Uh Thank you so much for participating in my session. Um Hello everyone. Hello, Simona Amal. Um I can see you and also tasnim very happy to get in touch with you. I hope you had a great um, a great conference so far. Hello, Eunice.So no, now more people are coming. Um I'm not sure um how it was uh scheduled, whether we should wait for more people, but I think we won't. So, um I would say just let's start. Um Maybe you ask yourself why I came up with this session. Uh Well, that's pretty simple. Um I'm an employee, I wear microchip myself and um also I'm an attorney at law advising in data protection and also ende and employment law. Uh Please feel free to ask any questions during the session. Um I will ask them at the end so um just put them in the chat and then I will come back to it later. So let's start now. Hm, great. So, um first of all, I would like to give you um a little bit information about the technical background of the microchip. Um It is an RF ID chip with NFC standard RF ID means radio frequency identification and it stands for a contactless data transmission through electromagnetic waves.

There are active chips which have their own power supply as well as passive chips who work via a wireless power supply. NFC is the abbreviation of near feed communication and it means that the chip is being read from a distance of a few centimeters. Um The chip itself has the size of a grain of rice and the material is mostly biola, the capacity is one kilobyte which equals to approximately 8000 signs of information. The chip is implanted under the skin between thumb and forefinger. As you can see on the picture, it is supposed to be payless, which I cannot confirm to be honest. Um And it is invisible for third parties. And now I would like to show you my hands so you can see for yourself. So, um this is where um the chip was injected in the skin. And as you can see, you wouldn't think there is something in my skin or under my skin. If you didn't know. Um on the next slide, I would like to show you a short video of the implantation. And also I have to issue a, a little warning because if you are afraid of needles, maybe just look away for approximately one minute. So first of all, um the hand is cleaned obviously there, they um put some pressure on the skin which is supposed to make the whole procedure painless. The chip is inside and the needle, this is why the needle is so big.

And then they push um the microchips from the inside of the needle under the skin. So no blood. For this guy here, the white thing in the background you can see this is a reader connected with the PC. I will talk about it later and this guy has his uh linkedin profile on the microchip. I do have as well because in Germany, um right now, there are not so many possibilities to use the chip otherwise, but I hope that will change. Um So the chip implanted under the skin is a passive chip which means um he receives energy from the reader. And also this is the reason um for the chip being un trackable because it doesn't send any information. Um unless it is reached. Um the use of the NFC standard is the system that you already know from contactless payment via credit card or your smartphones. And the reader can be as explained the reader that was shown in the video as well as a smartphone or it can be included in door locks or at the entrance of tube tube stations. So um Dorita um is um basically um a transmitter that contacts the microchip by an antenna which then sends data to the recipient recipient.

There are several forms of application think about um which includes the use of NFC technology, for example, um time recording um opening door codes used as credit cards as mentioned and also for tickets for football games or trains. In the next video, I will show you um the use of the microchip for train tickets and also as a key function. So um this is Sweden where it is uh quite usual to use the microchips and trains. So this guy has obviously his ticket stored on the microchip. And then the person who is controlling him can see that he has a valid ticket. And this is the system for opening doors. As you can see it's very fast, much faster than um if you would have to put in uh 66 figure clock. And this is now an example for payment, you can see again the white reader connected with the PC, the guy just holds his hands in front of it and now he can take something out of the fridge which is already paid. Um These are some examples of possible uses in the employment context. Some of them have already been mentioned in the videos, but um it can also be used for time recording.

Um also for document access and um also for um the access to personal belongings or locker rooms instead of a key. The use of the microchip basically includes three different um areas of data processing. First, the storage of the data when the data is written on the microchip, then the next one is uh reading those data via the reader. And then the last step would be um the deletion of the data when they are not needed anymore. If these kinds of data processing are done in the European Union, the European general data protection regulation is applicable because um those data um of the employee are considered as personal data, for example, the employee number or his payment information as um there is no basis for the legitimate data processing.

Besides the content of the employee and the employer must rely on the content in order to process this kind of data. And the content is only valid if it is informed, determined voluntary. And in the right form, informed consent must contain information which allows the employee to decide whether he or she would like to declare the consent. In the end. This includes inter alia the kind of data in our case, contact data, payment information or the employee number.

