Employment law and AI
One such watershed area that threatens this equilibrium is the violation of privacy of both prospective candidates and existing employees of firms. In particular, the burgeoning use of AI tools like Vervoe and Skillpool to screen resumes, 9 which replaces a tedious and time-consuming task for a manual labourer with the power of machine learning, poses a significant hazard. As algorithms sift through the numerous CVs that a firm may receive, they collect and store the data of all the candidates for further analysis. In a similar vein, when evaluating the performance of employees for promotions, AI first needs to collate an organized picture of their background. This means large amounts of personal data, such as names, addresses, contact details, employment history and other sensitive information may be stored and held by employers, leaving candidates and employees susceptible to their data being accessed by unauthorized organizations through cyberattacks or to other misuse of the data, including violations of their privacy. The Equifax data breach of 2017, which exposed the names, addresses and social security numbers of over 147 million people, 10 serves as a forewarning of this risk. Although current employment laws neglect to address this, the Data Protection Act 2018, which incorporated the EU’s General Data Protection Regulation (GDPR) into UK law and encompasses the definition of, but is not directly related to, employment law, provides some prophylactic measures in this respect, in the forms of Articles 15 (‘Right of access by the data subject’) 11 and 17 (‘Right to erasure’). 12 Together, these articles allow for confirmation from the employer of what personal information of theirs is being used, how it is being used, and if necessary, the ability to have it erased. While this is a solid foundation for data privacy that should be covered by more acute employment legislation, it could benefit from greater clarity from the employer to disclose what information is being used or stored rather than putting the onus on the employee or candidate to find this out for themselves. Mandating transparent privacy policies to be released by employers to both parties is one possible solution to increase awareness of how data is being used and stored and avoid violations of their privacy. The processes that actually use this data present yet another ethical dilemma due to the heightened risk of algorithmic bias and discrimination. Modern day HR departments deploy machine learning algorithms that not only require the data of the candidates or employees involved, but also from other ‘data subjects’ that are needed to train the algorithm, who may include, for example, employees who have been previously hired or promoted. Consequently, these algorithms may develop certain prejudices due to patterns that unintentionally favour certain characteristics. Thus, the application of 9 Medium. ‘Top 10 AI-Based Resume Screening Softwares’, Medium , 29 Aug. 2023, www.skillpool.medium.com/top-10ai-based-resume-screening-softwares-6642e0b69569. Accessed 24 Nov. 2024. 10 Khan, T. ‘Data Breaches and Liability in the Age of AI: Who’s Responsible?’ Thebarristergroup.co.uk , The Barrister Group, 29 Oct. 2024, www.thebarristergroup.co.uk/blog/ai-data-breaches-and-liability-whos- responsible. Accessed 8 Dec. 2024. 11 GDPR. ‘Art. 15 GDPR – Right of Access by the Data Subject | General Data Protection Regulation (GDPR)’, General Data Protection Regulation (GDPR) , 2013, www.gdpr-info.eu/art-15-gdpr/. Accessed 24 Nov. 2024. 12 ---. ‘Art. 17 GDPR – Right to Erasure (‘Right to Be Forgotten’) | General Data Protection Regulation (GDPR)’, General Data Protection Regulation (GDPR) , 2013, www.gdpr-info.eu/art-17-gdpr/. Accessed 24 Nov. 2024.
93
Made with FlippingBook - PDF hosting