STUDY A G u er t t h j o a r n s a Hasalla MApornilth20y2e6ar C Ne o g u o n ti t a r t y ing re D p ig o i r ta t lised Workplaces for Albania Rights and Obligations, Albania Subtitle of the publication single- or multi-line , illustration, Title photo r area icon or colou

Imprint Publisher Friedrich-Ebert-Stiftung e.V. Godesberger Allee 149 53175 Bonn Germany info@fes.de Publishing department Division for International Cooperation| Global and European Policy Responsibility for content and editing Mirko Herberg, Director, Global Trade Union Project Contact Blanka Balfer blanka.balfer@fes.de Design/Layout pertext| corporate publishing www.pertext.de The views expressed in this publication are not necessarily those of the Friedrich-Ebert-Stiftung e.V.(FES). Commercial use of the media published by the FES is not permitted without the written consent of the FES. FES publications may not be used for election campaign purposes. April 2026 © Friedrich-Ebert-Stiftung e.V. ISBN 978-3-98628-870-9 Further publications of the Friedrich-Ebert-Stiftung can be found here: ↗ www.fes.de/publikationen

Gertjana Hasalla April 2026 Negotiating Digitalised Workplaces Rights and Obligations, Albania

Contents Foreword .........................................................  3 1. Introduction – Technology at Work Is Labour Issue ....................  4 2. Examples of Digital Technologies Used in Workplaces .................  7 3. What Are Your Rights – And What Are Management’s Obligations? ......  9 Law No. 124/2024“On Personal Data Protection” ....................  10 The Labour Code of the Republic of Albania 1995 (as amended in 2003, 2008, 2016, 2024) ...........................  11 Law No. 10 237/2010“On Occupational Safety and Health” and implementing acts ..........................................  13 Law No. 10221, dated 4.2.2010,“On Protection from Discrimination”, as amended(hereafter Anti–Discrimination Law). ....................  14 Sector–specific and public administration rules on ICT procurement and digital systems .............................................  14 EU–Derived Instruments and International Influences ................  15 4. The Checklists of Questions You Have a Right to Ask! .................  16 5. Filling the Gaps – Bargaining Topic Suggestions ......................  19 6. Summary Reflections ............................................  21 7. Annex – Links to the Laws and Agreements Covered ..................  22 8. Glossary List ...................................................  23

Foreword Across the world, management in both the public and pri­ vate sectors is deploying digital technologies with the aim of improving productivity and efficiency. Such technologies have a direct impact on working conditions and workers’ rights. Jobs are being(semi-)automated, new competencies are required and work and workers are becoming quantified as their actions and non-actions are turned into data points and analysed through algorithmic systems. The negative impact of these systems on workers is well documented. Yet anecdotal evidence from multiple countries suggests that shop stewards and Occupational Health and Safety representatives to a large degree are not discussing the use of digital technologies with management. The representa­ tives mention that they feel they lack knowledge about the particularities of digital technologies and why they should pay careful attention to them. Many report that manage­ ment never raises the issues of digitalisation with them, nor do they feel they have a sound overview of how to apply existing laws and agreements to spur these discussions. Although some unions are successfully negotiating contract language about the digitalisation of work as evidenced by PSI’s Digital Bargaining Hub, the vast majority are still not. To support unions in their negotiations with management, this series of reports brings to light what rights workers have when digital systems are deployed at work and what obligations management have in relation to the workers. The reports provide ready-to-use checklists of questions, and collective bargaining suggestions to bridge legal gaps. The Friedrich-Ebert-Stiftung realises that technology de­ ployment without workers involvement not only subjects workers to control but also changes the balance of power at the workplace in favour of employers. Workers may feel in­ creasingly alienated and objectified. We have understood that an unprotected and disempowered workforce is not only less productive but tends to lose trust in the promises and institutions that are supposed to guarantee decent work and a decent live. Therefore, contributing to workers’ capacity to claim their rights and negotiate working condi­ tions in a digitalised workplace is a service to democracy and justice. This is what this project aims to achieve – by making transparent what institutional power, i.e. rights, laws and labour market agreements workers have at their disposal. We hope that the case studies presented will lead to a more thorough and strategic response by workers and organised labour in the countries studied and to more coun­ tries embarking on the path towards negotiated introduc­ tion and use of digital technologies. We owe Christina J. Colclough, Director of The Why Not Lab, Denmark, our gratitude for providing the initial spark for this project and for being an enthusiastic and competent mentor to the case study authors. Her relentless dedication to challenge, motivate and capacity build the labour move­ ment to build power in the digital economy is unparalleled and has been the inspiration behind many collaborative un­ dertakings of the FES Global and national Trade Union Pro­ jects. We thank the authors of the country studies for their pro­ fessionalism and enthusiasm to explore uncharted territory, for the discoveries of potential leverage points and for their “thinking forward” to take the next steps in building work­ ers’ power. Finally, Blanka Balfer, FES, deserves praise for being the ­silent backbone of this project(and so many others) that al­ low FES to use its global network for the benefit of the global labour movement. May this series of reports serve as a stepping stone for deeper engagement, collective bargaining and policy-mak­ ing and policy-enforcing success in the digital economy of today and tomorrow! Mirko Herberg Director, Global Trade Union Project Friedrich-Ebert-Stiftung Foreword 3

