Abstract
The use of in-body wearable devices is increasing in the healthcare sector, given their capacity to diagnose diseases and monitor health conditions. At the same time, some of these devices have entered the market and are being researched for use in workplace settings to enhance workers’ health and safety. However, neither specific EU legislation nor national law currently regulates the use of in-body wearables in employment, raising questions about the safeguarding of workers’ fundamental rights to privacy and data protection. Addressing the challenges posed by this regulatory gap, this article explores whether the European legislative framework employed in the healthcare sector for medical devices could be applied to the use of in-body wearables in employment settings. It also discusses the application of a key principle of the General Data Protection Regulation when in-body wearables are used in the workplace: lawfulness.
Introduction
Research into and the commercialisation of in-body wearable devices is no longer a prerogative of the healthcare sector. Manufacturers, businesses and researchers are beginning to explore the potential for cross-fertilisation between the healthcare and employment settings, given the capacity of these devices to protect workers’ health and safety by preventing occupational accidents and diseases. 3 In-body wearables can be applied to the skin, inserted through the skin, or placed inside the human body. They incorporate a wide range of (bio-)sensors that can measure and monitor diverse physiological parameters and as such, present potential solutions for (remote) continuous real-time health and safety monitoring in an occupational context. 4 While initially developed for use in healthcare 5 and classified as medical devices under the EU Medical Device Regulation, some of these devices (e.g., the ingestible pill BodyCAP 6 and the Equivital eq02+ LifeMonitor 7 ) are now being considered for use in the workplace for occupational health and safety (OHS) reasons. 8
At present, no specific EU legislation regulates the use of in-body wearables in employment, irrespective of the purpose for which they are introduced (e.g., OHS, surveillance, etc.). Some EU Member States - notably, France and Portugal - have started addressing the risks posed by digital technologies through national rules on the processing of workers’ biometric data (e.g., fingerprints) for access control. 9 However, currently, no national legislation regulates in-body wearables.
This article seeks to address the challenges posed by this regulatory gap by exploring whether the European legislative framework governing medical devices in the healthcare sector could be applied to regulate the use of in-body wearables in the workplace, and by examining how the EU data protection framework could be used as a (complementary) regulatory tool in this context too. While acknowledging the broad range of data protection challenges introduced by the use of these devices in the workplace, the analysis specifically focuses on the application of the principle of lawfulness as laid down in the General Data Protection Regulation (GDPR). 10 This aspect is crucial as in-body wearables collect, store, and transmit highly sensitive personal data and health information, and may become vulnerable to unauthorised access, improper disclosure, data theft, or data loss. Given the novelty of this topic, the article adopts a descriptive approach to illustrate the breadth and depth of the infiltration of in-body wearable technology into the field of employment, showcasing the application of these devices in the protection of workers’ health and safety and the challenges for workers’ fundamental rights.
The use of in-body wearables in healthcare and employment: what are they and how do they function?
In-body wearables are smart, electronic devices that can be applied to the surface of the skin, either stuck to it or tattooed onto it (electronic epidermal wearables), placed through/underneath the skin (electronic transdermal wearables), or inserted into the human body (implantable/ingestible). 11 Some are inserted into the human body through a clinical procedure (e.g., wearable insulin pumps, cardiac pacemakers).
In-body wearables can sense and measure various physiological (e.g., heart rate, body temperature, blood pressure) and bio-mechanical (e.g., movement, posture) parameters. 12 The raw data collected is typically transferred wirelessly (e.g., through Bluetooth, RFID, NFC) 13 to gateway devices, where it is analysed and displayed in applications installed on smartphones, tablets, and laptops. Data is then usually transferred to a remote server (cloud). 14
Diverse techniques are used to process the data, either in the wearable device itself, in the gateway device, or in the cloud. Algorithms can be used to analyse data in real-time or after downloading. For example, microneedles continuously monitor glucose levels through a transdermal patch that can be combined with an analysis app and subsequently with an insulin pump that releases the required doses of insulin. The latter are determined using an algorithm. 15 Imaging ingestible pills can transmit images to a mobile device, which then classifies lesions of the gastrointestinal tract using an algorithm. 16
The data analysis results can be displayed in various ways. Visual representations (e.g., graphs) can be displayed on the connected smartphone (e.g., blood sugar trends in the case of transdermal glucose monitoring with microneedles), and reports can be created and displayed on a web-based interface or dashboard accessible to third parties, such as healthcare professionals or health and safety personnel in an industrial context. 17 Therapeutic action can also be triggered, like the release of the required doses of insulin or the setting off of alarms (e.g., if the core body temperature of a patient/worker exceeds the set threshold).
Given their increasing capacity to monitor individual health conditions and (early) detect and treat diseases, research into and the commercialisation of in-body wearables are permeating the healthcare industry. Examples include electronic epidermal wearables like dermal patches and temporary smart tattoos (also called e-skin or e-tattoos). These are ultra-thin, stretchable, and flexible products applied directly to the skin, which can more accurately, non-invasively and continuously monitor physiological parameters (e.g., a diabetic's perspiration rate, with sensors that measure glucose levels in the patient’s sweat). 18 By doing so, these devices can monitor an individual's condition and trigger therapeutic action (e.g., neurostimulation). 19 Electronic transdermal wearables also include devices like microneedles that perforate the skin and continuously monitor glucose concentration in the interstitial fluid. 20 When combined with an insulin pump connected to the device, the required doses of insulin can be released automatically. 21
Implantable electronic devices, such as cardioverter defibrillators and deep brain stimulators, are not a novelty in the healthcare industry. 22 However, technological progress has not stopped there. Scientific and clinical research is underway into microchips that can be inserted into human body tissues to measure their oxygen levels, which could be relevant for the prognosis of several conditions (e.g., cancer and cardiovascular disorders). 23 Ingestible pill-size sensors are also emerging in the field of sensor technologies, and the market for them is growing rapidly. 24 These wearable biosensors can assist in diagnosing (gastrointestinal) diseases and monitor an individual's condition by measuring physiological parameters such as pH and core body temperature. They can trigger therapeutic action, such as targeted drug release. Depending on the type of sensors they incorporate, ingestible pills can have multiple applications, from measuring physiological parameters to taking images of internal organs (e.g., the oesophagus). 25
Some in-body wearables have already been considered for use in the workplace for occupational health and safety. 26 For instance, temperature-sensing pills can monitor workers’ body core temperature remotely in real-time, and alert workers and OHS professionals/line managers in cases of hyperthermia or hypothermia. These features can assist employers in preventing heat-related disorders. In this regard, a number of studies have explored the use of such ingestible pills to measure and monitor the core body temperature of workers exposed to extreme temperatures, such as firefighters, 27 soldiers, divers, and astronauts. 28 Commercially available temperature-sensing capsules have also been used to measure and assess heat stress in soldiers and athletes. 29
Furthermore, some scholars have begun to acknowledge the potential use of electronic epidermal wearables in OHS, 30 and the European Agency for Occupational Health and Safety (EU-OSHA) has recently classified these devices as a newly emerging category of wearables. 31 In this context, research has explored the use of electronic epidermal wearables, such as skin patches, to monitor firefighters’ skin temperature and possibly prevent occupational risks, such as heat stroke or even death. 32 Additionally, some epidermal patches are already available on the market for use in industries with harsh working conditions due to extreme temperatures. (e.g., construction, oil and gas, emergency personnel, soldiers, etc.). 33
In-body wearables as medical devices under EU law
As shown above, some in-body wearables have been initially developed for use in healthcare and qualified as medical devices under EU law (e.g., devices used for the management of cardiac rhythm or smart insulin pumps). This section outlines the EU regulatory approach to products qualified as medical devices and discusses its relevance for in-body wearables.
Which in-body wearables qualify as medical devices?
