents/2617838/ico-report-on-mpe-in-england-and-wales-v1_1.pdf

Information Commissioner’s Office. (2022, July). Behind the screens — Maintaining government transparency and data security in the age of messaging apps. ICO. https://ico.org.uk/media/about-the-ico/documents/4020886/behind-the-screens.pdf

Information Commissioner’s Office. (2023, May 19). How do we find and retrieve the relevant information? ICO. https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/individual-rights/right-of-access/how-do-we-find-and-retrieve-the-relevant-information/

Information Commissioner’s Office. (n.d.). Official information held in non-corporate communications channels. ICO. https://ico.org.uk/for-organisations/foi-eir-and-access-toinformation/freedom-of-information-and-environmental-information-regulations/officialinformation-held-in-non-corporate-communications-channels/

Jimenez, J. I., & Jahankhani, H. (2020). Bring your own device: GDPR compliant or headache? The human aspect in security and privacy. In H. Jahankhani (Ed.), Cyber security practitioner’s guide (pp. 239–273). World Scientific. https://doi.org/10.1142/9789811204463_0007

Kahvedžić, D. (2021). Digital forensics and the DSAR effect. ERA Forum, 22(1), 59–73. https://doi.org/10.1007/s12027-021-00651-z

Kopper, A., & Westner, M. (2016). Towards a taxonomy for shadow IT. Proceedings of the 22nd Americas Conference on Information Systems (AMCIS 2016), 1–10. https://aisel.aisnet.org/amcis2016/EndUser/Presentations/3/

Lerouge, L., & Trujillo Pons, F. (2022). Contribution to the study on the “right to disconnect” from work: Are France and Spain examples for other countries and EU law? European Labour Law Journal, 13(3), 450–465. https://doi.org/10.1177/20319525221105102

Letsas, G. (2013). The ECHR as a living instrument: Its meaning and its legitimacy. In A. Føllesdal, B. Peters, & G. Ulfstein (Eds.), Constituting Europe: The European Court of Human Rights in a national, European and global context (pp. 106–141). Cambridge University Press. https://doi.org/10.1017/cbo9781139169295.005

Levy, K. (2023). Data driven: Truckers, technology, and the new workplace surveillance. Princeton University Press. https://doi.org/10.1353/book.109251

MacDermott, Á., Heath, H., & Akinbi, A. (2022). Disappearing messages: Privacy or piracy? CONF-IRM 2022 Proceedings (Paper 10). https://www.conf-irm.org/conference/wp-content/uploads/2024/11/22-Conf-IRM-Proceedings.pdf

Mantouvalou, V. (2008). Human rights and unfair dismissal: Private acts in public spaces. Modern Law Review, 71(6), 912–939. https://doi.org/10.1111/j.1468-2230.2008.00722.x

Mantouvalou, V. (2019). “I lost my job over a Facebook post: Was that fair?” Discipline and dismissal for social media activity. International Journal of Comparative Labour Law and Industrial Relations, 35(1), 101–125. https://doi.org/10.54648/ijcl2019005

Mantouvalou, V., & Collins, H. (2009). Private life and dismissal: Pay v UK Application No 32792/05, [2009] IRLR 139 (ECtHR). Industrial Law Journal, 38(1), 133–138. https://doi.org/10.1093/indlaw/dwp004

Marsden, C. T. (2011). Internet co-regulation: European law, regulatory governance and legitimacy in cyberspace. Cambridge University Press. https://doi.org/10.1017/CBO9780511763410

Marwick, A. E., & Boyd, D. (2011). I tweet honestly, I tweet passionately: Twitter users, context collapse, and the imagined audience. New Media & Society, 13(1), 114–133. https://doi.org/10.1177/1461444810365313

Messenger, J. C., & Gschwind, L. (2016). Three generations of telework: New ICTs and the (r)evolution from home office to virtual office. New Technology, Work and Employment, 31(3), 195–208. https://doi.org/10.1111/ntwe.12073

Microsoft. (2023, February 21). Set up a connector to archive WhatsApp data in Microsoft 365. Microsoft 365 Compliance Documentation. https://learn.microsoft.com/en-us/microsoft-365/compliance/archive-whatsapp-data

Microsoft. (n.d.). Back up your folders with OneDrive. Microsoft Support. https://support.microsoft.com/en-us/office/back-up-your-folders-with-onedrive-d61a7930-a6fb-4b95-b28a-6552e77c3057

Niezna, M., & Davidov, G. (2023). Consent in contracts of employment. Modern Law Review, 86(5), 1134–1165. https://doi.org/10.1111/1468-2230.12802

Nooney, L. (2023). The Apple II age: How the computer became personal. University of Chicago Press. https://doi.org/10.7208/chicago/9780226816531.001.0001

Nouwens, M., Griggio, C. F., & Mackay, W. E. (2017). “WhatsApp is for family; Messenger is for friends”: Communication places in app ecosystems. Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems (CHI ’17), 727–735. https://doi.org/10.1145/3025453.3025484

Download

Request a copy that is accessible using assistive technology (link opens in a new window)

Included in

Law Commons

Share

COinS