Is it ok to spy on employees?

Zoom settles class action suit, data privacy scofflaw zoom, data privacy case 86m fine, Zoom settles class action suit for data privacy breaches, data privacy solutions ltd
Zoom settles class action suit, data privacy scofflaw zoom, data privacy case 86m fine, Zoom settles class action suit for data privacy breaches, data privacy solutions ltd

Aug 30th 2021

Employee Surveillance : is it ok to Spy on Employees?

The employee surveillance software business is booming in the era of remote working, but what are the legalities and will employees accept the encroachment on their expectation of privacy when monitoring working from home?

Barclays & IKEA France

The rise in employee monitoring software was estimated to be north of 50% globally in 2020 reaching over the $1.2 Billion mark. It’s expected that the CAGR will grow by 8% or more over the next 5 years. This stratospheric growth is fueled by the remote working phenomenon and seemed to coalesce with a wake of high profile related stories such as Barclays and IKEA France’s employee monitoring scandals which came to light recently.

Barclays is facing a potential £1.1bn fine from the Information Commissioners Office for using a software tool called Sapience to secretly monitor how long employees were away from their desks and how long they took to finish tasks. Under pressure, they later withdrew use of Sapience. (Related story https://www.bankingdive.com/news/barclays-fine-ICO-monitoring-employees/583231/)

IKEA France used a mix of software and private investigators to review personal records of their employees including bank accts & sometimes used fake employees to write up reports on staff. They were fined €1m, a former CEO was given a suspended sentence and its parent company ingka was forced to deny it was running some kind of global surveillance program.

What’s the legal threshold for surveillance?

The legal threshold in the EU at a high level states that organisations can monitor employees if they prove their justification is superior to the interests of workers. In practice most employers should also past muster in several areas before it could be considered safe to do so. The ICO and WP29 laid out several guidelines in this area which is in part derived from article 8 of the European Convention of Human Rights (ECHR).which focuses on an employees expectation of privacy in thw workplace and the need for a proportionality test,

This test in practice requires employers to:

  • Identify why the monitoring is necessary & the tangible benefits that this will provide;
  • Organizations must also – identify any potential detriment to employees because of the monitoring, including the risk of harm, damage or distress, as well as mitigating factors
  • They must ensure that the purposes of monitoring are sufficiently important to justify limiting employees’ rights to privacy & finally;
  • Ensure that no more personal data than is necessary is collected; and that there are no less privacy-intrusive alternatives available.

In addtion to the proportionality test, ICO guidelines require notification to the employee of ‘fair processing’ outlining the why’s, what’s and how processing will take place. Its also recommended by the ICO that a DPIA (data privacy impact assessment) take place before monitoring should begin.
Lastly, security safeguards including strict access control to data collected by the monitoring and secure storage are key in this area.

So to the question, when is monitoring a good idea?

In reality we have all been subject in the workplace to some degree of monitoring whether it’s for email scanning for confidential data leaving the firm or CCTV coverage of building areas which we have grown to accept. The litmus test will always be about transparency and intent. When you consider that covert surveillance requires a warrant in the criminal justice system as the invasive nature of intercepting communications & monitoring movements is a serious matter. So why would covert surveillance in the workplace be any less significant. Hence covert data collection should only be limited to a cases where disclosure would prejudice a specific investigation and not a as mattter of general practice for monitoring all employees.

Monitoring is only a good idea when both parties agree that it’s necessary and know exactly what’s being collected and how. The decision making within an organisation about monitoring should be inclusive of management and employee representatives, hence mitigating chances of bad ideas taking hold like turning on laptop cameras for remote monitoring of employee productivity.



Looking for Help with Data Protection?
Check out our Data Protection Officer service (DPOaaS) page
Great Rates | Flexi-Contracts | Veteran Expertise

Subscribe to our Newsletter

-Get Notified of New Posts Like These-


[newsletter]

Subscribe to our Newsletter

-Get Notified of New Posts Like These-


[newsletter]
Go to Top