Employee Health Data in European Law: Privacy is (not) an Option?

Lena Enqvist, Yana Litins'ka

Research output: Contribution to journalArticlepeer-review


While there are many feasible reasons for employers to process employee health data, the protection of such data is a fundamental issue for ensuring employee rights to privacy in the workplace. The sharing of health data within workplaces can lead to various consequences, such as losing a sense of privacy, stigmatisation, job insecurity and social dumping. At the European level, the Convention for the Protection of Human Rights and Fundamental Freedoms (ECHR) and EU General Data Protection Regulation (GDPR)–two interconnected instruments–offer the most enforceable protection of employee health data. The article analyses the limits of employees’ right to privacy regarding health data, as delineated by the ECHR and GDPR. Using three fictive examples, we illustrate how the level of protection differs in these two instruments. In particular, we show that the protection of health data offered by the GDPR is seen as an objective act of processing at the time it is carried out, where the actual impact caused by the processing on private life is not considered. On the contrary, the ECHR’s applicability and offered level of protection in the employment context depend on subjective factors, such as the consequences of sharing the data.
Original languageEnglish
Pages (from-to)40-66
Number of pages27
JournalNordic Journal of European Law
Issue number1
Publication statusPublished - 2022 Aug 31

Subject classification (UKÄ)

  • Law

Free keywords

  • Human rights
  • Public law
  • GDPR
  • European Convention on Human Rights (echr)
  • Right to privacy
  • Employee
  • Medical law
  • Health data
  • Infectious disease
  • Infectious disease control
  • Mental health
  • Data processing
  • Data protection


Dive into the research topics of 'Employee Health Data in European Law: Privacy is (not) an Option?'. Together they form a unique fingerprint.

Cite this