The Information Commissioner's Office (ICO) has issued fresh guidance urging organizations to “consider workers’ rights” when introducing workplace monitoring tools.
The advisory follows a report that found 70% of the public would find workplace monitoring practices “intrusive”. Almost one-in-five (19%) of respondents told the ICO they believe they have been monitored by an employer at some stage.
The watchdog warned that excessive monitoring can “easily intrude into people’s private lives” and undermine privacy.
“With the rise of remote working and developments in the technology available, many employers are looking to carry out checks on workers,” the ICO said in a statement.
“The ICO has today published guidance to help employers fully comply with data protection law if they wish to monitor their workers.”
The guidance is aimed at employers spanning both the public and private sector, and provides a “clear direction” on how organizations can implement monitoring techniques in a fair and lawful manner.
READ MORE
Monitoring can include tracking calls, messages and keystrokes, webcam footage or audio recordings, or using “specialist monitoring software” to track worker activity, the ICO said.
In addition, the advisory outlines best practice techniques for employers to help “build trust with their workers and respect their rights to privacy”.
This includes informing staff about monitoring practices in a “way that is easy to understand” and ensuring workers are made fully aware of the “nature, extent, and reasons for monitoring”.
The guidance also warns that organizations must have a “lawful basis” for processing workers data - such as consent or legal obligation.
This includes the need for data protection impact assessments, which must be conducted for any monitoring practices that are “likely to result in a high risk” to workers’ rights.
Transparency in workplace monitoring
Emily Keaney, deputy commissioner for regulator policy at the ICO said that while data protection laws permit monitoring, organizations must prioritize privacy and the potential impact on workers.
“As the data protection regulator, we want to remind organizations that business interests must never be prioritized over the privacy of their workers,” she said.
“Transparency and fairness are key to building trust and it is crucial that organizations get this right from the start to create a positive environment where workers feel comfortable and respected."
RELATED RESOURCE
Hybrid work continues to be a prevalent approach. Download this eBook now to learn more about designing workspaces for meaningful work experiences
Ella Bond, senior employment solicitor at Harper James, commended the publication of the guidance, and echoed Keaney’s comments on transparency.
Organizations that fail to communicate with staff could risk harming relationships with their workforce and impact performance and morale.
“It is crucial for employers to strike a balance between managing productivity and performance whilst respecting workers' privacy,” said Bond. “Workers have a legitimate expectation of privacy, even in the course of carrying out their duties.”
“Monitoring should only be undertaken when it is necessary and proportionate, and it should be conducted in a way that respects workers' rights and freedoms. It is essential that employers communicate clearly with their staff about the nature, extent, and reasons for any monitoring activities.
“Employers should have clear signage, procedures and policy documentation in place in order to help them to achieve this.”
Workplace monitoring practices have increased significantly since the onset of the COVID pandemic in 2020 and the subsequent shift to remote and hybrid working practices as employers sought to keep tabs on employee activities.
A 2021 survey conducted by Prospect recorded a sharp rise in cases of webcam and video-based monitoring practices among employers.
At the time, a majority (52%) of employees polled by the firm said they believe monitoring practices should be banned outright, while 28% said more robust regulation of the trend was required.
-
Mandiant CTO says foreign AI models may have improved trust in US developersNews Concerns about enterprise AI deployments have faded due to greater understanding of the technology and negative examples in the international community, according to Mandiant CTO Charles Carmakal.
-
Salesforce wants technicians and tradespeople to take AI agents on the road with themNews Salesforce wants to equip technicians and tradespeople with agentic AI tools to help cut down on cumbersome administrative tasks.
-
ICO admits it's too slow dealing with complaints – so it's eying up automation to cut staff workloadsNews The UK's data protection authority has apologized for being slow to respond to data protection complaints, saying it's been overwhelmed by increased workloads.
-
AI recruitment tools are still a privacy nightmare – here's how the ICO plans to crack down on misuseNews The ICO has issued guidance for recruiters and AI developers after finding that many are mishandling data
-
“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victimsNews Companies need to treat victims with swift, practical action, according to the ICO
-
LinkedIn backtracks on AI training rules after user backlashNews UK-based LinkedIn users will now get the same protections as those elsewhere in Europe
-
UK's data protection watchdog deepens cooperation with National Crime AgencyNews The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
-
ICO slams Electoral Commission over security failuresNews The Electoral Commission has been reprimanded for poor security practices, including a failure to install security updates and weak password policies
-
Disgruntled ex-employees are using ‘weaponized’ data subject access requests to pester firmsNews Some disgruntled staff are using DSARs as a means to pressure former employers into a financial settlement
-
ICO reprimands Coventry school over repeated data protection failuresNews The ICO said the academy trust failed to follow previous guidance, which caused a serious data breach
