Tuesday, January 26, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

Workplace Surveillance: Can Companies Keep a Closer Eye on Employees?

Legal Considerations Around Monitoring Staff

by Sarah Pearce
August 7, 2020
in Data Privacy, Featured
Eye symbol in digital background / A concept of virtual reality or internet surveillance

Some larger firms have recently suggested implementing surveillance technologies to more closely monitor employees, particularly as so many are still working from home. Paul Hastings’ Sarah Pearce discusses the legal issues that can arise.

Workplace surveillance has been a topic on the data privacy agenda for some time now, with it being commonplace to monitor staff phone calls and emails – provided it is in compliance with legal requirements. There have been recent developments, however, that suggest a shift toward more intrusive methods of surveillance, including the use of employee webcams and facial recognition software to track when employees are not at their computers.

Research has revealed an increase in such monitoring methods recently, or at least organizations considering their implementation. This trend is seemingly in line with the pandemic forcing more employees to work from home. In the remote-working climate, many firms reportedly feel they no longer have the oversight of employees that they are accustomed to. So far, speculation around the use of such surveillance methods has been confined to traders and front-office staff in certain banks, but it now seems likely that it could be rolled out more extensively. Many may question the legality of such surveillance, but let’s consider the existing rules governing the area.

Untangling Privacy Regulations

From a data-protection perspective alone, there are multiple complex issues. Firstly, such employee surveillance involves the collection of personal data and, notably, biometric data, which falls within sensitive or “special category data,” the processing of which requires an article 9 exemption plus a lawful basis (article 6) in order to be in compliance with General Data Protection Regulation (GDPR).

Of the article 9 exemptions, consent, field of employment and public health necessity appear the most obvious here. Consent is generally not recommended in the employment context given the imbalance of power, so it cannot be seen to be “freely given.” If relied upon as a ground in such context, another option needs to be offered that inherently aims to provide balance. The biggest issue with relying on consent is that it might not be given and, if given, it can be revoked. While not without risk of challenge, the alternative grounds would seem to apply and would indeed be preferable to rely on here.

Moving on to the requirement for a lawful basis for the processing under article 6, two are possible, although we shall discard consent here for the reasons discussed. Legitimate interest is the obvious ground here; organizations will likely be able to identify justifications for conducting such surveillance of its employees. Nevertheless, it would be worth businesses performing and documenting a legitimate interests assessment (LIA), to support any reliance on this ground.

Additionally, a data protection impact assessment (DPIA) would also likely be required, particularly if new technologies are rolled out in order to perform the surveillance of large volumes of special category data.

Businesses deploying such surveillance methods would also need to think about other GDPR principles, such as data minimization – ensuring they only collect and store the data that is necessary – as well as data retention, with considerations around how long the data would be held.

Third-Party Risks

Moving away from the immediate risks of handling sensitive data, use of technology itself may prompt additional considerations or issues. For example, if the technology is provided by a third party, thorough diligence would not only be advised on the technology and its provider, but would also be a legal requirement under GDPR. Security is a key consideration, particularly in view of the data types at play here. The contractual documentation with any such third-party provider would need to include appropriate GDPR provisions and robust warranties with associated liability provisions.

The rollout of any such surveillance technology in the workplace goes beyond data-privacy requirements, however; organizations need to consider employment and health and safety issues too.

Just touching the surface, the rollout of this level of surveillance technology in the workplace is fraught with issues. That is not to say it can’t be done, just that careful consideration needs to be given to ensure it is implemented in a manner that is compliant with legal and regulatory requirements. Some businesses may consider the challenges too difficult and look to other, less intrusive methods to obtain the information they are after. An alternative would be to just stick to old-fashioned methods of trusting employees to do their jobs.


Tags: GDPRmonitoring
Previous Post

DOJ Creates New Burden for Compliance Officers

Next Post

Wage and Hour in the Time of COVID-19

Sarah Pearce

Sarah Pearce is a Partner in the Privacy and Cyber Security Practice of Paul Hastings, heading up the European team from the firm’s London and Paris offices. Sarah covers data privacy and security issues in the UK and across Europe, identifying, evaluating and managing global privacy and information security risks and compliance issues.

Related Posts

digital cybersecurity and network protection

Vetting Vendors’ Cybersecurity

January 26, 2021
illustration of man on ladder with binoculars, 2021 outlook concept

Financial Services Compliance in 2021

January 25, 2021
illustration of mafia man in silhouette with red tie

The Mafia’s Jackpot: How Criminal Organizations are Profiting from COVID-19

January 22, 2021
illustration of videoconference, screen and speech bubbles

New Risks as COVID-19 Forces Rapid Technology Adoption

January 21, 2021
Next Post
illustration of boss cutting worker's paycheck during COVID-19

Wage and Hour in the Time of COVID-19

Access realtime data
Dynamic Risk Assessments with Workiva

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence fcpa enforcement actions financial crime GDPR GRC HIPAA information security internal audit KYC/know your customer machine learning monitoring regtech reputation risk risk assessment Sanctions SEC social media risk supply chain technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights