Search

How can we help?

Icon

Can an employer monitor employees at work?

It’s recently hit the news that an employer in Jersey breached data protection requirements when it covertly monitored an employee’s car during working hours after having concerns that the employee was not carrying out their duties.

This brings up the question of whether an employer can lawfully monitor their employee, without their knowledge, if they suspect wrongdoing?

Can employers monitor employees?

It’s worth mentioning at the outset that data protection law does not prevent employers from monitoring workers provided this is done in a way that is compliant with data protection laws and principles. However, there is an emphasis on being open and transparent and, as such, covert monitoring is unlikely to be justified.

Can employers covertly monitor employees?

The ICO have stated that covert monitoring of employees will only be justified in ‘exceptional’ circumstances where it is necessary to prevent or detect suspected criminal activity or, similar wrongdoing, like gross misconduct. In all cases employers will have to justify their decisions and, if there’s a less intrusive way of achieving the ultimate goal then the monitoring will not be lawful.

The ICO provide an example of an employer who discovers that a small number of remote workers started later than their timesheets suggested and, as a result, allows senior management to access automatic webcam images to check if workers are at work. This would likely be unlawful as it is disproportionate.  The employer could have checked the times workers logged onto the computer system instead and given employees the opportunity to explain any discrepancies.

Louise Keenan

Associate

View profile

+44 118 960 4614

Covert monitoring must be targeted to obtain evidence within a set timeframe, limited to the shortest time possible and should not be continued once an investigation is complete.

ICO guidance

The ICO has issued guidance on covert monitoring. It says that employers should have a policy which sets out when covert monitoring may be used.  Monitoring should be authorised by senior management and a data protection impact assessment should be carried out. The employer must be satisfied that there are reasonable grounds for suspecting the criminal activity or gross misconduct and that informing employees about the monitoring would prejudice its prevention or detection.

Covert monitoring must be targeted to obtain evidence within a set timeframe, limited to the shortest time possible and should not be continued once an investigation is complete.

An employer should not use covert monitoring in areas or situations that employees would reasonably consider private, for example CCTV in toilets or monitoring personal emails. This is a more topical point of late with the rise of homeworking where employees have an expectation of privacy in their own homes.

Information obtained through the covert monitoring should only be used for the intended purpose and should be disregarded and destroyed when it is no longer needed unless it reveals something that no employer could reasonably ignore (and which could not be revealed by other means).

The people who are involved in the investigation should be kept limited, with clear rules to limit disclosure of, and access to, information.

Monitoring employees is certainly not popular amongst employees with a recent report commissioned by the ICO finding that 70% of the public would find it intrusive to be monitored by an employer. However, cases like the one in Jersey show that there will be situations where an employer feels, rightly or in many cases wrongly, that covert recording is necessary. Employers should keep in mind that as well as potentially being unlawful, covertly recording employees can have other negative consequences, such as damaging the trust the employee has in the employer and affecting mental wellbeing.

If you any advice in relation to monitoring employees, please do not hesitate to contact a member of the data protection team.

About this article

Disclaimer
This information is for guidance purposes only and should not be regarded as a substitute for taking legal advice. Please refer to the full General Notices on our website.

Louise Keenan

Associate

View profile

+44 118 960 4614

About this article

Read, listen and watch our latest insights

Pub
  • 21 November 2023
  • Privacy and Data Protection

Privacy matters: How the 8 data subject rights protect personal data

In this guide we explore the 8 data subject rights under the UK GDPR and discover how they play a vital role in preserving your organisation’s privacy standards in an increasingly interconnected world.

Pub
  • 21 November 2023
  • Privacy and Data Protection

Overview of Data Subject Access Requests

In recent months, we have witnessed a series of high-profile data breaches that have brought data protection issues to the forefront of the public’s mind and with this comes an increase in Data Subject Access Requests (DSARs).

art
  • 17 November 2023
  • Corporate and M&A

Should AI delete humans out of the legal sphere?

AI could potentially streamline routine legal tasks. However, there are consequences to consider when it comes to AI in the legal sphere.

art
  • 30 October 2023
  • Privacy and Data Protection

New UK-US data bridge for transfers of personal data

A new data bridge, which is an extension of the EU-US Data Privacy Framework (“the DPF”), will enable UK businesses to transfer personal data to certified US organisations without the requirement of having the usual safeguards in place or performing a transfer risk assessment.

art
  • 11 October 2023
  • Privacy and Data Protection

Online Safety Bill set to become law

As part of the government’s manifesto commitments, they promised to introduce a bill that would strengthen online safety in the UK particularly for minors. This commitment has now been met with the introduction of the Online Safety Bill, which has now passed through all the parliamentary stages and is awaiting Royal Assent.

art
  • 19 September 2023
  • Privacy and Data Protection

Organisations’ use of social media: Data protection

Social media applications (or commonly known as ‘apps’) are being developed all the time and we are constantly being introduced to new social media platforms, some of which take almost no time to gain huge popularity.