The term ‘medical device’ covers a broad range of products that prevent, diagnose, monitor, treat, and care for people. According to MedTech Europe data, more than 500,000 medical devices (20,000 generic groups) are currently available on the market. Devices typically have a short lifecycle of 18–24 months before an improved product is developed. 34
The core EU legislative framework on medical devices consists of two Regulations, supplemented by implementing legislation and complemented by guidance documents and industry self-regulation. The Medical Devices Regulation (MDR) has been in force since 26 May 2021 35 and the In Vitro Diagnostic Medical Devices Regulation (IVMDR) since 26 May 2022. 36
Article 2(1) MDR defines ‘medical devices’ with emphasis on the specific medical purposes intended by the manufacturer. Accordingly, the term medical purpose may include the diagnosis, prevention, monitoring, prediction, prognosis, treatment, or alleviation of disease, and the diagnosis, monitoring, treatment, alleviation of, or compensation for, an injury or disability. Such products qualify as medical devices only if they do not achieve their principal intended action by pharmacological, immunological, or metabolic means, in or on the human body (although they may be assisted in their function by such means).
Interpretation of the term medical is crucial in determining whether an in-body wearable qualifies as (part of) a medical device or an in vitro device. The Court of Justice of the European Union (CJEU) has set two cumulative conditions for a device to qualify as medical: (1) a medical context and (2) a medical purpose, that is, an intended purpose specified by the manufacturer as medical. 37 The CJEU has not provided a definition for medical context, which remains open for interpretation.
When it comes to medical purpose, Article 2(1) MDR provides an exhaustive list. If the intended purpose, as specified by the manufacturer, is included in this list, then the product will qualify as a medical device; otherwise, it will not. Similarly, a product must have an intended medical purpose in order for it to qualify as a device under the IVDMR. Examples include wearable patches for transdermal drug delivery and eyeglasses-based wireless chemical-sensing platforms that can monitor sweat electrolytes and metabolites in real time. 38
Notably, wearables the use of which is intended by the manufacturer solely for lifestyle, wellness and/or self-enhancement purposes, like Fitbit and similar commercial products, will not qualify as medical devices in the absence of a medical purpose. Therefore, the safety, performance, and quality standards set out in the MDR will not apply to these products as the intended use is not covered by any of the medical purposes listed in Article 2(1) MDR.
In the absence of specialised legislation, such products are subject to general product safety legislation. Notably, they come under the scope of the EU Regulation on general product safety (which applies from 13 December 2024) 39 , and the EU Regulation on market surveillance and compliance of products 40 once they are placed on the EU market. However, while these Regulations set some basic requirements for product safety, it remains unclear what would happen if data collected by such commercial, non-medical wearables were subsequently used as input into a medical device or in vitro device. Arguably, the end user of the data – e.g., a medical professional or, potentially, an employer - would have to prove that the input provided by the non-medical wearable met the standards for medical grade use. 41 As the end user of the data is usually not the manufacturer of the non-medical wearable collecting the input, this might pose technical and legal challenges.
An important question is also how to determine whether a particular piece of software qualifies as a medical device and should be regulated as such. 42 Again, the presence of a medical purpose is decisive. 43 Software might qualify as a medical device regardless of its location (e.g., whether operating on a mobile phone, on a computer, or in the cloud). Software may sometimes qualify as a component of, or an accessory for, a medical device. The latter is intended by the manufacturer to be used together with a medical device to specifically enable its intended use or directly assist its medical functionality. 44 However, not all software used in healthcare qualifies as a medical device (e.g., electronic patient health records that merely replace paper-based files will not qualify as such). 45
EU regulatory objectives in the medical devices sector: safety, performance, quality
The EU legislative framework on medical devices aims to ensure the free movement of such devices as goods in the internal market while simultaneously protecting public health and safety. Legislative harmonisation has focused on product safety, performance, and quality requirements. Notified bodies designated and accredited by the Member States assess product conformity with these requirements and are involved in post-market surveillance. 46 Devices that pass the conformity assessment get a CE marking, which enables them to move freely within the internal market, be purchased, and put into function. 47
The MDR stipulates a risk-based classification of medical devices. The intended medical purpose set by the manufacturer and the risks posed to patients, users, and the public's health are decisive in the classification process. An accessory for a medical device and a software function that is independent of any other device are classified in their own right. If the software is incorporated into a medical device, then it takes the classification of that device. 48 The risk-based classification determines most pre- and post-market requirements.
