Skip to main content

The protection of personal data of (and by) the digital nomad worker: Does it exist?

By 25 Abril, 2023Maio 4th, 2023No Comments

The so-called “foreigners law” (Law No. 23/2007 of July 4) now includes the figure of the “digital nomad”, within the scope of visas, being covered by this regime both professionals bound by an employment contract and by the provision of services (where entrepreneurs can be included).

Digital nomads are, in fact, people who do their work at a distance (from their employer), anywhere in the world – suggesting, even, more than a way of working, a certain way or lifestyle (“smart working” or “smart living”?).

The phenomenon of the internet and connectivity facilitates and encourages these scenarios, weakening the idea of a fixed or certain work place; highlighting an inverse increase in freedom and autonomy to live and, therefore, work anywhere in the world. It is for this reason that telework and remote work regimes appear alongside these realities (articles 165 and following LC).

In fact, since for the digital nomad the “sky is the limit”, it will be up to the parties, in an agreement, to delimit the “work place” and guarantee labor protection conditions comparable to those of the employees that work in a presential regime in any of the employer’s structures (e.g., health and safety at work). Besides these working conditions, the protection of the digital nomad’s personal data must be guaranteed, as well as that of third parties, which the digital nomad may “carry” with him when carrying out his activity “worldwide”, i.e., throughout the world.

As a result, it is necessary to reconcile two interconnected duties of personal data protection: (i) the first, associated with the protection of the digital nomad’s personal data, by the employer; (ii) a second, associated with the protection of the employer’s personal data (if applicable, namely because he/she is a natural person) or of third parties (e.g., co-workers, clients, suppliers, distributors, business partners) by the digital nomad.

Now, as you can see, there are numerous difficulties (legal and administrative) that result from this way of providing work and the absence of a fixed or certain place of work. First of all, because telework or remote work may be done internally (in Portugal) or externally, across borders, in a neighboring country that is a member state of the European Union [EU] (e.g., Spain or France), or in a more distant country outside the EU framework (e.g., the United States of America or Australia). The determination of the applicable law will largely influence the requirement of protection of personal data and, in particular, the obligations of the parties, especially those relating to the processing of personal data outside the EU.

Having said that, accessing, extracting, processing or storing personal data, in this context, is a very difficult, although possible, articulation (the GDPR and the ELGDPR command it, at least).

We will be watching closely the next developments.

Tiago Sequeira Mousinho @ DCM | Littler