From 'general' to 'context-specific' data protection for workers: Insights from the EU rules on platforms, algorithmic management and AI systems

In this article, we examine the regulatory and practical challenges posed by the expansion of algorithmic management systems in workplaces beyond the platform economy. Despite their cumulative strengths, we argue that the existing general data protection regimes exhibit structural deficits when addressing the power dynamics, informational asymmetries and relational aspects inherent to work contexts. By tracing the global evolution of employee data protection law and critically analysing the current legal instruments—including the European Union (EU) General Data Protection Regulation (GDPR), the Artificial Intelligence Act (AIA) and the Platform Work Directive (PfWD)—we identify the gaps, overlaps and tensions in terms of safeguarding workers’ digital rights. We portray the PfWD as a targeted refinement of the GDPR, addressing the latter's critical ambiguities and loopholes. We also map the PfWD's interplay with the AIA and pinpoint areas where the two tools intersect or, sometimes, collide. While the PfWD could pave the way for more ambitious initiatives at both the EU and national levels, its effectiveness is limited by its sector-specific scope. Ultimately, we argue for the necessity of a tailored, employment-specific regulatory framework that integrates data protection principles with labour law, providing concrete recommendations for effectively managing the intersection of workers’ digital rights, automated technologies and trustworthy workplace governance.