Ducks overlooking outside scenery on bridge.
  1. Home >
  2. Snapshots >
  3. Data protection >
  4. >
  5. ICO publishes guidance to ensure lawful monitoring in the workplace

SHARE:

ICO publishes guidance to ensure lawful monitoring in the workplace

Published on 11 December 2023

The question

How can employers monitor their workers whilst maintaining their trust and complying with data protection regulation?

The key takeaway

On 3 October 2023, the UKs Information Commissioners Office (ICO) issued new guidance – “Employment practices and data protection: monitoring workers (the Guidance) - to help businesses interpret the law on monitoring in the workplace. The Guidance aims to provide employers with greater certainty, to protect employees data protection rights and help employers build trust with their employees, service users and customers.

The background

The Guidance replaced the Employment Practices Code of 2011 and was published after a 3-month consultation period. The consultation revealed that almost one in five people feel like they are being monitored and 70% of the public would find it intrusive for their employers to monitor them.

The issuing of the Guidance comes in response to an increasing number of businesses implementing new technologies to monitor their workers since a rise of remote working following the Covid-19 pandemic. The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA) do not prohibit business from monitoring their workers using new technologies but highlights that they must do so without infringing their privacy rights as well as having lawful grounds to do so.

The development

The Guidance focusses on how employers can apply best practice and remain transparent and fair while monitoring their workers. Monitoring can take many forms, including tracking the workers keystrokes and calls, taking screenshots, recording webcam footage and audio recordings, or using new technology which monitors and tracks activity.

When identifying whether a lawful ground for monitoring a worker applies, the ICO encourages business to thinks about why they want to monitor the workers and document all the grounds that apply. They do not suggest having a one-size fits all policy. The ICO states that monitoring workers under the legitimate interests ground is the most flexible basis and could apply in a wide range of circumstances. This entails monitoring workers where it is necessary for the business own legitimate interests or those of a third party.

The Guidance also reflects on new tools and technologies, as well as the potential of AI. It discusses automated monitoring tools, meaning those that do you not use any human involvement. Uses include those for security purposes, managing workers performance and monitoring attendance and sickness, for example if a worker is away from their desk.

The Guidance also looks at biometric data, being someones unique personal data, including fingerprints, iris scanning, retinal analysis and facial/voice recognitions. This type of data is unique under data protection law as its status can change depending on the use of it. For full coverage on the ICOs draft guidance on biometric data and biometric technologies, see our Autumn 2023 edition of Snapshots.

Why is this important?

Non-compliance with data protection regulation can have wide ramifications. The Guidance shows how the ICO expects companies to comply and provides a frame of reference for businesses that do want to monitor their employees.

Any practical tips?

The Guidance is particularly helpful for its wide range of examples throughout, which companies and individuals are encouraged to review and compare to their own practices to ensure they any monitoring of employees is conducted lawfully. There are also a useful set of baseline checklists at the end of the Guidance.

Winter 2023