Pursuant to the risk-based classification approach, the MDR provides for four categories of medical devices. The low-risk devices are assigned to Class I, the medium-risk devices to Class IIa (low-medium risk) and Class IIb (medium-high risk), and the highest-risk products to Class III. 49 Class I products may be placed on the market based on the manufacturer's self-declaration of conformity with the essential safety and performance requirements (self-certification). Class II (a and b) and Class III devices must pass a conformity assessment carried out by a notified body. Class III devices must additionally undergo human clinical investigations. When assessing certain Class III devices, notified bodies must request the opinion of specific expert panels supported by the European Medicines Agency.
To illustrate how products are assigned to different risk categories, one can take the example of classifying software. Software that is not intended for diagnostic or therapeutic purposes and does not measure physiological processes should be assigned to Class I (low risk). An example of Class I software is an app intended to support conception by calculating the person's fertility status based on a validated statistical algorithm. 50
In-body wearables mostly fall under Class IIa or Class IIb, and sometimes under Class III. The precise risk category is not always easy to determine. Class IIa includes software that generates data to make diagnostic or therapeutic decisions. As per rule 10 MDR, this usually includes devices that measure physiological processes. 51 If such decisions might result in a serious deterioration of a person's health or lead to surgical intervention, the software should be assigned to Class IIb. Similarly, if the data concern vital physiological processes (e.g., deviations in blood pressure, body temperature, heart rate, breathing) and are used for diagnostic or therapeutic decisions, the software should be assigned to Class IIb. Software used for contraception should also be assigned to Class IIb. An example of an in-body wearable currently assigned to Class IIa is the ingestible temperature pill manufactured by BodyCAP (e-Celsius Medical). 52
If the data are used to make diagnostic or therapeutic decisions that might result in death or irreversible health deterioration, the software should be assigned to Class III (the highest risk). As a rule, Class III includes surgically invasive and implantable products, as well as products that include human blood derivatives or a medicine as an integral part. An example is software intended to perform diagnosis by means of image analysis for making treatment decisions in patients suffering from acute stroke. 53 Wearable sensors that are part of closed-loop systems (for example, sensing-controlled, ultrasound-based closed-loop microneedle smart system for diabetes management) 54 should also be assigned to Class III if they have a ‘diagnostic function that significantly determines the patient management by the device’ as per rule 22 MDR; otherwise, they should be assigned to Class IIb as per rule 9 MDR. 55
The high diversity of products and the rapid pace of innovation make the qualification and risk-based classification of given products challenging, especially for in-body wearables that measure physiological parameters. Commentators have pointed out these challenges and the ambiguities that remain under the MDR. 56 In case of doubt, a case-by-case determination is carried out by the European Commission upon a substantiated request of a Member State and after consultation with the Medical Device Coordinator Group (pursuant to Article 4(1) MDR). Proper regulatory qualification and classification are crucial, as such decisions affect most pre- and post-market requirements and impact data protection. Commentators argue that if those parameters are used for direct diagnosis, the risk category should be the same as that of medical devices directly controlling treatment. However, if a wearable is used solely to monitor a condition or inform the diagnosis, it should be assigned to a lower-risk category because the possible error is not automatically transferred to treatment. 57
Tackling the non-regulation of in-body wearable technology in employment
Unlike in healthcare, there is no specific European or national legislation governing the use of in-body wearable technology in employment and, specifically, for OHS reasons. This is despite significant technological advancements and growing interest from the research community and manufacturers in designing and developing such devices for workplace use, particularly electronic epidermal wearables and ingestible pills. The MDR also does not address the use of these devices in the workplace. This is a regulatory gap that the European Parliament had already identified (prior to the adoption of the MDR) in relation to the application of the previously in force Active Implantable Medical Device Directive to the use of microchips in the workplace. 58
Nevertheless, the EU data protection framework can be used to analyse the legal issues raised by the use of in-body wearables in the workplace for OHS reasons. The following sub-section discusses the extent to which employers can – or cannot – invoke a legal basis under the GDPR to introduce the use of these devices for OHS reasons.
Legal bases to introduce the use of in-body wearables in the workplace for OHS reasons
As data controllers, 59 employers must have a legal basis for gathering wearable data classified as personal data. Specifically, concerning implantables, scholars argue that passive RIFD microchips collect and process personal data as they can store information about workers, such as their name and age, and also biometric data like fingerprints. Through these implantable devices, employers can identify a worker, and potentially track their location, using the unique number each chip contains and matching it with the employee who ‘wears’ the chip. 60 Data collected by electronic epidermal wearables and ingestible pills may also be classified as sensitive personal data within the meaning of Article 4(15) GDPR. 61 Temperature ingestible pills, smart patches and e-tattoos can indeed give an insight into a worker's health condition (for instance, heat strain) by collecting and processing data about an individual's core/skin body temperature, perspiration, etc.