1. Introduction – Technology at Work Is a Labour Issue You may already be working with digital technologies without having been asked about them. An app to clock in. Software that scores your calls. Dashboards measuring performance. GPS tracking in vehicles. AI screening job applications. Cameras in new places. These technologies are often presented as technical tools to improve efficiency or service quality. But for workers, they change how work is organised, monitored, evaluated, and controlled. This report is designed to help workers and unions under­ stand which laws already apply, which questions they have a right to ask based on those laws, and how to use those rights when digital technologies are introduced or used at work. It also shows how collective bargaining can be used to address gaps that existing law does not fully regulate. Digital technologies are no longer peripheral tools in the workplace. Across the world, they increasingly sit at the centre of managerial power, shaping how work is organ­ ised, paced, evaluated and controlled. Biometric attend­ ance systems, GPS tracking, algorithmic task allocation, AI-based recruitment tools, performance dashboards and automated decision-making systems are being rolled out across sectors with little warning and, too often, without meaningful consultation with workers or their trade unions. For workers and union officials, this transformation raises a fundamental question: who controls technology at work, and in whose interests is it deployed? While em­ ployers routinely present digitalisation as neutral, inevita­ ble or purely technical, workers experience it as a restruc­ turing of power relations. Digital systems extend manage­ rial oversight into new areas of workers’ lives, intensify work, fragment tasks, obscure decision-making and deep­ en information asymmetries between employers and workers. Digitalisation is also frequently used to bypass estab­ lished industrial-relations practices. New technologies are introduced as matters of managerial prerogative; data are collected without transparency; and algorithmic decisions are presented as objective or unchallengeable. This report starts from a different premise. Digitalisation does not suspend labour law, weaken fundamental rights or displace collective bargaining. On the contrary, it makes union organisation, legal knowledge and collective action more necessary than ever. Existing labour law, da­ ta-protection law, equality law and occupational safety and health frameworks continue to apply in digitalised workplaces, even if they must now be asserted and en­ forced under new conditions. For unions, legal clarity is therefore not an abstract con­ cern. It is a source of bargaining power. Knowing which rights already exist – and where they fall short – enables unions to challenge unilateral technological change, de­ mand information and consultation, and negotiate bind­ ing protections that keep workers in control of how tech­ nology reshapes their jobs. How to use this country report This report is written for workers, shop stewards, and trade unions in Albania, where digital technologies such as CCTV, biometric attendance systems, and algorithmic workforce management are spreading rapidly across both public and private sectors. In many workplaces, digitalisa­ tion has outpaced social dialogue, leaving workers insuffi­ ciently informed about their rights. The report helps you understand how Albania’s labour law, occupational safety and health framework, and strengthened data–protection legislation apply to digital­ ised workplaces. It supports workers and unions in hold­ ing employers accountable where consultation is weak, enforcement is uneven, or digital tools are introduced as faits accomplis. The report includes a checklist of key questions based on legal rights that workers and unions can use before a new technology is introduced and periodically while it is being used. These questions are intended to structure negotia­ tions, demand information, and prevent technologies from being imposed unilaterally or expanded without consent. The purpose of the report is practical and strategic: it aims to support workers and unions in understanding what digitalisation means for their rights, to strengthen their position in discussions with management, and to help turn abstract legal protections into concrete, enforce­ able workplace standards. No legal ecosystem fully addresses the risks to workers’ rights, dignity and decent work. To bridge the gaps, the 4 Friedrich-Ebert-Stiftung e. V.

report also includes a list of potential collective bargain­ ing topics and issues for inspiration in the negotiations with management. Digital technologies are often introduced by management as technical upgrades, efficiency tools, or unavoidable in­ novations. In practice, however, they frequently reshape working conditions, intensify monitoring, redistribute pow­ er, and create new risks for workers’ dignity, autonomy, health, and job security. Digitalisation is not just a techni­ cal matter, though. It is a labour issue and therefore a le­ gitimate subject for negotiation, consultation, and collec­ tive bargaining. What this report can do for you This report is designed to help you: → Identify digital technologies being used or proposed in your workplace, even when they are presented in vague or technical language; → Understand your existing rights under labour law, ­data-protection rules, occupational safety and health frameworks, anti-discrimination law, and collective agreements; → Hold management accountable to its legal obligations when introducing, using, or expanding digital systems; → Prepare for negotiations by showing how other unions and workers have addressed similar challenges; → Bridge gaps in the law through collective bargaining where legal protections are weak, unclear, or poorly en­ forced. Rather than assuming that digitalisation is inevitable or in­ contestable, the report treats it as a process that can—and must—be shaped through collective action. How to use this report in practice Each section of this report serves a specific purpose and can be used independently, depending on your immediate needs. Section 2: Examples of digital technologies used in workplaces This section provides examples of digital technologies used in Albania. Maybe your workplace uses a similar technology, although it might be called something differ­ ent? If you are in doubt about what digital technologies are used, do a virtual walk-through of a typical working day. From the moment you enter the workplace – how do you get in? Do you use an electronic keycard? Or does a technology register your fingerprint or face? Do you then need to log on to a computer technology, use a handheld device, a mobile phone, a GPS tracker, or anything else? All of these technologies are digital, and all of them cre­ ate data. If your walk-through reveals the use of digital technolo­ gies at work, this report will be highly useful for you. Section 3: What are your rights – and what are management’s obligations? This section begins with a graphical depiction of the legal and collective frameworks that already apply to digitalised workplaces. You can use this section to quickly identify which laws, regulations, or agreements are relevant to your situation. Find the links to the laws and agreements in the Annex. It then moves on to describe the legal and collective frameworks that already apply to digitalised workplaces. It explains what employers are required to do—such as consult workers, assess risks, limit surveillance, or ensure fairness—and how unions can invoke these obligations in discussions, negotiations, or disputes. Section 4: The checklists of questions you have a right to ask! Cut out this section and carry it with you when you prepare for discussions with management around the implementa­ tion and use of digital technologies in your workplace. The questions help ensure that your rights are respected and that employers meet their obligations. Section 5: Filling the Gaps – Bargaining Topic Suggestions Even when management follows the law, the law is often not enough to address how digital systems affect every day working conditions. Many of the issues raised by AI, monitoring tools, performance dashboards, and data-driv­ en management are only partially regulated or not regu­ lated at all by existing legislation. This is where collective bargaining becomes important. This section provides ex­ amples of bargaining themes that unions may consider when seeking to address the gaps that current law leaves open. For further inspiration on concrete contract language un­ ions have successfully negotiated, see Public Service In­ ternational’s open database that includes almost 600 clauses related to the digitalisation of work. Find it here: https://publicservices.international/digital-bargaining-hub Introduction – Technology at Work Is a Labour Issue 5

When can you use the report? You can use this report at different moments: → Before a technology is introduced , to demand informa­ tion, consultation, and justification; → After a system is in place , to assess whether manage­ ment is complying with its obligations; → During collective bargaining , to propose concrete clauses that regulate digitalisation; → For education and organising , to build shared under­ standing and collective confidence among workers. Digital technologies do not manage themselves. Employers make choices about how they are deployed, and those choices can be questioned, negotiated, and reshaped. This report is intended to support you in doing exactly that. 6 Friedrich-Ebert-Stiftung e. V.

