Vol. 10 No. 7 (July 2000) pp. 440-443.

PRIVACY AND EMPLOYMENT LAW by John D. R. Craig. Oxford, United Kingdom: Hart Publishing Co., 1999. 291pp. Cloth $54.00. ISBN 1-84113-059-1.

Reviewed by Colin J. Bennett, Department of Political Science, University of Victoria, British Columbia.

A spate of books on privacy protection has been published in recent years. Motivated by the heightened awareness of privacy problems as a result of the dramatic impact of the Internet on our lives, most of these books are quite polemical. In the final analysis most of them add little to the debate about how the collection, use and disclosure of personal information might be stemmed given rapid and pervasive technological advances. For many years, serious scholarship on the issue has been overshadowed by analysis of the most recent forms of privacy intrusion and by dire warnings about the advent of the "Big Brother" or "Surveillance" state.

In this context, a thorough and comparative analysis of the theory and practice of privacy protection in the workplace is a welcome addition to the literature. Now practicing law in Toronto, John Craig initially wrote this work as doctoral thesis at Oxford. He brings an interest and experience in labour law and human rights to tackle the central question of how to "develop legal principles for the protection of workers' privacy rights." He addresses this question through a comparison of the laws and policies of the United States, France, and Canada, and with reference to two extensive case studies of drug-testing and genetic testing. Reflecting his British training (and publisher), the book's other purpose is to draw some lessons about the emerging law of workplace privacy in the United Kingdom.

After a curious Introduction that briefly describes the evolution of labour and human rights law in the United Kingdom, the second chapter provides a useful review of the development of the right to privacy in Western societies, and an analysis of some of the major attempts to provide some conceptual clarity to this broad and amorphous value. Distinctions between the various "zones" of privacy (personal, territorial, and informational) are also drawn. However, like other privacy scholars, Craig is ultimately persuaded that a "functional" approach will be more useful for his purposes. This approach "focuses not on exhaustively defining the right, but rather on identifying the private interests protected by the right which are implicated in a particular context" (p. 34).

Chapter Three provides a valuable contribution to the literature by examining privacy protection from the perspective of three schools of thought that have emerged from the literature on labour law. Craig is insistent that "any discussion of workplace privacy as a legal issue must begin with an appreciation of the important socio-economic functions of labour law" (p. 41). In the "collective laissez-faire" approach, freedom of contract between labour and management should be respected to the fullest extent possible. Therefore, judicial

Page 441 begins here

and legislative interference should be discouraged unless collective representation is unlikely to yield industrial justice or stability. In the "market individualism" approach, by contrast, state interference should be avoided in the belief that the deregulation of labour markets is a means to reduce the costs of labour and promote employment and economic development. The "floor-of rights" approach calls for the enactment of basic rights and standards for the benefit of all employees, in the belief that positive economic benefits may flow from guaranteed employment rights.

Craig then reviews the employment privacy laws of the United States, France and Canada in the next three chapters. He reaches some overall conclusions about the trends in national workplace privacy law with reference to this broad framework. The reviews of the constitutional, statutory and common law provisions that shape employment privacy law in these countries are generally quite interesting. This is, however, an enormous body of law. Those who are familiar with the intricacies of particular surveillance practices might be disappointed by the somewhat superficial treatment of some court cases and legislation. In my judgment, this sacrifice of detail is a price worth paying for a sustained comparative analysis according to a common framework.

Not surprisingly, Craig finds American law increasingly motivated by market individualistic tendencies, notwithstanding a more protective "floor of rights" approach to workplace privacy in California. French workplace privacy law flows from an elaborate structure of rights contained in the Civil Code, the Labour Code and the comprehensive information privacy law, overseen by the Commission Nationale de L'Informatique et Libert‚s (CNIL). French law provides a "relatively coherent and comprehensive 'floor' of privacy for candidates/employees in both the public and private sectors" (p. 106). With regard to Canada, Craig concludes that labour law in general is still tied to the "collective laissez-faire" model, but finds a wide variation in workplace privacy protections depending on the jurisdiction, and whether the employer is a public or a private body. The trend, however, is towards a growing body of privacy protective measures for both public and private sectors.

