Abstract
Evaluation of workers by customers as a method of surveillance and control, and the disclosure of the results poses a series of challenges for the existing legal system. Employees subject to surveillance and control by customers are exposed to a far more intense and wider degree of monitoring of their work than is the case for traditional workers. The reason behind this phenomenon lies in the customer perspective, which makes work observable at every moment and without any cost for the firm. Thus, this paper analyzes the European Union’s latest regulation on data protection (GDPR), which establishes very specific restrictions when requesting and disclosing information about workers.