www.pdpjournals.com (Continued from page 9) meets the new standards, or welcoming wearable technology more generally. In the US, the EEOC has issued proposed rules governing workplace wellness programmes, including those that incorporate wearable technology, under the ADA. Among various other requirements, the proposed rules make it clear that a wellness program will only be deemed ‘voluntary’ if employees are given notice clearly explaining what medical information will be obtained through the program and by whom, how the medical information will be used, and how the employer will safeguard against its improper disclosure. The proposed rule would also require that employers only receive information collected as part of a wellness program in aggregate form that does not disclose the identity of specific employees, except to the extent such identification is necessary to administer the plan. The EEOC notes that, as best practice, individuals who handle employee medical information in administering a wellness program should not also be responsible for making employment decisions, such as termination or discipline, to reduce the potential for disabilityrelated discrimination. US employers that administer or offer wellness programmes should take care to ensure their programmes’ compliance with the new rules, which are expected to be finalized in the near future. Safeguarding — practical steps for businesses To comply with the current EU regime and to prepare for the draft Regulation and the finalisation of the EEOC’s proposed rules under the ADA, businesses should focus on putting adequate safeguards in place now, in order to ensure a seamless and transparent approach for their employees. P R I V A C Y & D A T A P R O T E CT I O N Given the amount of data collected by wearable technologies, an obvious danger lies in the temptation for employers to use them for purposes other than those previously disclosed to employees. Employers should, at the very least, consider the following: V OLU ME 1 6, ISSU E 1 Getting — and staying — ahead As ever, the law is playing catch up to developments in wearable technologies, which are happening so fast that legislation and data protection authorities are struggling to keep pace. Consent: Do current consents satisfy the more onerous requirements of the draft Regulation? If However, with the appropriate safenot, what changes need to be made to guards in place, there is no reason the consent process to address the why both employers and employees new requirements? should not reap the benefits of introducing wearable technologies Profiling: What activities will be into the working environment. caught by the prohibition on profiling in the draft Regulation? Are any of the To do this, potential pitfalls must be exemptions from the prohibition appliidentified and conquered so that they cable? do not outweigh the positive benefits of embracing innovation, technological Data minimisation: i.e.

ensuring that growth and increased productivity in only data that are strictly necessary the workplace afforded by wearable for the intended purpose(s) technologies. are collected. As we have seen, wearable technology is capable of collecting vast amounts of data. To take an obvious and ubiquitous example, activity trackers track employees’ steps both in and outside of work; whilst an employer wishing to encourage employees to take more regular breaks from their screens may be justified in reviewing the former, it should be wary of collecting detailed data relating to activity outside working hours. Anonymisation or aggregation of data where appropriate: e.g. in exchange for a reduction in the business’ insurance premium. Ensure that workplace wellness programmes incorporating wearables comply with HIPAA and the ADA’s requirements: Perhaps most critical to achieving this is providing adequate training to employees responsible for administering wellness programmes or otherwise handling medical information. The key to the success of all of these measures is communicating with employees and ensuring proper regulation and internal enforcement of applicable requirements. Ann Bevitt Partner Cooley (UK) LLP abevitt@cooley.com .