2. Examples of Digital Technologies Used in Workplaces Digitalisation is reshaping workplaces across Albania in both public institutions and private enterprises. Employ­ ers increasingly rely on new systems to manage attend­ ance, monitor performance and coordinate tasks, reflect­ ing a rapid shift toward data–driven management. These developments are visible across key sectors such as manufacturing, services, logistics and public adminis­ tration. In manufacturing, companies use automated at­ tendance and monitoring systems to track production and efficiency. In call centres, delivery platforms and logistics services, algorithmic management tools and mobile applications allocate, supervise and evaluate tasks. Public institutions employ biometric identifica­ tion, digital archiving and access control technologies to enhance service delivery. While these systems can im­ prove coordination and safety, they also raise concerns about fairness, privacy and proportionality in how data are collected and used. Most digital tools used in Albanian workplaces process personal or identifiable information, including finger­ prints, facial images, video footage, geolocation and digital activity logs. Their introduction requires employ­ ers to comply with the Law on Personal Data Protection (Law No. 124/2024), the Labour Code and the Law on Occupational Safety and Health, which together require transparency, proportionality and consultation with em­ ployees or their representatives(2024–IDP; 1995–La ­ bourCode; 2010–OSH). In practice, such consultation is still limited, and many workers remain unaware of how these technologies affect their rights. Below are present five main types of digital technologies used currently in Albanian workplaces:. 1. CCTV and Video Surveillance Systems Employers in manufacturing, retail, transport, and pub­ lic administration often use closed–circuit television (CCTV) systems for security and safety. In Albania, pub­ lic authorities have recently rolled out“smart city” CCTV networks in 20 municipalities(e.g., Kamëz, Vlorë, Lezhë, parts of Tirana), which operate 24 hours per day and use high–resolution cameras for surveillance and traffic monitoring. These systems may include motion detection or advanced analytics. Any use of CCTV—es­ pecially if it involves continuous recording—must re­ main proportionate and limited to the declared security objectives. Workers should be informed of camera placement, data retention times, and how recordings are used, since video footage constitutes personal data under national law(2024–IDP; 1995–LabourCode). 2. Electronic Attendance and Biometric Timekeeping Systems Biometric and electronic timekeeping devices are now common in factories, offices and public institutions. Employees clock in using cards, fingerprints or facial scans linked to their working hours. While these sys­ tems improve payroll accuracy, they involve sensitive bi­ ometric data that require strict safeguards and a Data Protection Impact Assessment(DPIA). Employers must demonstrate necessity and ensure that data are not used for disciplinary or productivity monitoring(2025– KPMG; 2024–IDP). 3. Workforce Management Software and Mobile Applications In logistics and platform–based work, mobile applica­ tions track routes, record performance and evaluate ef­ ficiency through algorithmic scoring. These systems collect location and behavioural data continuously, which can lead to opaque or automated decisions. Em­ ployers must clearly inform employees about data col­ lection and guarantee human oversight of automated processes(2024–DataprotectionGuidance; 2025–Indus ­ tryReports). 4. Call Centre Monitoring and Desktop Tracking Tools Employers in customer service and outsourcing sectors use monitoring software to record calls, capture screens and measure productivity through dashboards and ana­ lytics. Monitoring may also extend to remote work. Al­ though intended to maintain quality standards, such practices can infringe on privacy if not properly regulat­ ed. Employees must be notified in advance about the scope and purpose of monitoring and data must be used only for declared operational reasons(2021– Guardian; 2015–LabourCode). Examples of Digital Technologies Used in Workplaces 7

5. IT Security Logging and Access Control Systems Banks, public institutions and large enterprises main­ tain detailed access logs to prevent cyber incidents and ensure compliance with data protection and anti–cor­ ruption rules. These systems record user activity, login times and document access. While essential for securi­ ty, data collection must be limited to legitimate purpos­ es and retention periods must be clearly defined(2025– APDP; 2010–OSH). Across all sectors, responsible use of digital technolo­ gies depends on transparent communication, meaning­ ful worker consultation and respect for privacy and dig­ nity. Adherence to data protection and labour legisla­ tion ensures that digitalisation supports safe, fair and human–centred workplaces in Albania(2024–IDP; 1995–LabourCode; 2010–OSH). 8 Friedrich-Ebert-Stiftung e. V.

3. What Are Your Rights – And What Are Management’s Obligations? Albania’s legal and institutional framework governing the use of digital technologies at work has evolved in recent years, reflecting both the rapid digitalisation of its econo­ my and the country’s gradual alignment with European Union standards. The adoption of the new Law on Per­ sonal Data Protection(2024) and strengthened labour and occupational safety provisions provides a coherent foundation for regulating workplace surveillance, algo­ rithmic management and automated decision–making. However, enforcement remains uneven and many em­ ployers are unaware of their consultation obligations. Trade unions can use these laws strategically to strength­ en worker protection and social dialogue. Together, they offer tools for ensuring that digitalisation in Albania re­ spects human rights, privacy and decent work principles. → Law No. 124/2024“Law for the protection of personal data” and related guidance from the Information and Data Protection Commissioner; The Law for the protection of personal data entered into force in February 2025. Several key provisions will take effect in January 2027, including those concern ­ ing the obligation to communicate data breaches to affected individuals, the development and approval of codes of conduct, and the rules governing the processing of personal data by public authorities for purposes related to public security, national security, and the prevention or prosecution of criminal of­ fences. The law gives workers and their representa­ tives the right to request access to Data Protection Impact Assessments before monitoring or high–risk digital systems are introduced. Worker consultation rights are further reinforced through Article 35 para ­ graph nine, which requires the controller to seek the views of data subjects or their representatives dur­ ing the DPIA process whenever appropriate. → The Labour Code of the Republic of Albania dated 12.07.1995(as amended in 2003, 2008, 2016, 2024); The Labour Code establishes the right to consulta­ tion when technological or organisational changes affect employment conditions. → Law No. 10 237/2010“On Safety and Health at Work” and implementing regulations; The OSH Law obliges employers to assess psychosocial risks from monitoring or algo­ rithmic management. → Law No. 10221, dated 4.2.2010,“On Protection from Discrimination”, as amended (hereafter Anti–Discrimination Law); it trans­ poses core EU equality directives, including Directive 2000/43/EC(Racial Equality) and Di ­ rective 2000/78/EC(Employment Equality). → Sector–specific and public administration rules on ICT procurement and digital systems; Public procurement rules ensure ac­ countability for data processing when digital systems are provided by third–party contrac­ tors. → EU–derived instruments and international influences; EU and ILO instruments provide standards for human oversight, non–discrimi­ nation and ethical use of AI systems. Below, we set out the key rights you already have when management decides to introduce or use digital technol­ ogy at work. We do this law by law, pointing you directly to the specific provisions you need to know. Alongside your rights, we also highlight management’s legal obli­ gations to you, including duties to consult, ensure system transparency, conduct risk assessments, and more. Then, in the next section, we bring this together into two prac­ tical sets of questions you can use to hold management to account. The first set covers questions to ask before a new digital technology is introduced. The second set cov­ ers your ongoing rights once the technology is in use. Every question is grounded in existing laws and/or collec­ tive agreements. Where management is reluctant to en­ gage or provide answers, we reference the exact legal provisions you can rely on. What Are Your Rights – And What Are Management’s Obligations? 9

