ICO Launches New Workplace Monitoring Guidelines
In October 2023, the Information Commissioner’s Office (ICO) published a new workplace monitoring guidance. This came following the aftermath of COVID-19, as remote working increased, and employers wanted to check on their employees.
Below, we explore the ICO’s legal monitoring guidance and outline the key points that should be taken from it. Then, we answer some of the frequently asked questions concerning workplace monitoring.
If you have any further questions or believe your employer is breaching your rights through their monitoring, contact us now. Redmans Solicitors are employment law specialists with years of experience and could advise you on how to proceed.
Begin your journey with us today by:
Why has the ICO Published Their Guidance?
Research conducted by the ICO highlighted that 70% of respondents felt workplace monitoring by their employer was intrusive. Furthermore, 19% believe they’ve been monitored, whilst only the same number would take a new job knowing it would occur.
Despite this, monitoring is on the rise as employers want to keep tabs on their remote-working employees. As such, the ICO has provided guidance for employers, outlining how they should go about such monitoring. Overall, the guidance focuses on legal monitoring and remaining compliant whilst meeting employers’ goals, being transparent and considering employees’ rights.
ICO Workplace Monitoring Guidance – Key Takeaways
As mentioned, the ICO guidance focuses on how employers can monitor employees whilst respecting their rights and remaining legally compliant. Below, we explore some key takeaways from the guidance and essential points individuals should examine.
Firstly, employers must consider Article 8 of the European Convention on Human Rights when monitoring employees. That’s because, under Article 8, individuals have a right to “respect for private and family life”. As such, employers should carefully deliberate remote monitoring methods, as they will likely differ from those implemented in the office.
Moving on, the ICO guidance highlights the six lawful bases for employee workplace monitoring. These are consent, contract, legal obligation, vital interest, public task and legitimate interest. To proceed with monitoring, at least one of these must be identified. Should more than one be identified, that would be a bonus, but accuracy in selecting the right one is essential.
Yet, further precautions must be taken if the monitoring concerns ‘special category data’, like someone’s religious belief. That’s because this information is more sensitive than regular personal data, meaning it requires better protection. Therefore, workplace monitoring concerning such data can only proceed if the employer can also identify a special category processing condition.
Furthermore, employers are encouraged to carry out a Data Protection Impact Assessment (DPIA). Under circumstances where monitoring presents a high risk to individuals, undertaking a DPIA is a legal requirement. Having said that, it’s advisable to do a DPIA regardless, as it helps employers proceed with compliant legal monitoring.
Another key takeaway concerns employers ensuring they protect employees’ personal data adequately and only keep it for the necessary period. Supposing a data breach occurs or an employer has kept employee data for an unreasonable period, they could face legal action.
Additionally, the ICO explains that employers should be transparent with their employees concerning workplace monitoring. By explaining how and why monitoring will occur, employees will have greater trust and confidence in their employer. There may be occasions where ‘covert monitoring’ happens, like attempting to detect a thief, but these would be exceptional circumstances.
Finally, employers should consider fairness. By that, employers should only justifiably monitor employees. For example, if employee attendance can be tracked through productivity tools, more intrusive methods, like keystroke monitoring, may be unjustifiable.
Workplace Monitoring Frequently Asked Questions (FAQs)
Can Employers Monitor Calls?
What About Emails or Messages?
Employers can monitor company emails and business instant messaging applications, but they must first take steps. This includes assessing whether the monitoring will be necessary and proportionate, informing employees about it, completing a DPIA and finding a lawful basis. They must also notify employees about such monitoring before it occurs, such as in a workplace policy.
Are Employers Able to Utilise Video Surveillance?
Like emails, employers must conduct a DPIA, consider the necessity of such monitoring, inform employees about it and find a lawful basis before proceeding. However, if video surveillance has the potential to capture third parties, they must also be informed of its use.
Can They Monitor a Device’s Activity?
To be clear, this type of monitoring could include tracking website browsing, use of applications, and screen captures. Again, employers could monitor this, but several criteria must be met. First, the employer must be positive that no less intrusive method is available.
What’s more, the employer must be able to identify a lawful basis and, where applicable, a special category condition. Employers must also inform their employees about it and conduct a DPIA. Plus, to avoid accidentally collecting unnecessary data, employers could ban the private use of work devices.
In conclusion, the ICO workplace monitoring guidance pays particular attention to employers remaining legally compliant and being transparent with employees. Considering the steps above will help employers avoid claims being made against them and improve working relationships with employees while achieving their goals.
If you have any questions about workplace monitoring or believe your rights have been breached, contact us today. Redmans Solicitors can discuss your circumstances and discover your eligibility to claim compensation. Get in touch with us now by: