www.pdpjournals.com (Continued from page 13) In the US, the EEOC has issued proposed rules governing workplace wellness programmes, including those that incorporate wearable technology, under the ADA. Among various other requirements, the proposed rules make it clear that a wellness program will only be deemed ‘voluntary’ if employees are given notice clearly explaining what medical information will be obtained through the program and by whom, how the medical information will be used, and how the employer will safeguard against its improper disclosure. The proposed rule would also require that employers only receive information collected as part of a wellness program in aggregate form that does not disclose the identity of specific employees, except to the extent such identification is necessary to administer the plan. The EEOC notes that, as best practice, individuals who handle employee medical information in administering a wellness program should not also be responsible for making employment decisions, such as termination or discipline, to reduce the potential for disabilityrelated discrimination. US employers that administer or offer wellness programmes should take care to ensure their programmes’ compliance with the new rules, which are expected to be finalized in the near future. Safeguarding — practical steps for businesses To comply with the current EU regime and to prepare for the draft Regulation and the finalisation of the EEOC’s proposed rules under the ADA, businesses should focus on putting adequate safeguards in place now, in order to ensure a seamless and transparent approach for their employees. Given the amount of data collected by wearable technologies, an obvious danger lies in the temptation for employers to use them for purposes other than those previously disclosed to employees. Employers should, at the very least, consider the following: D A T A P R O T E C T I O N I R E LA N D VOLUME 8, ISSUE 5 Consent: Do current consents satisfy the more onerous requirements of the draft Regulation? If not, what changes need to be made to the consent process to address the new requirements? However, with the appropriate safeguards in place, there is no reason why both employers and employees should not reap the benefits of introducing wearable technologies into the working environment. Profiling: What activities will be caught by the prohibition on profiling in the draft Regulation? Are any of the exemptions from the prohibition applicable? To do this, potential pitfalls must be identified and conquered so that they do not outweigh the positive benefits of embracing innovation, technological growth and increased productivity in the workplace afforded by wearable technologies. Data minimisation: i.e.

ensuring that only data that are strictly necessary for the intended purpose(s) are collected. As we have seen, wearable technology is capable of collecting vast amounts of data. To take an obvious and ubiquitous example, activity trackers track employees’ steps both in and outside of work; whilst an employer wishing to encourage employees to take more regular breaks from their screens may be justified in reviewing the former, it should be wary of collecting detailed data relating to activity outside working hours. Anonymisation or aggregation of data where appropriate: e.g. in exchange for a reduction in the business’ insurance premium. Ensure that workplace wellness programmes incorporating wearables comply with HIPAA and the ADA’s requirements: Perhaps most critical to achieving this is providing adequate training to employees responsible for administering wellness programmes or otherwise handling medical information. The key to the success of all of these measures is communicating with employees and ensuring proper regulation and internal enforcement of applicable requirements. Getting — and staying — ahead As ever, the law is playing catch up to developments in wearable technologies, which are happening so fast that legislation and data protection authorities are struggling to keep pace. Ann Bevitt Partner Cooley (UK) LLP abevitt@cooley.com .