Article 5 GDPR establishes the principle of legitimacy. 62 Accordingly, ‘personal data shall be processed lawfully, fairly, and in a transparent manner in relation to the data subject’. To process workers’ (sensitive) personal data collected by in-body wearables for OHS reasons, employers must invoke at least one legal basis laid down in Article 6 GDPR. If health, biometric and genetic data are processed, employers must also invoke one exception to the general prohibition to process sensitive data laid down in Article 9 GDPR. 63
The application of the principle of lawfulness in this context is largely unexplored in the legal literature and European policy documents. 64 The focus has been limited so far to the use of microchips in the workplace. 65 To the authors’ knowledge, no attention has been paid to electronic epidermal wearables and temperature ingestible pills, despite the interest of manufacturers in their potential in the area of OHS and the growing interest from researchers in other fields (e.g., electronic engineering).
This article considers five legal bases set out in Article 6 of GDPR to investigate the extent to which there is a legal ground to introduce the use of in-body wearables in the workplace for OHS reasons: consent, legitimate interest, contractual obligation, legal obligation, and vital interest. As the focus is on wearables used for OHS reasons and given that in-body wearables usually collect personal health data, Article 9(2)(b) and Article 9(2)(h) GDPR are considered the applicable exceptions to the prohibition to process health data. 66
Consent
Scholars and data protection authorities have consistently stated that consent is not the desirable legal ground to use in an employment context, given the inherent power imbalance between employers and employees. 67 Workers are usually in no position to provide free and informed consent to the processing of personal data. It would also go against the principle of fairness to ‘unduly pressure’ workers to consent to data processing. 68 Concerning in-body wearables, scholars have raised this argument about the use of microchips in the workplace for identification purposes (e.g., to replace ID badges) and as a means of payment. 69 However, others have also argued that consent, in combination with the legitimate interest ground, may be used as the legal basis for microchipping workers in specific situations, for instance, to guarantee workplace safety. 70
This article contends that a ‘blank exclusion’ of consent as a permissible legal basis to process in-body wearables data is not the desirable approach. 71 When workers’ personal data are processed for ‘good reasons’, namely OHS, 72 further consideration should be given to the possibility and, importantly, the limitations of using consent as a legal basis. A case-by-case analysis is essential in such scenarios. 73 This is particularly relevant nowadays as the use of in-body wearables has the potential to keep workers safe, healthy and, sometimes, alive. For instance, external recorders connected to an ingestible pill can trigger an alarm to warn workers of their elevated core body temperature, thus preventing heat stroke.
Legitimate interest
To date, data protection authorities have not provided any guidance on whether, and if so under what (pre-)conditions, a company may rely on legitimate interest as a legal basis for introducing the use of in-body wearables for OHS reasons. Article 6(1)(f) GDPR requires a balancing test between the employer's legitimate interest and the data subject's interests or fundamental rights, the latter including the ‘obvious’ rights to privacy and data protection, but also the right to personal (physical and mental) integrity and the right to health and safety in the workplace.
Undoubtedly, the protection of workers’ health and safety is a legitimate interest. Working Party 29, the predecessor of the European Data Protection Board (EDPB), and legal literature confirm this. 74 Moreover, in the balancing test, it is important to consider that ensuring workers’ safety and health is an employer's legal obligation (e.g., under Directive 89/391/EEC) and in the public interest. This is particularly relevant given the costs that society must bear for occupational injuries and diseases.
