Skip To The Main Content

Keeping tabs: How to monitor your employees


By Amanda Boyd, Professional Support Lawyer at FSB Legal

Businesses monitor employees for a number of reasons. Most commonly, this 
is to prevent theft or unauthorised use of business information. But do recent changes made to data protection laws prevent or restrict monitoring taking place? 

The short answer is no: the changes do not explicitly prevent employers from monitoring employee activities in the workplace. However, that does not mean it’s open season on employee monitoring.

Before any monitoring system is used, employers need to consider whether the monitoring is necessary and a fair balance has been struck between the identified necessity and the employee’s legal right and expectation of privacy in the workplace. 

How will data protection legislation affect monitoring?

With the vast array of technologies available to employers to monitor staff, it’s more than likely that personal information collected through monitoring will be subject to data protection legislation. 

Employers should observe extra privacy and security obligations with regard to any monitoring which discloses special categories of personal information, for example on an individual’s sexual orientation, race or religious views.

Is the monitoring necessary?

In order to justify monitoring, the employer must always ensure that they are carrying it out for one or more of the following lawful bases:

 The performance or preparation of the employment contract
 To comply with a legal obligation
 The employer or third party has a legitimate interest
 To protect the vital interests of an employee or another natural person
 For the fulfilment of a task carried out in the public interest or in the exercise of public authority

Can I covertly monitor my employees?

Generally, before monitoring takes place, the employer should make employees aware of the monitoring and provide them with a privacy notice. This should detail the purpose of the monitoring and how the personal data will be processed.

For example, the privacy notice should include:

 Clear and transparent details of when monitoring will take place
 For what purposes the monitoring will take place
 An explanation of who will carry out the monitoring
 How the data will be used
 Information of how long the data will be stored 
 An explanation of the rights of employees in relation to that data

However, there is a limited exception to the rule in relation to covert monitoring. We would recommend that you seek advice about your specific circumstances before carrying this out. 

Can I always use legitimate interest as a lawful basis to monitor?

An employer may well have a legitimate interest that needs to be protected, and monitoring may seem like the best way to achieve this.

However, an employer should always assess if their business interest can be protected by any means other than monitoring. If it can, then using legitimate interest as a lawful basis to monitor would not be an available option. 

Are there any other legal rights which apply to monitoring?

A monitoring policy should explain that the following legal considerations will be taken into account before any monitoring takes place: 

 The common law duty of mutual trust and confidence
 The Investigatory Powers Act 2016

 The Investigatory Powers (Interception by Businesses etc. for Monitoring and Record-keeping Purposes) Regulations 2018
 The Human Rights Act 1998

At a glance

 There is no automatic right to monitor employees
 Employees have a right to a certain degree of privacy in the workplace
 You must be able to justify the need for monitoring by reference to a lawful basis
 Extra privacy and security obligations apply to any monitoring which discloses special categories of personal information
 Issue privacy notices in advance of monitoring
 Review or prepare a monitoring policy