Lost in Translation: Is Data Protection Labour Law Protection?

This paper critically examines how the European General Data Protection Regulation (GDPR) defines and applies the legal categories of data subject and data controller within employment relationships. Under the GDPR, employers who collect and process personal data are classified as data controllers, while employees are designated as data subjects. However, this paper argues that such a "translation" of data protection categories, rights, and obligations into the regulation of workplace dynamics requires closer examination. The focus is on evaluating whether the GDPR's rights and obligations for data subjects and data controllers accurately capture the agency and interests of employee and employer roles in the workplace. Through an analysis of data subject rights (GDPR, Articles 12-22) and selected data controller obligations (GDPR, Articles 24, 25, and 35), this paper identifies a "Lost in Translation" effect, where the GDPR's assumptions of autonomy and agency conflict with the hierarchical nature of employment relationships and with the information asymmetries between employers and data processors (GDPR, Article 28). Ultimately, this analysis highlights the need to reconsider and adapt these legal categories to better reflect the unique characteristics of employment in the regulation of data processing.