However, under what circumstances can this legitimate interest override workers’ fundamental rights? 75 Scholars have argued that in certain sectors and jobs, employers could use legitimate interest as a legal basis to introduce the use of RFID microchips for OHS reasons. This is the case, for example, when microchips are used to locate workers (e.g., lone workers, firefighters, police officers) and activate emergency responses; or when they are used to restrict access to dangerous areas (e.g., containing potentially harmful chemicals) and trigger alarms. 76 In such instances, scholars argue that the ‘substantial safety benefits’ of this technology can outweigh the significant impact on workers’ fundamental rights and interests, provided that the employer puts in place additional safeguards and mitigating measures, and there are no less intrusive, yet effective, ways to protect workers’ safety (necessity test). 77
The openness to using ‘legitimate interest’ as a legal basis for processing workers’ personal data using microchips is an innovative, albeit controversial, addition to the otherwise limited discourse on this topic. That said, it is important to highlight that in the balancing test, the term ‘impact’ is defined as ‘any possible (potential and actual) consequence of the data processing’. 78 Thus, although RFID microchips may contribute to maintaining workers’ safety by restricting access to dangerous zones, a more comprehensive analysis of the consequences of using such implants on all workers’ fundamental rights and interests is necessary. For instance, workers’ fundamental rights to bodily integrity and physical and mental health and safety should not be overlooked. 79 As pointed out in the European Parliament's related study, the insertion of microchips could constitute a violation of bodily integrity, and the safety of these implants and their potential adverse effects on the wearer's health are still under review. 80 Also, constant and real-time monitoring enabled by such devices could lead to anxiety and stress. 81
Similarly, regarding temperature-ingestible pills and electronic epidermal wearables, the nature of the sector and the job should have a bearing on determining whether the employer's legitimate interest can override the fundamental rights or interests of workers. For example, temperature-sensing capsules, smart patches, and e-tattoos may be useful for preventing heat-related disorders in workers exposed to extreme temperatures. Nonetheless, one must consider the safety of such devices and the level of intrusiveness when conducting the balancing test. In contrast to microchips, temperature-ingestible pills as well as electronic epidermal wearables could be viewed as less invasive devices: they require no surgical procedure for placement and removal, and are only temporarily placed inside the human body or attached to the skin (for instance, using adhesive). However, workers still need to swallow them a few hours before exposure to extreme temperatures; the capsules then need to be eliminated naturally from the body a few hours following ingestion. 82
Furthermore, in addition to the balancing test, Article 6(1)(f) requires a ‘necessity test’, i.e., examining whether there are less intrusive, yet effective, means to protect workers’ health and safety. 83 Legal scholars have argued that microchips could serve as more effective tools to prevent workers from entering dangerous areas compared to ‘traditional’ badges. 84 Likewise, OHS researchers have asserted that using ‘conventional’ methods (e.g., wet-bulb globe thermometers) to measure environmental parameters (e.g., ambient temperature, relative humidity) in working environments with extreme temperatures is not as ‘effective’ in protecting workers’ health as measuring individuals’ physiological responses to heat (e.g., changes in body temperature and heart rate variability). 85 This could be done by using temperature ingestible pills or electronic epidermal patches.
Although technological advancements are beginning to enable the measurement and monitoring of workers’ physiological parameters, the question remains as to whether there are less intrusive, yet effective, ways to protect workers from the occurrence of heat-related disorders and accidents caused by entering hazardous or restricted areas. For access control in hazardous industries, instead of microchips one could consider biometric identification (e.g., via an iris scan or fingerprint), 86 wearables that monitor only environmental metrics in a given room/zone (e.g., oxygen levels, hazardous gases and toxic chemical leaks), 87 or wristbands that alert workers when entering dangerous areas. 88 To prevent heat-related disorders, in-body wearables (e.g., dermal patches) that estimate core body temperature with an algorithmic analysis of skin surface temperature and heart rate data could be preferable to ingestible pills. While ingestible pills directly measure core body temperature, they do so in a more invasive manner. Other types of wearables, for instance, on-body wearables such as vests and chest belts, could also be used to predict core body temperature in a less invasive way by measuring physiological parameters like heart rate variability and skin surface temperature. 89
Performance of a contract, compliance with legal obligations, and vital interest of the data subject
Considering the legal bases ‘performance of a contract’ (Article 6(1)(b)) and ‘compliance with legal obligations’ (Article 6(1)(c)), scholars and data protection authorities have generally regarded these as valid legal grounds on which to process workers’ personal data when employers need to process workers’ bank account information to pay salaries and provide tax authorities with relevant information to fulfil tax obligations (e.g., salary slips). 90 The question remains as to when and to what extent employers could invoke these legal bases beyond such specific examples.