Law No. 124/2024“On Personal Data Protection” The law entered into force in February 2025. A number of provisions will not apply until January 2027. These include the obligations to communicate data breaches to affected individuals, the creation and approval of codes of conduct, and the rules that regulate how public authorities process personal data for matters related to public security, na­ tional security, or the prevention and prosecution of crimi­ nal offences. Coverage: This law applies to all entities, public and private, that col­ lect, process or store personal data of individuals in Alba­ nia. It brings the national framework in line with the Euro­ pean Union’s General Data Protection Regulation(GDPR), ensuring that the use of data–driven technologies respects privacy, fairness and proportionality → Art. 5–7 Establish the basic principles of lawful, fair, and transparent processing; data minimisation; and ­purpose limitation. → Art. 12–15 Grant data subjects the right to access, correc­ tion, erasure, and restriction of processing. → Art. 22–25 Regulate the use of special categories of data, ­including biometric and health–related information, requiring stricter safeguards. → Art. 30–35 Define the obligation to conduct Data Protection Impact Assessments(DPIAs) before introducing high–risk technologies and to consult the Information and Data Protection Commissioner where risks are high. → Art. 35(9) Gives workers and their representatives the ability ­ to request that their views be considered during the preparation of a DPIA when the processing may af­ fect them. This article also allows representatives to seek access to relevant DPIA information that con­ cerns the impact of the planned processing. → Art. 40–45 Define the powers of the Commissioner for Infor­ mation and Data Protection to supervise compli­ ance, conduct inspections, and impose administra­ tive measures. Relevance to digitalised workplaces: → Lawful, transparent, and purpose–limited processing (Art. 5–7): Employers must ensure that any processing of employee data—such as CCTV footage, biometric identifiers, or digi­ tal attendance records—is lawful, transparent, and limited to the specific, declared purpose. → Information and access rights(Art. 12–15): Employees have the right to be informed about the cate­ gories of data collected, purposes of processing, and recip­ ients of data, as well as the right to access, correct, or re­ quest deletion of their data. → Automated decision–making and profiling(Art. 25): Automated decision–making, including profiling or algo­ rithmic ranking systems, is permitted only under condi­ tions that safeguard human dignity. Workers retain the right to request human intervention and to contest auto­ mated outcomes. → Data Protection Impact Assessment(DPIA) and consultation duty(Art. 30–35): Employers introducing digital systems that may signifi­ cantly affect privacy or data security must conduct a DPIA in advance and, where risks remain high, must consult the Information and Data Protection Commissioner(IDP) . → Art. 35(9) (mirroring GDPR Art. 35(9) ) further states that “where appropriate, the controller shall seek the views of the data subjects or their representatives on the intended processing” , except where such consultation would endan­ ger commercial confidentiality or security of processing. This creates a clear legal basis for worker or union consultation during DPIA preparation and review. → Biometric and special–category data(Art. 22–24): Biometric data such as fingerprints, facial images, or voice patterns are considered special categories of data and may only be processed when strictly necessary for legitimate aims, with proportionate safeguards and defined retention periods. This law gives employees strong procedural tools to chal­ lenge unlawful data use and to demand transparency from employers about any technology that collects or analyses personal information.(2024–IDP)(2025–Dataprotection ­ News) 10 Friedrich-Ebert-Stiftung e. V.

Union relevance Trade unions can rely on Articles 30–35 to de ­ mand participation in DPIAs and on Article 35(9) to formally request that worker representatives be consulted before new monitoring or algorithmic systems are introduced. They may also cite Arti­ cles 12-15 to obtain disclosure of personal data used in disciplinary or performance evaluations. Practice insight Several public institutions have introduced biometric attendance systems in recent years, and such roll­ outs have sometimes produced concerns among staff about privacy and monitoring. In these situa­ tions, worker representatives could have relied on Article 35 of Law No. 124/2024“On Personal Data Protection” to request prior consultation and disclo­ sure of the Data Protection Impact Assessment (DPIA). In parallel, Articles 46–49 and 200 of the Labour Code of the Republic of Albania provide con­ sultation rights requiring employers to inform and discuss with employees or their representatives be­ fore implementing technological or organisational changes that affect working conditions. The Labour Code of the Republic of Albania 1995(as amended in 2003, 2008, 2016, 2024) Coverage: The Labour Code regulates all employment relationships, both in the public and private sectors. It sets fundamental principles for fair employment practices, worker protection and workplace relations → Art. 32 Protects the dignity, health, and moral integrity of employees; prohibits practices that violate personal privacy. → Art. 46-49 Regulate changes in working conditions and re­ quire prior notice and consultation when new technologies or organisational changes affect employees. → Art. 197-202 Establish the rights of trade unions and the obliga­ tion of employers to consult and negotiate collective agreements. → Art. 200 Provides a legal basis for union consultation on technological changes affecting employment or working conditions. → Art. 203-206 Define the framework for dispute resolution, mediation, and collective labour conflicts. Relevance to digitalised workplaces: → Protection of dignity, privacy, and well–being(Art. 32): Employers are required to respect and protect the dig­ nity, privacy, and physical and mental integrity of employees. This obligation extends to all forms of workplace monitoring, data collection, and digital performance management. What Are Your Rights – And What Are Management’s Obligations? 11

→ Consultation on changes to work organisation (Arts. 46–49): Any change in work organisation, methods, or technology that affects employees’ working conditions must be dis­ cussed in advance with workers or their representatives ­ in a timely and transparent manner. These articles guar­ antee that workers are informed and consulted before digital tools are introduced or procedures are modified. → Use of monitoring data in disciplinary actions (Arts. 32 and 202): Data or recordings gathered through monitoring systems may not be used for disciplinary or evaluative purposes unless employees were informed beforehand about the monitoring’s existence, scope, and objectives. Employers must demonstrate that the data collection respects the principles of fairness and proportionality. → Social dialogue and technological change (Arts. 197–202, especially Art. 200): The Code establishes the legal foundation for collective bargaining and social dialogue. Article 200 in particular gives trade unions the right to request consultation and negotiation on technological change, data use, and other workplace measures affecting employment conditions. This article provides unions with a clear procedural route to participate in digital transformation processes. Through these provisions, the Labour Code ensures that digi­ talisation does not erode the fundamental principles of fair­ ness, transparency, and participation in the workplace. (1995–LabourCode) Union relevance Under Article 200, unions can require consultation before the implementation of any digital system that changes workloads or performance assessment. This article provides the legal foundation for partici­ patory governance of workplace technology. Practice insight Several public institutions have introduced biomet­ ric attendance systems in recent years, which have sometimes raised staff concerns about privacy and surveillance. In such cases, worker representatives could rely on Article 35, paragraph nine of Law No. 124/2024“On Personal Data Protection” to request participation during the preparation of the Data Protection Impact Assessment and to seek access to relevant information connected to the planned processing and on Articles 46–49 and 200 of the Labour Code to require consultation before system implementation. Used together, these provisions create a strong legal foundation for ensuring that technological changes are transparent, necessary, and jointly reviewed. 12 Friedrich-Ebert-Stiftung e. V.

