Best Case: Protective Measures in Place
- Technical measures: The data collected from employees is anonymized immediately where it is generated. Clearly defined access rights prevent the anonymized data from being used to draw conclusions about individuals. Personal data is always deleted after it has been analyzed. In general, the company only collects data that is absolutely necessary, in accordance with the principle of data economy.
Alternatively, the company could rely on the procedure of distributed learning (federated learning) when using AI systems: With this technical solution, personal data remains on the AI-supported personalized devices of the users and is not sent to a cloud; in this case, data sovereignty lies with the individual employees.
- Organizational measures: All technical measures were coordinated by the company management in close cooperation with the works councils and employee representatives. The common premise for the introduction of AI systems was that employees and the AI system should work together productively and that their respective strengths should be emphasized. The internal regulations on data collection and analysis of AI systems are set out in a works agreement. Employees are informed about what data is collected in the work process and for what purposes. In addition, it has been defined which systems certain employee groups are allowed to use in the work context. The introduction of AI systems was accompanied by change management that successively involves employees. The company is transparent about all measures taken to prevent the misuse of AI systems for performance monitoring.
- Consequences: The technical measures and operational tools prevent managers from gaining access to individual user profiles. Employees benefit from working with AI systems that support them in the productive performance of their tasks and make the work environment safer.