As to ‘performance of a contract’, the nature of the employment relationship may determine whether data processing is deemed necessary for its performance (e.g., execution). 91 Scholars have proposed using Article 6(1)(b) as the legal basis to introduce the use of wearables that can monitor workers’ physiology, activity and movement in occupations where physical performance and fitness constitute contractual obligations genuinely necessary for contract performance (e.g., professional athletes, military). 92 The extent to which the same argument can be used for in-body wearables is debatable, though. 93 Indeed, it is difficult to argue that inserting a microchip for access control in hazardous industries, or ‘wearing’ electronic epidermal wearables and ingesting temperature pills to prevent heat-related disorders, is part of workers’ contractual obligations, regardless of the sector and occupation. In this regard, the fact that monitoring workers’ physiological parameters may contribute to preventing occupational risks does not necessarily imply that data processing is genuinely necessary for contract performance.
Concerning ‘compliance with legal obligations’, the European Data Protection Board has considered ‘OHS legal obligations’ as legal obligations potentially justifying the processing of workers’ personal data. 94 However, it remains unclear whether a more general ‘duty of care’ obligation to ensure health and safety in the workplace, as established in Framework Directive 89/391/EEC, meets the requirements laid down in Article 6(1)(c) and 6(3) GDPR. 95 According to the latter, the legal basis for data processing must be laid down either by EU law or Member State law to which the controller is subject. 96 This article argues that the ‘duty of care’ placed on employers under Directive 89/391/EEC may be enough to justify workers’ data processing. However, the debatable issue is whether processing in-body wearables’ data is necessary and inevitable for an employer to fulfil the OHS legal obligation: in other words, are there less invasive ways to protect workers’ health and safety than using in-body wearables? Sub-section 4.1.2 highlighted some examples that are relevant for the application of this legal basis too.
Turning to ‘the protection of the vital interest’ of the data subject (Article 6(1)(d) GDPR), 97 limited attention has been paid to the use of this ground in the work context. Working Party 29 has stated that ‘vital interest’ must be used restrictively in ‘questions of life and death, or at the very least, threats that pose a risk of injury or other damage to the health of the data subject’. 98 However, Opinion 2/2017 on data processing at work does not address the application of ‘vital interest’ in employment. Hence, it remains unclear whether this legal basis could be used for introducing in-body wearables for OHS reasons.
Discussion
Research is underway to explore the potential use of in-body wearables, initially designed and developed for healthcare, in the workplace. Meanwhile, manufacturers have started placing on the market in-body wearables such as ingestible pills and electronic epidermal patches that employers could use to prevent OHS risks. However, the EU regulatory framework on medical devices and data protection is lagging behind the technological advances. Specifically, it is questionable whether the rules adopted to ensure the safety, performance and quality of medical devices under the MDR are appropriate for governing the use of in-body wearables in employment. Three considerations can be made in this regard.
First, when a device is designed for an occupational setting, the manufacturer seems to be able to qualify it as a non-medical device, thereby circumventing the conformity assessment procedure laid down in the MDR and IVMDR. For example, the French company BodyCAP has developed an ingestible telemetric temperature pill called e-Celsius Medical for medical use such as diagnosing a patient's febrile state. As mentioned in section 3.2, this product is classified as a medical device falling in Class IIa. 99 The company has also placed on the market an electronic ingestible capsule called e-Celsius Performance for research, sports, and industrial applications. Since the manufacturer considers this pill to be used for non-medical purposes, the product does not qualify as a medical device. 100
Second, in the health context, commentators discuss the interplay between the MDR/ IVMDR and the GDPR, and argue that a balancing exercise should be conducted separately for each risk category. 101 Accordingly, for Class I wearables posing low risk, data protection considerations might prevail over the objective to ensure/improve the safety and performance of these wearables through the secondary use of personal data, e.g., for research and development. However, the higher the risk posed, the heavier the weight of safety and performance concerns, making it more likely to justify the secondary use of personal data to improve such wearables. For Class III (highest risk) wearables, safety and performance concerns might outweigh individuals’ right to data protection (even though this does not mean automatic permission for processing sensitive personal data without consent).