Then the kind of processing which is um storing, reading and deletion. Also the purpose of processing which could be in our context um storing the employee number on the microchip for the purpose of time recording when it is used by a certain reader. In addition, the legal basis for the data processing must be named, which is the content in our case and also who is um the responsible processor, which is the employer plus the um employee must be informed about um how long the data will be stored and that he can re revoke the content at any time.

Also, the employer must inform the employee about the consequences of revocation which are in general um the deletion of the data and no further use of the data. And um the employee must also be informed about his rights, which includes the rights of access, the rights of rectification and eurasia, the right to limit the processing of data, the right to object data processing and also the right of data transferability. Lastly, the employee must be informed about where he can complain about data protection infringements with uh which is the um data protection authority in the individual state or country depending on where the data processing happened. This kind of information must be given before the employee declares the consent because otherwise the cons wouldn't be valid the form for the content. Uh Sorry for the information can be in writing or in any other form including where it is appropriate the electronic form. But we would recommend to do it in writing for evidence purposes. The content must be determined as explained, which includes um naming the type of data to be processed. Then the purpose of the data processing as well as the responsible person for the data processing. As you can see, this is very similar to the information that must be giving. So um that is why the information is often included in the content itself, then also the content must be voluntary, which means that it is freely given.

Um In this context, we have a small problem, I would say um because of the subordination um between employer and employee as the employee usually depends on this job as an income. So that is why um some people think that in general um content is excluded in the employment context because it can never be freely given. I disagree with it because um there are um examples where it is possible. For example, um one one thing could be um or one option which uh which would make the content more freely given is for example, if the employee has some time to think about it, maybe two weeks, then if the employee is given the option to talk um with employee representatives about it or even with his lawyer, then um also if the data processing brings some benefits for the employee and also if employer and employee purses similar interests under German legislation, the last two examples, benefits for the employee and employee and the employer with similar interests are named, especially as examples for voluntary content.

And here I would say the benefits are given for the employee as it is more convenient for him to use the microchip instead of traditional methods, methods. Oh, sorry for so quick. Um There is in general no form requirement for the consent except for explicit content uh which is necessary in the case of special categories of personal data being processed, which uh can be health data for example. But um that is not the case in the examples mentioned here in our employment context. Um however, even if there's no form requirement, I would recommend to do it in writing again for evidence purposes. Um then as mentioned, the employee has the right to revocation the content at any time, which means that um the employer must delete the data and cannot use them further. But we all think that the employee must be able to delete the data himself because otherwise, uh for example, I would be obliged to keep the data under my skin, which I don't want. So yeah, that's an additional requirement. We think um should be included, which is not in the law here, you find um the key takeaways for my presentation. Um So we are talking about an RF ID microchip with NFC standard.

There are multiple applications thinkable in the employment context, only the employees valid content can legitimate the use. And it is necessary to be careful with regard to the voluntariness in the employment context. Um So now I will go through your questions, you can add some more because we still have some time. So um Miriam asked what percentage of employees usually accept to use the chip? Do you have it installed yourself? Um So I have to say that I don't have um any experience in this regard because it's quite new in Germany. Um Actually, I'm the only person I know who has the chip. So, um it's hard to say, but I think it depends on, um on the, you know, um for example, I'm someone who isn't afraid of technique and also using technical devices, but um people who are more afraid of, of this kind of things and maybe are also afraid of being tracked, even if it's not possible with the chip would not be so easy to, to accept this, this um option.

But um what I heard is that in Sweden and also in the UK, uh some companies have um events where they invite all of the employees and offer them because obviously they cannot be forced to implant the chip and to use it for payment or um other options in the employment context.

And uh in this um events, um approximately half of the employees tries it. But I think it's also depending on what kind of company they are working for because if it's maybe a tech company, they would be more likely to do it than if it's a traditional company such as my law firm, for example. And um no, I, I didn't install it myself because um I'm not a qualified, I don't know PS A or who or doctor who can do it. Um Actually the guy you saw on the video with the tattoos, he is um the owner of the company who produces, um, the bi the microchips and he was the one who implemented it in my skin. And, and I went to a trade fair and saw 40 people waiting for the chip to be implanted under the skin and then I just queue in the line and waited for me to do it as well. Um, so then Antonia asks, uh, whether it is a security and privacy hack. Um, uh, I don't know what you mean. I, so far the data is not protected on, on the chips.

