ICO Guidance: Lawful Monitoring in the Workplace

The ICO has this week released guidance in relation to monitoring in the workplace after research commissioned by the ICO revealed that 70% of the public would find it intrusive to be monitored by an employer.

Legal obligations including those under data protection law must be complied with as well as employee’s rights considered before employers opt for monitoring.

The new guidance is aimed at employers who have decided to opt for monitoring, and assists with

  • providing greater regulatory certainty;
  • protecting workers’ data protection rights; and
  • helping employers to build trust with workers, customers and service users.

Throughout the guidance the ICO offers advice on what employers must do, should do, and could do to comply, and is useful for employers of all types of businesses.

Monitoring employers can be for a variety of reasons which might include meeting regulatory obligations, health and safety or security, but increasingly data analytics are being used to monitor and make inferences about performance and wellbeing.

The guidance is also very useful for those who employ homeworkers, or for those who work in the home, such as cleaners and nannies, as any monitoring must not intrude excessively into private life. This can present more of a difficulty where employees work from home, as the guidance introduction says, “It is not always easy to distinguish between workplace and private information, especially when workers are based at home. Some workers may also use personal devices for work”. Monitoring must be appropriate, so requiring workers to have their camera on may be deemed excessive, but recording the time that they logged into the work computer system is likely to be within reason.

To lawfully collect and process information from monitoring workers, you must identify a lawful basis. There are six to choose from and you must identify at least one that is appropriate for the type of processing you intend to do. These include consent, contract, legal obligation, vital interest (e.g. in a matter of life and death), public task and legitimate interest.

If you wish to cite legitimate interest, there is then a three-part test to consider:

  • Purpose test– is there a legitimate interest behind the processing?
  • Necessity test– is the processing necessary for that purpose?
  • Balancing test– is the legitimate interest overridden by the person’s interests, rights or freedoms?

If the data that you wish to monitor includes any Special category data (e.g. personal information revealing or concerning a number of specific data including race, political and religious beliefs, health, biometric data and more) there are further obligations to consider.

Posted on 10/05/2023 by Ortolan

Get in Touch

If you would like to know more about Ortolan Legal and how we can help you reduce your ongoing recruitment costs, get in touch!

Email us now

   Or call 020 3743 0600

I have worked with Ortolan Legal since 2010 and used their services extensively. They have provided corporate and commercial legal advice and we have also drawn on their capability in the areas of employment law, dispute resolution and property law. What makes them so different is their ability consistently to deliver commercially focussed and high quality advice at a price point which simply cannot be matched by other law firms. They aim to strip out unnecessary overhead costs, concentrate on the quality of their core service and pass on these cost savings to their clients. It works.

Charlie Blackburn, Entrepreneur and co-founder of Brighttalk
See All
Receive news & updates from Ortolan Legal

Meet the Team

  • Nick Benson Nick Benson I qualified as a commercial and corporate solicitor…
  • Liz Delgado Liz Delgado I qualified as a solicitor in 1995 after studying…
  • Carrie Beaumont Carrie Beaumont I qualified as an Employment specialist in 2008. I…