While in a health context, the safety, performance and quality requirements linked to the highest risk wearables might sometimes justify limitations on individuals’ right to data protection, such limitations are more difficult to justify in the employment context, where there is an inherent power imbalance. Clearly, the MDR and IVMDR are not equipped to address the data protection issues linked to the use of in-body wearables in the workplace for OHS reasons. These regulations focus on product safety, performance and quality, and data protection issues are referred to the GDPR. 102
Third, an important question remains as to how to draw the line between the use of in-body wearables for ‘strictly’ medical applications when patients are involved and the introduction of these devices in the employment context for OHS purposes. This is particularly relevant given that Article 2(1) MDR lists prevention as a medical purpose, which triggers the classification of the product as a medical device. The MDR and IVMDR do not provide clarity on how to draw this line. Moreover, the current rules on qualifying a certain product as a medical device leave it unclear whether the presence of a healthcare professional in a place outside a healthcare facility – e.g., in the workplace – would be enough for meeting the medical context condition. It is also ambiguous under what conditions the OHS context might qualify as a medical context.
Turning to the application of the GDPR to in-body wearables in an occupational context, the way the principle of lawfulness is phrased and the interpretive guidance provided by (national) data protection authorities provide insufficient clarity regarding the possibilities and limitations of using a GDPR-stipulated legal basis to introduce the use of electronic epidermal wearables and ingestible pills for OHS purposes. Further guidance by the European Data Protection Board and national data protection authorities is needed in this regard.
The EU could make use of its shared competence in social policy, an area that covers OHS, and adopt rules to establish if, and under what conditions, employers may introduce the use of in-body wearables for specific and demarcated OHS purposes. It is against this backdrop that, for instance, some States in the US have taken a stand against implanting microchips into workers by issuing legislation prohibiting employers from requiring employees to have a chip inserted under their skin. 103 Legal scholars have also started advocating for specific rules to regulate the microchipping of employees in the European context. 104
Conclusion
There is a growing interest among manufacturers and researchers in capitalising on the potential for cross-fertilization between healthcare and employment settings when it comes to the use of in-body wearables to safeguard individuals’ health and safety. 105 However, the gaps in the European regulatory framework may be slowing down the introduction of these devices into the workplace and the subsequent potential benefits for the protection of workers’ health and safety. Filling the gaps is conducive to the appropriate qualification and classification of in-body wearables, which in turn are of crucial importance because such decisions affect most pre- and post-market requirements and impact data protection.
This article has discussed the potential of the EU governance framework in closing the regulatory gaps. The analysis has pointed out that the EU regulatory framework for medical devices (focused on product safety, performance and quality) is not equipped to address the data protection challenges linked to the use of in-body wearables for OHS purposes. Furthermore, the GDPR's principle of lawfulness and the related guidance by EU and national data protection authorities do not provide sufficient clarity on the possibilities and, more importantly, limitations given the significant risks involved, for introducing in-body wearables for OHS purposes. Further input by data protection authorities is needed to close the regulatory gaps. Moreover, the EU should make use of its regulatory competence in social policy to clarify whether, and if so under what conditions, employers could lawfully deploy in-body wearables to protect workers’ health and safety.
Footnotes
Acknowledgements
The authors would like to thank Dr. Desmond Johnson, who always showed an interest in our research and encouraged us to explore this topic. We are deeply grateful to him for his support. The authors would also like to thank Dr. John Bolte, Professor Smart Sensor Systems at The Hague University of Applied Sciences, for the fruitful discussion on the topic.
Declaration of conflicting interests
The authors declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.
Funding
The authors disclosed receipt of the following financial support for the research, authorship, and/or publication of this article: This publication is part of the project ‘Wearables in European Workplaces: A Saviour of Workers’ Health, Safety and Wellbeing or a Peril for the Rights to Data Protection and Privacy?’ with project number 023.017.040 of the research programme ‘Doctoral Grant for Teachers’ which is (partly) financed by the Dutch Research Council (NWO) (Stefania Marassi). Part of this research was co-funded by Regieorgaan SIA, part of the Netherlands Organization for Scientific Research (NWO) (Mária Éva Földes).