Law No. 10 237/2010“On Occupational Safety and Health” and implementing acts Coverage: This legislation applies to all employers and employees and sets comprehensive obligations to identify, assess and mitigate risks related to occupational safety and health(OSH). → Art. 5–8 Require employers to identify, assess, and prevent occupational risks in all work processes, including technological change. → Art. 10–13 Establish workers’ rights to be informed, trained, and consulted on occupational safety and health measures. → Art. 14–16 Oblige employers to consult workers or their repre­ sentatives before adopting new technologies that may impact health or safety. → Art. 19–21 Require periodic risk assessments and updates whenever working methods or equipment change. → Art. 22–23 Define duties of the Labour Inspectorate to monitor compliance and enforce safety obligations. Relevance to digitalised workplaces : → Risk assessment of new technologies(Arts. 5, 7–8): Employers must identify and assess all risks arising from the introduction of new technologies, including psychosocial and ergonomic factors linked to contin­ uous digital monitoring, remote work, or algorithmic task allocation. The assessment must be documented and updated when­ever new digital tools or working methods are introduced. → Consultation with workers and representatives (Arts. 14–16): Workers and their representatives must be informed and consulted before and during the introduction of ­new technologies that may affect health or safety. These ­articles guarantee participatory risk manage­ ment and require that employees contribute to the design and implementation of preventive measures. → Information and training obligations(Arts. 10–13): Employers must provide adequate information and training on the safe and appropriate use of digital devices, software, and communication systems. Training must include potential ergonomic and ­psychosocial risks and must be repeated when new equipment or systems are introduced. → Regular review and update of risk assessments (Arts. 19–21): Employers are required to review and update their risk assessments whenever technological or or­ ganisational changes occur. Reassessment must include both physical and psychosocial risks and must be shared with worker representatives or OSH committees. The law encourages proactive risk management and participatory approaches, ensuring that digital tools enhance productivity without compromising workers’ health, dignity, or autonomy.(2010–OSH) (2012–ILO) Union relevance Articles 14–16 and 19–21 give unions a clear mandate to request participation in risk assessments linked to new technologies or digital monitoring. What Are Your Rights – And What Are Management’s Obligations? 13

Law No. 10221, dated 4.2.2010,“On Protection from Discrimination”, as amended(hereafter Anti–Discrimination Law). Coverage: This law applies to employment, training, and working con­ ditions in both public and private sectors. It protects indi­ viduals against discrimination based on gender, race, eth­ nicity, colour, language, gender identity, sexual orientation, political, religious, or philosophical beliefs, economic sta­ tus, education, social origin, disability, age, family or mari­ tal status, civil status, residence, health, genetic predisposi­ tion, or affiliation with a group. → Art. 3–6 Define direct and indirect discrimination, harass­ ment, instruction to discriminate, and victimisation. → Art. 7–9 Prohibit discrimination in employment, including recruitment, promotion, pay, training, and working conditions. → Art. 33(1) Establishes reverse burden of proof: once the claimant presents facts suggesting discrimination, the burden shifts to the respondent(employer) to prove that no violation occurred. → Art. 32 Provides access to the Commissioner for Pro­ tection from Discrimination(CPD), an inde­ pendent authority empowered to investigate, mediate, and issue binding recommendations or fines.cruitment, promotion, pay, training, and working conditions. Relevance to digitalised workplaces: This law is directly useful when algorithmic systems or digital monitoring produce unequal treatment or profiling (for example, biased productivity scoring or unequal pro­ motion outcomes). The reverse burden of proof rule gives workers a procedural advantage, requiring the employer to demonstrate that an algorithm or monitoring tool does not discriminate. Unions can: → File collective or individual complaints with the CPD. → Use the reverse burden principle in litigation, arbitration, or grievance procedures. → Request data disclosure under the Data Protection Law (Art. 34–35) to substantiate claims of algorithmic bias. Sector–specific and public administration rules on ICT procurement and digital systems Coverage: Public sector institutions must follow specific proce­ dures when procuring or deploying digital systems, as defined in administrative regulations and the Public Procurement Law. These provisions ensure compliance with data protection, cybersecurity and transparency standards in all public contracts. Relevance to digitalised workplaces: → Contracts with technology providers must explicitly define responsibilities for data processing, retention and access. → Public bodies must ensure that any third–party ven­ dor complies with national data protection standards and that all systems include appropriate security measures. → Employees whose data are processed through such systems have the right to request information about the purpose, scope and technical functioning of the tools used. → Procurement rules promote accountability, ensuring that external service providers cannot process or transfer employee data beyond the agreed contractu­ al framework. These provisions are particularly important in public ad­ ministration, where large–scale digital systems handle sensitive personal data of employees and citizens alike. (2025–GovDocs) 14 Friedrich-Ebert-Stiftung e. V.

Union relevance Trade unions can use procurement transparency rules to request vendor accountability and prohibit unauthorized employee data transfer. EU–Derived instruments and international influences Coverage: While Albania is not yet a member of the European Union, its legal framework is strongly influenced by EU standards and international labour instruments. Relevance to digitalised workplaces: → The principles of the EU General Data Protection Regu­ lation(GDPR) underpin Albania’s data protection law, guiding lawful processing, transparency and individual control over personal data. → The forthcoming EU Artificial Intelligence Act introduces risk–based governance for AI systems, establishing obli­ gations for transparency, human oversight and non–dis­ crimination principles that Albanian policymakers and employers are increasingly adopting. → International instruments from the International Labour Organization(ILO) and the Council of Europe reinforce these standards, emphasizing the human–centred gov ­ ernance of technological change. These European and international developments create a dynamic regulatory context that encourages Albanian em­ ployers and trade unions to strengthen collective bargain­ ing, risk assessments and ethical safeguards around the use of digital technologies at work.(2016–GDPR)(2023– EUAiDiscourse)(2012–ILO) Union Relevance Unions can align bargaining demands with EU standards, reinforcing non–discrimination and transparency obligations for algorithmic tools. What Are Your Rights – And What Are Management’s Obligations? 15

4. The Checklists of Questions You Have a Right to Ask! You are not expected to be a technology expert in order to protect your rights at work. What matters is knowing which questions you are entitled to ask before a digital system is introduced and while it is in use. The following checklists translate existing legal rights into practical questions that workers and union representatives can use in discussions with management. Print these questions and keep them with you when preparing for, and meeting with, management about digital technologies. Their pur­ pose is to help ensure that existing laws and rights are properly respected in the introduction and use of digital systems at work. Usage Note: The questions below are designed to serve as a practical checklist for trade union representatives, employee coun­ cils and occupational health and safety committees. They can be used during negotiations, social dialogue or workplace inspections to ensure that digitalisation is im­ plemented responsibly. 16 Friedrich-Ebert-Stiftung e. V.

