ICO Guidance: Lawful Monitoring in the Workplace

The ICO has this week released guidance in relation to monitoring in the workplace after research commissioned by the ICO revealed that 70% of the public would find it intrusive to be monitored by an employer.

Legal obligations including those under data protection law must be complied with as well as employee’s rights considered before employers opt for monitoring.

The new guidance is aimed at employers who have decided to opt for monitoring, and assists with

  • providing greater regulatory certainty;
  • protecting workers’ data protection rights; and
  • helping employers to build trust with workers, customers and service users.

Throughout the guidance the ICO offers advice on what employers must do, should do, and could do to comply, and is useful for employers of all types of businesses.

Monitoring employers can be for a variety of reasons which might include meeting regulatory obligations, health and safety or security, but increasingly data analytics are being used to monitor and make inferences about performance and wellbeing.

The guidance is also very useful for those who employ homeworkers, or for those who work in the home, such as cleaners and nannies, as any monitoring must not intrude excessively into private life. This can present more of a difficulty where employees work from home, as the guidance introduction says, “It is not always easy to distinguish between workplace and private information, especially when workers are based at home. Some workers may also use personal devices for work”. Monitoring must be appropriate, so requiring workers to have their camera on may be deemed excessive, but recording the time that they logged into the work computer system is likely to be within reason.

To lawfully collect and process information from monitoring workers, you must identify a lawful basis. There are six to choose from and you must identify at least one that is appropriate for the type of processing you intend to do. These include consent, contract, legal obligation, vital interest (e.g. in a matter of life and death), public task and legitimate interest.

If you wish to cite legitimate interest, there is then a three-part test to consider:

  • Purpose test– is there a legitimate interest behind the processing?
  • Necessity test– is the processing necessary for that purpose?
  • Balancing test– is the legitimate interest overridden by the person’s interests, rights or freedoms?

If the data that you wish to monitor includes any Special category data (e.g. personal information revealing or concerning a number of specific data including race, political and religious beliefs, health, biometric data and more) there are further obligations to consider.

Posted on 10/05/2023 by Ortolan

Get in Touch

If you would like to know more about Ortolan Legal and how we can help you reduce your ongoing recruitment costs, get in touch!

Email us now

   Or call 020 3743 0600

I’m delighted to recommend Ortolan Legal. They have provided us with excellent commercial advice at very competitive rates.

Alan Halsall, Chairman Silver Cross
See All
Receive news & updates from Ortolan Legal

Meet the Team

  • Nick Benson Nick Benson I qualified as a commercial and corporate solicitor…
  • Liz Delgado Liz Delgado I qualified as a solicitor in 1995 after studying…
  • Carrie Beaumont Carrie Beaumont I qualified as an Employment specialist in 2008. I…