March 17, 2022
There is something about the phrase “employee monitoring” which sounds a little sinister. Whether that's an employee monitoring system designed to track remote teams, or digital tools built to improve employee productivity, any mentions of monitoring rarely have a warm reception. And yet, there are occasions when monitoring systems are legitimately needed to manage workers. Despite this, handled incorrectly, employee monitoring can result in more than a few disgruntled employees.
In this article, we discuss the ethics, legal considerations, and privacy concerns that relate to workplace monitoring. From tracking software to monitoring computer activity of remote employees, we'll set out the pros, the cons, and the absolute no-gos.
There are lots of embedded monitoring practices we’re comfortable with, for example:
More recent monitoring practices we might feel comfortable with include when IT gets an alert that someone has tried to access an inappropriate website.
Not everyone is comfortable with monitoring however and you can understand why some people might think it goes a little too far when you read reports of companies accessing laptop webcams when employees are working from home. Feels a bit Big Brother, right?
The starting point in law is that privacy is a human right, so we expect a degree of privacy as we go about our lives. Whether we are out and about (e.g. toilet cubicles in public bathrooms), go shopping (e.g. the cashier might look away as you enter your credit card PIN) or have a sales pitch at the office (e.g. sound-proof meeting rooms, maybe with frosted glass).
That being said, privacy is not an absolute right. That means sometimes actions that would normally be considered intrusive are legally justified. We usually don’t need to articulate the justification because the context explains itself (e.g. getting an extra pat-down by security when we make the airport metal detector beep).
But when the context is not obvious it leads to situations where one person considers their actions to be justified but the other person feels is a total invasion of their privacy.
Let's start with the employee-employee context.
From an employment law point of view…
A cautionary tale! If it is the employer has broken the trust – because, perhaps they have installed software which periodically accesses remote working employees’ webcams without letting their employees know they do this – and the employee realises this breach and resigns, then the employer cannot rely on any post-termination restrictions in the contract. Meaning there is nothing to prevent a former employee from working for a competitor or trying to poach customers/staff and the employee doesn’t need to work out their notice period.
From the data protection point of view….
Employers need to comply with data protection law. Often when organisations think about data protection (the UK GDPR, cookie consent and all that good stuff) the focus is on their relationships with externals, e.g. customers, website visitors or suppliers. But data subjects also include employees (since a data subject is any person who can or could be identified by information, aka personal data). This means that employers are controllers (meaning they make decisions about their employees’ personal data) and they have specific obligations. Particularly relevant examples are:
Even when there is a good reason sometimes an employer might choose an approach which is OTT. Of course, a business will want to increase employee productivity but perhaps remotely accessing a homeworker’s webcam is a sledgehammer for a walnut. Another advantage to an employer being open about their monitoring practice is that they might hear about a solution they had not considered before.
An employer should also consider who should have monitoring access. It is not appropriate that every single member of staff can access their colleagues’ private messages – that should probably be reserved for a person in an HR role or a senior executive. Once someone has been given the responsibility of monitoring, specific safeguards should be put in place to make sure that individual doesn’t abuse their access permissions (e.g. that they only check a colleague’s browsing history once they receive a security notification, not any time they fancy). One way to do this might be by getting those individuals to sign a monitoring privileges acknowledgement form.
It’s a lot to think about, but it is indeed possible to conduct employee monitoring without giving the workforce a case of the creeps. Thinking about changing your employee monitoring practices and not sure about your legal obligations? We're here to help you distinguish creepy from practical.