No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

Workplace Surveillance: Can Companies Keep a Closer Eye on Employees?

Legal Considerations Around Monitoring Staff

by Sarah Pearce
August 7, 2020
in Data Privacy, Featured
Eye symbol in digital background / A concept of virtual reality or internet surveillance

Some larger firms have recently suggested implementing surveillance technologies to more closely monitor employees, particularly as so many are still working from home. Paul Hastings’ Sarah Pearce discusses the legal issues that can arise.

Workplace surveillance has been a topic on the data privacy agenda for some time now, with it being commonplace to monitor staff phone calls and emails – provided it is in compliance with legal requirements. There have been recent developments, however, that suggest a shift toward more intrusive methods of surveillance, including the use of employee webcams and facial recognition software to track when employees are not at their computers.

Research has revealed an increase in such monitoring methods recently, or at least organizations considering their implementation. This trend is seemingly in line with the pandemic forcing more employees to work from home. In the remote-working climate, many firms reportedly feel they no longer have the oversight of employees that they are accustomed to. So far, speculation around the use of such surveillance methods has been confined to traders and front-office staff in certain banks, but it now seems likely that it could be rolled out more extensively. Many may question the legality of such surveillance, but let’s consider the existing rules governing the area.

Untangling Privacy Regulations

From a data-protection perspective alone, there are multiple complex issues. Firstly, such employee surveillance involves the collection of personal data and, notably, biometric data, which falls within sensitive or “special category data,” the processing of which requires an article 9 exemption plus a lawful basis (article 6) in order to be in compliance with General Data Protection Regulation (GDPR).

Of the article 9 exemptions, consent, field of employment and public health necessity appear the most obvious here. Consent is generally not recommended in the employment context given the imbalance of power, so it cannot be seen to be “freely given.” If relied upon as a ground in such context, another option needs to be offered that inherently aims to provide balance. The biggest issue with relying on consent is that it might not be given and, if given, it can be revoked. While not without risk of challenge, the alternative grounds would seem to apply and would indeed be preferable to rely on here.

Moving on to the requirement for a lawful basis for the processing under article 6, two are possible, although we shall discard consent here for the reasons discussed. Legitimate interest is the obvious ground here; organizations will likely be able to identify justifications for conducting such surveillance of its employees. Nevertheless, it would be worth businesses performing and documenting a legitimate interests assessment (LIA), to support any reliance on this ground.

Additionally, a data protection impact assessment (DPIA) would also likely be required, particularly if new technologies are rolled out in order to perform the surveillance of large volumes of special category data.

Businesses deploying such surveillance methods would also need to think about other GDPR principles, such as data minimization – ensuring they only collect and store the data that is necessary – as well as data retention, with considerations around how long the data would be held.

Third-Party Risks

Moving away from the immediate risks of handling sensitive data, use of technology itself may prompt additional considerations or issues. For example, if the technology is provided by a third party, thorough diligence would not only be advised on the technology and its provider, but would also be a legal requirement under GDPR. Security is a key consideration, particularly in view of the data types at play here. The contractual documentation with any such third-party provider would need to include appropriate GDPR provisions and robust warranties with associated liability provisions.

The rollout of any such surveillance technology in the workplace goes beyond data-privacy requirements, however; organizations need to consider employment and health and safety issues too.

Just touching the surface, the rollout of this level of surveillance technology in the workplace is fraught with issues. That is not to say it can’t be done, just that careful consideration needs to be given to ensure it is implemented in a manner that is compliant with legal and regulatory requirements. Some businesses may consider the challenges too difficult and look to other, less intrusive methods to obtain the information they are after. An alternative would be to just stick to old-fashioned methods of trusting employees to do their jobs.


Tags: GDPRMonitoring
Previous Post

DOJ Creates New Burden for Compliance Officers

Next Post

Wage and Hour in the Time of COVID-19

Sarah Pearce

Sarah Pearce

Sarah Pearce is a Partner in the Privacy and Cyber Security Practice of Paul Hastings, heading up the European team from the firm’s London and Paris offices. Sarah covers data privacy and security issues in the UK and across Europe, identifying, evaluating and managing global privacy and information security risks and compliance issues.

Related Posts

origami tiger

Paper Tigers Won’t Protect You: The Reality of Effective NIS2 Compliance

by Hans Kayaert
March 24, 2025

Why Belgium's early adoption model could prevent another round of ‘compliance theater’ across Europe

examining data on laptop screen

Privacy Rights Surge Forces Rethink of Data Management

by Gal Ringel
March 14, 2025

As global privacy regulations multiply, organizations face mounting pressure to efficiently respond to data subject requests amid complex data environments

gdpr website screenshot

In the World of JavaScript, GDPR Consent Forms Merely Scratching the Surface

by Rui Ribeiro
December 16, 2024

Consent forms alone don’t mean much when consumers are so tired of checking boxes they don’t even read the policies

us map black and white

Minnesota Latest State to OK Consumer Data Privacy Law

by Amanda Novak
August 26, 2024

Measure set to go into effect for most covered entities next summer

Next Post
illustration of boss cutting worker's paycheck during COVID-19

Wage and Hour in the Time of COVID-19

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights