Abstract
The aim of the article is to explore potential ways employers could use contact-tracing apps and other monitoring technologies to mitigate the spread of COVID-19 and potential concerns in the context of the EU GDPR (General Data Protection Regulation). The analysis indicates that, due to the imbalance of power in the employment relationship, national laws are needed to strengthen employees' ability to reject downloading contact-tracing apps or similar monitoring technologies after the end of the COVID-19 pandemic. When the need for such technological means for keeping employees safe has receded, additional regulations and guidance are necessary to prevent future problems, such as function creep, and similar misuse by employers.