Questions you should ask prior to the introduction of new technologies … Checklist 1 → Has the employer consulted workers or their representatives before deciding to introduce the new technology? → What is the specific purpose of the digital technology and how does it support the ­organisation’s operational goals? → Has management evaluated alternative ­solutions that would achieve the same purpose with less collection of personal data? → Will the technology process personal, biometric, or location data and if so, why is this necessary? → Has a Data Protection Impact Assessment (DPIA) been conducted and were workers or their representatives consulted? → What types of data will be collected, ­ who will have access and how long will data be retained? → Will any automated or algorithmic decisions be made that affect shifts, pay, or performance evaluations? → How will human oversight be ensured in cases where automated decisions influence employment conditions? → Will the system involve a third–party provider and does the contract include data protection clauses? → Has the employer carried out a health and safety risk assessment on psychological and physical impacts? → What training and information will be provided to workers before the system becomes operational? → Labour Code Arts. 46–49 and Art. 200; OSH Law No. 10 237/2010 Arts. 14–16 → Law No. 124/2024 ­ On Personal Data Protection, Arts. 5–7 → Law No. 124/2024, Arts. 6–7 → Law No. 124/2024, Arts. 22–24 → Law No. 124/2024 Arts. 30–35, especially Art. 35 paragraph nine → Law No. 124/2024, Arts. 12–15 and 40–45 → Law No. 124/2024, Art. 25 → Law No. 124/2024, Art. 25(3) → Law No. 124/2024, Arts. 27–29; Government Procurement Rules (2025–GovDocs) → Law No. 10 237/2010 On Occupational Safety and Health, Arts. 5, 7, 8, 14–16 → Law No. 10 237/2010, Arts. 10–13; ILO Conven ­ tion No. 155(2012–ILO) → Request a consultation meet­ ing and written information on expected changes in work organisation or risks. → Ask management to ­clarify goals and opera­ tional rationale. → Request documentation of alternatives and data minimization analysis. → Verify justification and necessity of sensitive data collection. → Confirm participation or request inclusion in the DPIA process. → Seek detailed information on data types, access rights, and retention. → Request clarity on algorith­ mic impact and decision-­ making processes. → Confirm mechanisms for ­review and appeal of auto­ mated decisions. → Review contracts or request evidence of confidentiality measures. → Ensure the assessment ­includes psychosocial and ergonomic risks. → Request schedules and con­ tent of training sessions. The Checklists of Questions You Have a Right to Ask! 17

Questions you periodically should ask after the deployment of digital technologies … Checklist 2 → Is the system still being used for its original purpose, or has its function changed? → Has management reviewed or updated the DPIA to reflect changes in system functionality or data use? → Have there been any reported data breaches or security incidents, and were workers informed? → Are employees still informed about who has access to their personal data and under what conditions? → Does monitoring or data collection continue outside working hours, and is this justified? → Are procedures in place for workers to challenge or appeal automated decisions affecting employment? → Have health and safety reviews identified new risks related to stress, surveillance, or workload and what measures were taken? → Do algorithmic or monitoring systems produce unequal treatment between workers (e.g., gender, age, or status groups)? → Law No. 124/2024, Arts. 5–7 → Law No. 124/2024, Arts. 30–35 → Law No. 124/2024, Arts. 40–45 → Law No. 124/2024, Arts. 12–15 → Law No. 124/2024, Arts. 5–7; Industry Practice Report(2025–KPMG) → Law No. 124/2024, Art. 25(3) → Law No. 10 237/2010, Arts. 19–21 → 2010–Antidiscrimination Art. 7–9 and 33(1) → Has the employer provided proof that automated decisions do not result in discriminatory outcomes, as required under the reverse burden of proof principle? → Does management conduct regular joint reviews with worker representatives to evaluate digital tools’ impact? → Are all collected data securely stored, and are retention periods respected according to declared purposes? → Has the organisation provided updates or refresher training to ensure understanding of technology and data protection? → 2010–Antidiscrimination Art. 33(1) → Labour Code(1995), Arts. 46–49 and 200 → Law No. 124/2024, Arts. 12–15 and 40–45 → Law No. 10 237/2010, Arts. 10–13; ILO Conven ­ tion No. 155(2012–ILO) → Monitor actual usage and report any deviations from original purpose. → Request updated DPIA and involvement in review. → Verify reporting procedures and transparency of incident communication. → Ensure ongoing access awareness and regular updates. → Evaluate proportionality and legality of off-hours monitoring. → Confirm existence and accessibility of appeal mechanisms. → Verify risk mitigation steps and follow-up actions. → If disparities appear, request disclosure of system logic and file a complaint to the Commissioner for Protection from Discrimination or initi­ ate collective bargaining on corrective measures. → Invoke the reverse burden clause to require documenta­ tion showing that the system is neutral and compliant. → Participate in review meetings and document outcomes. → Inspect storage protocols and retention compliance. → Confirm ongoing training and awareness programs. 18 Friedrich-Ebert-Stiftung e. V.

5. Filling the Gaps – Bargaining Topic Suggestions Below are concrete bargaining topics that Albanian work­ ers and their representatives may propose in collective bargaining, workplace agreements or consultation proto­ cols when digital technologies are present. They map di­ rectly onto existing law. The items reflect obligations and rights in the Data Protection Law, the Labour Code, and OSH rules, so they are defensible in negotiations and in complaints to regulators(2024–IDP; 1995–LabourCode; 2010–OSH). They respond to real risks observed in Albani ­ an workplaces, such as biometric attendance, GPS track­ ing in delivery work, desktop monitoring in outsourcing and vendor–controlled algorithms. They give unions con­ crete leverage. Rather than abstract demands, they create measurable employer duties that can be documented, au­ dited and enforced. → Written Purpose and Scope Clause for Monitoring Systems → Joint Data Protection Impact ­Assessment(DPIA) and Consul­ tation on Mitigations → Limits on Location Tracking and Off–Hours Data Collection → Access and Data Portability Rights in Workplace Disputes → Human Review and Appeal Procedure for Automated De­cisions → Transparency and Account­ ability of Third-Party Vendors → Limits on Biometric Processing for Routine Tasks → Employers must provide a written statement at least 14 days before installation of any monitoring or digital management system. The statement must define the system’s purpose, scope, data types collected, retention period and legal basis. Any change in purpose requires prior written notice and consultation with worker representatives.(2024–IDP) → Before procuring or introducing high–risk technologies such as bio­ metric or algorithmic systems, employers must conduct a DPIA jointly with worker representatives. The DPIA must include risk identification, agreed mitigation measures and be shared in full at least seven days before deployment.(2024–IDP; 2010–OSH) → For roles involving mobile or sensor–based apps, tracking must be limited strictly to working hours. Technical safeguards must prevent data collection outside those periods, except in emergencies or with explicit, time–bound consent.(2024–IDP) → Workers and their authorised representatives have the right to obtain any personal or performance–related data used in disciplinary or evaluation processes. Employers must provide access within five working days of a written request.(1995–LabourCode; 2024–IDP) → No sanction, pay adjustment, or evaluation outcome may rely solely on automated decision–making. Employees must have the right to request a human review, and employers must provide written reasoning within ten working days.(2024–IDP) → Contracts with vendors or software providers must include clauses defining data–processing responsibilities, retention limits, and security standards. Vendors must disclose algorithmic functions, audit logs, and agree to independent audits when requested. Export or resale of employee data is prohibited without explicit consent and safeguards. (2025–GovDocs; 2024–IDP) → Biometric identifiers such as fingerprints or facial scans may only be used where strictly necessary for safety or access control. Less intrusive alternatives must be preferred. Data retention must be time–limited and biometric data must be securely destroyed after purpose completion.(2025–KPMG; 2024–IDP) Filling the Gaps – Bargaining Topic Suggestions 19

