Data watchdog the Information Commissioner’s Office (ICO) has released guidance to employers who want to monitor their employees in the office or remotely. Legal experts have told Tech Monitor that the guidelines reflect the need to balance the desire to track the output of staff with breaching employee privacy.
The ICO published its guidelines alongside research it commissioned on employee monitoring. It called on companies to consider their legal obligations under the Data Protection Act, as well as their employee’s rights, before implementing any workplace monitoring.
Its research shows that 19% of people believe they have been monitored by an employer, with 70% saying they would find it “intrusive” if their employers monitored them. Some workers told the ICO they would be put off working for a company that monitored them, with less than one in five respondents saying they would feel comfortable taking a new job if they knew they would be under surveillance.
The guidance is aimed at private and public sector companies, with the ICO saying it provides “clear direction” on how employee monitoring can be conducted lawfully and fairly. It outlines a company’s legal requirements as well as good practice advice.
Employee monitoring isn’t a new phenomenon, but newer technologies and the rise of remote work have led to growing unease about it, with workers worried about recording webcam and audio conversations. One expert told Tech Monitor that there is also a risk of companies invading people’s privacy with the recording of personal conversations and the recording of children.
Employee monitoring could risk worker’s privacy says ICO
Emily Keaney, deputy commissioner for regulatory policy at the ICO, commented that the organisation’s research shows how concerned workers are about their privacy at home when it comes to employee monitoring.
“As the data protection regulator, we want to remind organisations that business interests must never be prioritised over the privacy of their workers,” she said. “Transparency and fairness are key to building trust and it is crucial that organisations get this right from the start to create a positive environment where workers feel comfortable and respected.”
The ICO urges companies across all sectors to remember their “legal obligations” to their workers’ rights, saying while data protection law doesn’t prevent monitoring, it must be “proportionate” as made clear in its guidance: “We will take action if we believe people’s privacy is being threatened,” Keaney warned.
In its guidance, the ICO defines monitoring as tracking calls, messages and keystrokes, taking screenshots, webcam footage or audio recordings. It also says that using specialist software to track activity is considered employee monitoring as well as biometric data, which they say is used to monitor timekeeping and attendance.
It warns organisations that if they want to monitor workers, they must take a number of steps before implementing it. Employees need to be made aware of the “nature, extent and reasons” for any monitoring and companies need to have a “lawful basis” for processing worker data, such as consent.
The regulator also references the need for data protection impact assessments for any monitoring activity, which is not necessarily supported by the Data Protection and Digital Information Act, the UK’s post-Brexit GDPR replacement law, which is currently going through the House of Commons. As reported by Tech Monitor, during the second reading of the bill earlier this, Labour MP Lucy Powell, former shadow secretary of state for digital, said that the proposed legislation would mean data protection impact assessments would no longer be needed, and that it “tilted” the rules in favour of companies rather than the people.
Employers risk losing talent if they choose employee monitoring
The findings of ICO’s research also show a disconnect between employers and their employees. One tech founder told Tech Monitor that the ICO also highlights the “tightrope” of balancing ethical practice and monitoring productivity.
Christoph Cemper, CEO and founder of AI company, AIPRM, said that he had to face the same balance during his early days at the firm: “An employee, dazzlingly talented yet consistently veering off the tracks of productivity, became the subject of a subtle monitoring protocol. Was it ethical? Was it conducive to a healthy work environment? It was a tightrope walk, safeguarding the sanctity of the company while being mindful of ethical and moral boundaries.”
On reflection, Cemper believes that implementing “transparent, respectful and justifiable monitoring” had to be anchored with clear guidance and “impeccable communication.” ICO’s guidance underscores the imperative to scaffold these practices, he says.
“It’s pivotal, I believe, to embrace a standpoint that while technology affords us unprecedented oversight and data, the human element – trust, respect and ethical conduct – must not be eclipsed,” he says. “It’s not merely about what we can do with technology, but what we should do.”
The ICO research collected responses from more than 1,000 UK adults on their thoughts and experiences of employee monitoring. The majority (83%) considered monitoring personal devices the most intrusive practice that an employee could undertake, while 78% believed recording audio and video to be so.
Antonio Fletcher, head of employment at law firm Whitehead Monckton, said that workers were becoming increasingly concerned in relation to privacy, particularly when it came to the use of webcams and other video. He also explained that audio recordings, as a use of monitoring, could capture personal conversations with adults and children if workers are remote working.
“The guidelines make clear that it is important to ensure workers are well aware of the nature and extent of monitoring and doing so in a clear and understandable way,” he told Tech Monitor. “The guidance should be read alongside data protection laws to set expectations for what is acceptable employee monitoring and to clarify what is considered to amount to monitoring.”