The treatment of data in relation to menstrual leave: a clear victory? (BLOG)

By Ana B. Muñoz Ruiz (UC3M)

Some time ago I discovered the book Clara Victoria by Isaías Lafuente in the Madrid Book Fair. It tells the story of a debate that changed the history of women and, in particular, highlights the leading role played Clara Campoamor, a Member of Parliament who fervently defended women’s right to vote in a male-dominated parliament (470 men and 2 women).

The recent proposal by the Spanish Government to recognize the temporary disability of women due to painful and disabling menstruation takes place in the current context of the evolution of policies on equality and the legitimate progress made by women. This measure is part of the draft reform of Organic Law 2/2010 on sexual and reproductive health and the voluntary interruption of pregnancy and highlights the relationship between women and work through regulations that treat a variety of realities in a different manner (Guamán Hernández). Specifically, women workers who suffer dysmenorrhoea (difficult and painful menstruation) represent at least one third of the fertile female population, and of these a significant percentage suffers severe and disabling pain (Nieto Rojas).

Nevertheless, the planned reform may arouse certain doubts regarding the fundamental right to personal data protection under article 18.4 of the Spanish Constitution (Aragón Gómez), which need to be dispelled. As it happens, the new benefit is of a singular nature as it is paid by the state from the first day off work in comparison to other disability payments for common contingencies, which are paid after the fourth day. The more protective law that supports the new measure is offset by the fact that there is risk of data-based inference by companies. Inferred data are those where a link is created between records relating to a person and it is possible to infer information on that person, particularly if there is a correlation between the attributes or they have very close logical relations (Expert Opinion 5/2014 of the Working Party on article 29). This could occur in the case of the treatment of data by companies related to time off work for disabling menstruation, either based on the date the person stops work or on the frequency of the event.

As a result, a company may paradoxically obtain knowledge of data that is subject to special protected, such as workers’ health, without ensuring correct compliance with obligations and guarantees established by Regulation (UE) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR). Among the guarantees, this processing requires the consent of the worker in order to avoid discrimination by the company (article 6 GDPR and article 9 and Additional Disposition 17 of Organic Law 3/2018 on the Protection of Personal Data and guaranteeing digital rights). This is the general rule that has some exceptions in

Based on the above, action from the legislative level and from companies is desirable so that the planned reform does not act as a disincentive in the sense that some women may prefer not to use the specific time off work in order to preserve the confidential nature of their data. An example is Japan, where only 0.9% of women made use of this social right in 2017.

First of all, it would be recommendable that the planned reform should be accompanied from the legislative level by other measures that protect women workers who need time off work for this reason. For example, by incorporating a specific series of sanctions into the LISOS [1] that would encourage the correct use of these data by companies and allow the intervention of Labour Inspectorate. This could be structured as an implementation of article 8.11 of the LISOS that classifies any action by business owners contrary to the respect of privacy as a very serious offence.

As a second measure, companies should strictly comply with the provisions of articles 24 and 32 of the GDPR. In line with the above-mentioned precepts, companies should establish appropriate technical and organisational measures to guarantee –and be able to demonstrate– that their data treatment is in line with the GDPR. Here, confidentiality should be guaranteed, and it would be advisable to have a traceability record to know who has had access to the data. Furthermore, while the date of stopping work, without any extra information or explanation (i.e., no direct or indirect mention of a medical diagnosis) cannot be considered as health data (sentence of the Supreme Court of 5 March 2012, recommendation 1104/2009), companies are advised to apply security measures usually applied to health data to this particular item of data.

In this matter it is useful to take into account the expansive interpretation of health data by the Working Party on article 29. In line with this European criterion, the following data are classified on an equal basis as well as health data of a medical nature: 1) raw data from sensors that can be used either on their own or in combination with others to infer the conclusion on the current state of health of a person or the risk to a person’s health; 2) conclusions inferred on a person’s state of health regardless of whether these conclusions are accurate or inaccurate, legitimate or illegitimate, or otherwise suitable or opportune (Annex to the Letter “Health data in apps and devices”, 2015).

Basically, weighted treatment is proposed between the two conflicting rights (equality and non-discrimination / protection of personal data) so that the planned advances may be exercised from a position of freedom and signify a “clear victory”.

[1] Spanish Law on Labour Infringements and Penalties

Originally published in Spanish on El Foro del Labos.