→ Joint Occupational Health Reviews for Psychosocial Impacts → Audit Rights and Periodic Joint Reviews → Training and Upskilling Guar­ antees When Systems Change Job Content → Employers and worker representatives must jointly review psychosocial risks arising from continuous monitoring, remote work, or algorithmic management at least once per year. The review must include measurable follow–up actions to reduce stress, burnout and digital fatigue.(2010–OSH; 2012–ILO) → Unions or employee councils have the right to request independent audits of digital systems every twelve months, funded by the employer or through a jointly agreed mechanism. Quarterly meetings should be held to review audit results, system impacts and compliance with data–protection obligations.(2024–IDP) → When new technologies alter job roles or skill requirements, employers must provide paid training or redeployment opportunities before implementation. Training plans must be discussed with worker representatives during procurement or system design.(1995–LabourCode; 2025–GovDocs) These bargaining topics are drafted to go beyond mini­ mal legal compliance, and to provide enforceable work­ place protections that address common risks from digi­ tal systems. Albanian collective agreements rarely cover these topics. Including them would modernise bargain­ ing practice and align labour relations with European digital standards. 20 Friedrich-Ebert-Stiftung e. V.

6. Summary Reflections If you remember only one thing from this report, remem­ ber this: digital systems do not remove your rights- they give you new reasons to use them! State of play in Albania Albania has recently updated its data protection frame­ work to align more closely with EU standards, strength­ ening individual rights and increasing the obligations of data controllers in both public and private sectors. The Labour Code and OSH rules provide general protections but rarely address modern algorithmic management in explicit terms. This results in a legal environment where data protection law strongly constrains processing of per­ sonal data, while labour law and OSH provisions provide complementary but sometimes underused protections for dignity and psychosocial risk. Main gaps and challenges for workers and unions → Limited practice of worker consultation on technologi­ cal procurements, especially in smaller private em­ ployers. This gap creates a risk that rights established in the Labour Code and embedded in data protection and OSH rules are not operationalised in workplaces. → Enforcement resources and awareness remain uneven, making it difficult for workers to exercise DPIA related rights, to access raw data used in decisions, or to se­ cure joint risk assessments. → The platform economy and algorithmic task alloca­ tion create transparency gaps when vendors control operational details and data storage. Collective bar­ gaining and contractual clauses can address these gaps. → Psychosocial and mental health effects from digital monitoring should be recognised as occupational hazards. → Establish a tripartite mechanism with government, unions and employers to monitor digital transforma­ tion. → Use the Anti–Discrimination Law’s reverse burden of proof as a procedural safeguard when algorithmic or data–driven systems produce unequal impacts. The Commissioner for Protection from Discrimination can become a key ally in ensuring fairness in digital work­ places. Conclusion Albania’s legal framework already provides the tools to protect workers. The next step is for trade unions to use these tools proactively through consultation, collective bargaining and training. By doing so, unions will ensure that technology supports decent work rather than under­ mines it. Paths forward and practical recommendations → Unions and federations can organise workshops on data protection and digitalisation to build the capaci­ ties of their members. → Unions should use data protection obligations to de­ mand DPIA access and vendor transparency. Summary Reflections 21

7. Annex – Links to the Laws Covered → Law No. 124/2024 –“Law for the protection of personal data” Official text on the Albanian legal archive(ELI/ QBZ): https://qbz.gov.al/eli/ligj/2024/12/19/124/921d3810–ab2a– 4e45–bdca–bef3a84b2721(Legislation info page for Ligj nr. 124/2024, Për mbrojtjen e të dhënave personale) → Labour Code of the Republic of Albania(1995)— as amended – Official reference listing(QBZ/ Official Publishing Center): https://qbz.gov.al/preview/c1c18a6c–5f3e–457d– b931–de505b3c7ed0(Preview of Kodi i Punës) – Unofficial consolidated reference(WIPO Lex)— includes the 1995 base text and amendments up to 2015 at least: https://www.wipo.int/wipolex/en/legislation/details/20982 (WIPO Lex database entry for Labour Code, Republic of Albania ) Note: Albania’s Labour Code has been amended multiple times (e.g., 2003, 2008, 2016, and likely 2024 changes). The official central database(QBZ) should reflect consolidated updates; for older consolidated texts, WIPO Lex provides archived legal texts. → Law No. 10 237/2010 –“On Occupational Safety and Health” – The official PDF as published in the Albanian Official Gazette(Fletorja Zyrtare, https://qbz.gov.al/share/­ pMIl4WphTpiu0C3IoWQkvg(Official Publishing Center) – State Labour Inspectorate legislation index(lists Law ­ No. 10 237/2010): https://www.ilo.org/sites/default/files/ wcmsp5/groups/public/@ed_protect/@protrav/@safework/ documents/policy/wcms_187886.pdf(Inspektoriati Shtetëror i Punës legislative list including Ligji Nr. 10.237, dt. 18.02.2010, Për Sigurinë dhe Shëndetin në Punë) This page is published by the official State Labour Inspec­ torate, which administers implementation of workplace safety law, and links to the law and sub–legal acts(regula­ tions approved by the Council of Ministers). → Law No. 10 221/2010 –“On Protection from Discrimination” Unofficial English PDF(original Albanian anti–discrimina­ tion law text): https://rm.coe.int/lmd–updated–version– english–translation/1680a0c1fc(Council of Europe PDF of Law No. 10 221, dated 4.2.2010) This PDF includes an English translation. For the Albanian original , official publication is available via the Official Ga­ zette and QBZ; you can search by law number and date there: https://qbz.gov.al/ → EU General Data Protection Regulation(GDPR) Official EU legislative text(EUR–Lex): https://eur–lex.eu­ ropa.eu/legal–content/EN/TXT/?uri=CELEX­ %3A32016R0679(Regulation(EU) 2016/679 – GDPR) 22 Friedrich-Ebert-Stiftung e. V.

