Businesses monitor employees for a number of reasons. Most commonly, this
is to prevent theft or unauthorised use of business information. But do recent changes made to data protection laws prevent or restrict monitoring taking place?
The short answer is no: the changes do not explicitly prevent employers from monitoring employee activities in the workplace. However, that does not mean it’s open season on employee monitoring.
Before any monitoring system is used, employers need to consider whether the monitoring is necessary and a fair balance has been struck between the identified necessity and the employee’s legal right and expectation of privacy in the workplace.
With the vast array of technologies available to employers to monitor staff, it’s more than likely that personal information collected through monitoring will be subject to data protection legislation.
Employers should observe extra privacy and security obligations with regard to any monitoring which discloses special categories of personal information, for example on an individual’s sexual orientation, race or religious views.
In order to justify monitoring, the employer must always ensure that they are carrying it out for one or more of the following lawful bases:
The performance or preparation of the employment contract
To comply with a legal obligation
The employer or third party has a legitimate interest
To protect the vital interests of an employee or another natural person
For the fulfilment of a task carried out in the public interest or in the exercise of public authority
Generally, before monitoring takes place, the employer should make employees aware of the monitoring and provide them with a privacy notice. This should detail the purpose of the monitoring and how the personal data will be processed.
For example, the privacy notice should include:
Clear and transparent details of when monitoring will take place
For what purposes the monitoring will take place
An explanation of who will carry out the monitoring
How the data will be used
Information of how long the data will be stored
An explanation of the rights of employees in relation to that data
However, there is a limited exception to the rule in relation to covert monitoring. We would recommend that you seek advice about your specific circumstances before carrying this out.
An employer may well have a legitimate interest that needs to be protected, and monitoring may seem like the best way to achieve this.
However, an employer should always assess if their business interest can be protected by any means other than monitoring. If it can, then using legitimate interest as a lawful basis to monitor would not be an available option.
A monitoring policy should explain that the following legal considerations will be taken into account before any monitoring takes place:
The common law duty of mutual trust and confidence
The Investigatory Powers Act 2016
There is no automatic right to monitor employees
Employees have a right to a certain degree of privacy in the workplace
You must be able to justify the need for monitoring by reference to a lawful basis
Extra privacy and security obligations apply to any monitoring which discloses special categories of personal information
Issue privacy notices in advance of monitoring
Review or prepare a monitoring policy