So every reader um who is put in front of it in a several centimeter distance can read the data which are on the chip. But um as you have seen in the picture, it must be really close. So I think I would notice if someone tried to steal my data. Mm uh Yes, Sweden is using the chip and, and also the UK. So um there are the two countries I heard about are most forward with it. But um there have been a lot of um press articles in Germany in the last month I would say. So I think um it's coming to other European countries as well. Um What are the main concerns with employees adopting this technology? Jenny asks, um I would say um first of all, it's putting something uh under your skin because I mean, how many people do it besides those who were uh tattoo and tattoos who were piercings. So that's, I think something, um, a lot of people are afraid of and then the other aspect is, um, the data security because, um, they know that the data are not secured by a password or anything else. But I think that's more of a theoretical fear because, uh, if you think about a contactless payment, which is quite normal in most of the countries I know, um, and nobody cares about it and it's the same system.

So I think it's even more secure if I store the data on my hand than um in my purse, which is maybe in the back of my pocket. Um Magdalena asked whether I see any downsides in today's pandemic situation and the related more important hand hygiene, thus not wanting to have any physical contact at all. Um No, I don't see any downsides because physical contact is um not necessary. Um as a distance of a few centimeters, maybe one or two is sufficient to, to read the data. So I would say it's even safer now to use the chip because um doors do not have to be touched because they would open automatically. Um Then Zyla asked for uh any security concerns. Um I personally haven't heard about that. Uh data was stolen from the microchip. So um I cannot confirm that. But um as already mentioned, I think there are some theoretical concerns because people um I'm not really sure what to expect even if they do understand the technique um because it's so, so new and, and unknown. Um And she also asked whether we have data privacy laws in the European Union um with that are not being protected. Um I'm not sure whether I understand the question.

Um So the, the personal data are protected under the European data protection regulation, um which I already mentioned in my presentation. And also, um I think most of the countries um do have their own laws. Germany has as well, which are um sometimes even stricter than what is required by the GDPR. Um Yes, Veronica, I will share this video. Um How updated, and Nelson asked how updated laws are compared to technology pay? Well, um as you probably can imagine, laws are always a little bit behind um because they are usually made um when there is a need for it, which means in this case that a lot of people are wearing the microchip and then they, I expect them at least to do uh new laws which regulate the use of it and also maybe some specific information and, and something which I already mentioned is um that I think the um employee or in general, the one wearing the microchip should be able to delete the data.

So that is something I expect to be regulated later on. So I think there are no more questions. Um OK. So, um um where will I share the video? I'm not sure I will ask um where to, to put it right. But um yeah, it's recorded so it shouldn't be a problem to share it. And uh Mary Allen has another question she asked, um whether hacking or physical impacts, uh what is the benefit of this? Why not use a smartphone? Yeah, that's a valid question. Um I think it's um most of the data such as uh tickets for trains uh can also be used by smartphones nowadays, I think in most of the countries. Um but um I think the idea is um that you can leave things such as your purse and keys at home one day and just use your hand which you carry with you anyway. So, but it's not, I wouldn't say there's any um main difference then compared with the use of a smartphone which you also will take with you anyway, everywhere, I guess. And ines asks, um are there concerns about employers abusing surveillance on employees such as monitoring how long they go to the bathroom?

Um Yeah, I wouldn't say there are concerns because um they can only monitor that if they have readers on the way from my desk to the bathroom and back and that I have to pass every one of these readers. Um so they can track where I was and I think that's very unlikely. And also um that would be forbidden under law because there's no genuine interest of the employee of the employer to record this time. Um, unless there is a system in, in the company which says, um, but I think that would also be not valid that um, time you uh use in the bathroom is not considered as working time. But um then it would um, yeah, I think that's not possible, but then this could be 11 thing where they could record it. Yes. Anything else you would like to know? Ok, I think thank you all for your attention and for asking these interesting questions. Um If you have any further questions um later on, feel free to contact me. Um here you will find my contact information. Uh and I hope we stay in touch and you will enjoy the rest of the conference. See you.