8. Glossary List This glossary explains recurring terms and concepts used throughout the country chapters. It is intended to support workers and union representatives in quickly understanding technical, legal, and managerial language commonly used in discussions about digitalised workplaces. A Algorithmic management The use of software systems and algorithms to allocate tasks, evaluate performance, de­ termine pay, schedule work, or discipline workers, often with limited transparency or human oversight. Artificial intelligence(AI) Computer-based systems de­ signed to perform tasks that typically require human judg­ ment, such as decision-making, pattern recognition, predic­ tion, or classification. In workplaces, AI is increasingly used in recruitment, performance management, surveillance, and automation. AI systems(Artificial Intelligence systems) An AI system is a type of digital system that uses computational meth­ ods such as machine learning, statistical models, or rulebased algorithms to generate outputs including predic­ tions, classifications, recommendations, or decisions based on input data. AI systems are used in some workplaces for tasks such as recruitment screening, performance scoring, task allocation, or pattern recognition. AI systems are digi­ tal systems that use algorithmic models to generate out­ puts from data. Automated decision-making(ADM) Decisions affecting workers that are made wholly or primarily by digital sys­ tems, with minimal or no human intervention, for example in hiring, scheduling, performance scoring, or dismissal. B Biometric data/ biometric systems Personal data based on physical or behavioural characteristics, such as finger­ prints, facial images, iris scans, or voice patterns, used to identify or authenticate workers, often for attendance, ac­ cess control, or monitoring. C Collective bargaining Negotiations between workers’ or­ ganisations and employers to determine working condi­ tions, rights, and obligations. In the context of digitalisa­ tion, collective bargaining is used to regulate technology use where law is absent, weak, or insufficient. Consultation and worker participation Legal or collective­ ly agreed processes requiring employers to inform and in­ volve workers or their representatives before introducing technological, organisational, or operational changes that affect working conditions. D Data Any representation of information, facts, or concepts in a form capable of being processed by a computer system. Data Fiduciary/ Controller The entity(usually the em­ ployer) that decides how and why personal data is pro­ cessed and bears the legal responsibility for its protection. Data Minimisation The principle that only the data strictly necessary for a specific, stated purpose should be collected and used. Data protection Rules and principles governing how infor­ mation relating to an identifiable person is collected, stored, used, shared, and retained. In workplaces, this in­ cludes amongst others attendance data, location data, per­ formance metrics, and biometric information. Data Protection Impact Assessment(DPIA) A structured assessment required in many jurisdictions before introduc­ ing high-risk data-processing systems. It evaluates risks to workers’ rights and freedoms. Digital labour platforms/ platform work Work mediated through digital applications or online platforms that allo­ cate tasks, manage performance, and process payment, of­ ten using algorithmic systems. Examples include ride-hail­ ing, delivery, and online outsourcing. Digital technologies Digital technologies are electronic tools, devices, software, and data-processing applications that create, collect, store, transmit, or analyse digital data. In workplaces, this includes items such as computers, mo­ bile devices, biometric scanners, cameras, GPS devices, software applications, platforms, and databases. These technologies generate and process data that can be used in organising, monitoring, or managing work. Digital tech­ nologies are the individual electronic tools and applica­ tions. Glossary List 23

Digital systems A digital system is an arrangement of multiple digital technologies that operate together to col­ lect data, process it according to defined rules or instruc­ tions, and produce outputs. A digital system may include hardware, software, data storage, and interfaces used by managers or workers. The system refers to the combined operation of these components rather than any single de­ vice or application. Digital systems are combinations of digital technologies working together. Digital surveillance/ worker monitoring The use of digital tools to observe, record, or analyse workers’ activities, move­ ments, communications, or performance, including CCTV, GPS tracking, keystroke logging, and screen monitoring. E Enforcement gaps The disconnect between formal legal rights and their real-world application, often due to weak oversight, delayed remedies, limited access to regulators, or reliance on individual complaints. F Function creep The gradual expansion of a technology’s use beyond its original stated purpose, for example when security or attendance systems are later used for perfor­ mance evaluation or discipline. H Human oversight The requirement that automated or AI-driven systems remain subject to meaningful human re­ view, judgment, and accountability, particularly when deci­ sions affect workers’ rights or livelihoods. I Informational asymmetry A power imbalance in which employers control access to information, data, and system logic, while workers lack insight into how technologies op­ erate or how decisions are made. O Occupational safety and health(OSH) Legal and organisa­ tional obligations to protect workers’ physical and mental well-being at work, including risks arising from stress, work intensification, constant monitoring, or technological change. P Platform worker classification The legal determination of whether platform workers are treated as employees, self-­employed, or a separate category, which affects ac­ cess to labour rights, social protection, and collective bar­ gaining. Power asymmetry An imbalance of authority and control between management and workers, intensified in digital­ ised workplaces through surveillance, data extraction, and algorithmic control. Purpose limitation A core data-protection principle requir­ ing that data collected for one specific purpose (e.g. security) not be reused for incompatible purposes (e.g. discipline or productivity scoring) without justification and consultation. R Right to explanation/ transparency The principle that workers should receive clear, accessible information about what data are collected about them, how technologies function, and how decisions affecting them are made. Right to disconnect The right of workers to be free from work-related digital communication and monitoring out­ side working hours, protecting rest time and work-life boundaries. Risk assessment An evaluation of potential harms associ­ ated with introducing new technologies, including impacts on privacy, health, equality, workload, and job security. S Surveillance capitalism/ data extraction A model in which value is generated by collecting and analysing large amounts of behavioural data, increasingly applied within workplaces through digital management systems. W Worker dignity and autonomy Foundational labour princi­ ples recognising workers as rights-bearing individuals, not merely data points or inputs, requiring limits on intrusive monitoring and automated control. 24 Friedrich-Ebert-Stiftung e. V.

About the author Gertjana Hasalla , MSc., Albanian Center for Population and Development, ACPD, Centre for Labour Rights, CLR

Negotiating Digitalised Workplaces – Rights and Obligations This series of country studies – encompassing to date Albania, Brasil, ­India, Ireland, Kenya, South Korea, and Uruguay – highlights the institu­ tional power resources of workers to shape the digitalisation of work­ places. By knowing rights, laws and labour market agreements, workers and trade unions can henceforth better claim their rights and negotiate working conditions when digital technologies are introduced and used. Further information on this topic can be found here: ↗ fes.de/lnk/negodigirights , illustration, Title photo r area icon or colou