Despite national differences, Craig does discern an overall process of policy convergence exemplified by the flurry of privacy legislation, based on increasingly common principles. However, I wanted a more extensive discussion of the various dimensions and explanations for this convergence. A very interesting thesis about the dynamics of "trading up" employment privacy law under pressure from those countries with higher standards required, I think, a lengthier treatment, and one suitable for an overall conclusion to the book.

Instead, Craig chooses to present seven legal principles that he hopes constitute a "best practice" model for the development of privacy rights in the workplace, and which emerge, he insists, from his empirical examination of the extant laws in the U. S., France and Canada, rather than from abstract theorizing. These principles relate to the scope of application of the right to privacy, to the reconciliation of competing interests and to the procedural safeguards necessary to protect informational privacy interests. Craig has thus expanded the traditional enumeration of "fair information principles" (which appear

Page 442 begins here

only in his Principle 7) to embrace a wider set of substantive concerns.

For example, he suggests a comprehensive application of privacy safeguards regardless of sector, and regardless of whether one is talking about an existing employee or a job candidate (Principle 1). He insists on a "floor of rights" approach, preventing either employers or employees to contract out of the right to privacy (Principle 2). Any employer that wants to limit employee privacy rights must advance a "substantial interest related to a legitimate management concern" (Principle 3). The protection of the health and safety of employees, consumers or the public constitutes the requirement of being both legitimate and substantial (Principle 4). The economic interests of the employer generally do not, however (Principle 5). Where an employer is able to advance a legitimate interest sufficient to limit privacy, the least restrictive or invasive means of accomplishing that interest should be adopted (Principle 6). In practice, this means "individualising" the intrusion on the basis of a reasonable suspicion, or "probable cause," rationale.

These principles provide a useful framework for his analysis of drug testing in Chapter 8, and genetic testing in Chapter 9. Not surprisingly, his analysis yields a set of conclusions about employment drug testing that would make this practice very rare, and only acceptable if: 1.) there is a safety justification; 2.) the process if individualized (because there is an impossibility of supervision), or there is probable cause; 3.) there are no reasonable alternative technologies; and 4.) the employer has guaranteed the full range of procedural and other safeguards. In practice, he recognizes that the imposition of these standards would perhaps result in the end of employment drug testing altogether. Genetic testing, on the other hand, he would prohibit altogether, unless candidates or employees choose to participate voluntarily.

This is a very valuable contribution to the privacy literature. It is well researched and argued. It comes with useful tables of relevant cases and statutes, a valuable glossary of terms and a thorough bibliography. Craig has also invested considerable time in understanding and explaining drug-testing and genetic-testing technologies in lucid and approachable terms. A more thorough introduction to the book, however, might have provided a better overview of the range of other intrusive practices currently employed in the workplace. His conclusions might anger those who currently engage in employment testing, and those who develop and market these technologies to business. But the privacy community (including advocates, commissioners and regulators) will find his arguments eminently sensible and may be able to use his research as ammunition in their own battles against surveillance in the workplace.

My main criticism relates to the organization of the work. Both the first and last chapters are exclusively about Britain. This suggests that his primary purpose is to draw lessons about the emerging law of workplace privacy in the United Kingdom. In the first place, the laws of the other three countries seem to be in an equal state of flux, and just as likely to be influenced by British developments as vice versa. Secondly, this emphasis makes the book of less interest to the non-British reader. He may have been better advised to incorporate the United Kingdom into his comparative framework and include the British chapter in the middle of the book. A more conclusive

Page 443 begins here

final chapter could then have explored in greater detail the interesting hypotheses about convergence and divergence, and about the "trading-up" of workplace privacy standards around the world. This more fundamental revision of his doctoral thesis would obviously have taken more time and effort, but I think it would have produced a seminal, rather than a valuable, book about employment privacy.


Copyright 2000 by the author, Colin J. Bennett.