COVID-19: Fast-forward to a new era of employee surveillance
With remote working becoming the new normal for many workers, it is surely the case that many employers are anxious to ensure that their employees are putting in full working days. Companies are likely to be investing in and deploying digital technologies for tracking employee performance much more than before the pandemic. The pervasiveness of new digital technologies – whether for working remotely or in the workplace – has raised a host of new issues and concerns around privacy and data protection as well as work organisation, control and autonomy. When it comes to tracking what employees are doing, there is a balance to be struck between the legitimate business interests of the employer and employees’ right to privacy.
Remote working and the rise of employee monitoring
Digitally enabled employee monitoring is likely to become more commonplace as remote working becomes more widespread. Employers will deploy it in order to simulate the control that exists in the workplace. Employees will accept it as the necessary price for the flexibility to work from home or elsewhere.
The need for remote work during the COVID-19 crisis has created a new market for surveillance software that, for instance, monitors the computer-based activities of employees or takes webcam shots of them at regular intervals, keeping tabs on their availability and presence in front of their computers. Such monitoring practices may infringe on workers’ privacy rights and raise concerns about workers’ ability to give consent to or opt out of being monitored. While national legislation might require employers to obtain employees’ consent, that consent can hardly be meaningful given the imbalance of power in the employment relationship. Additionally, milestone judgements on employee monitoring issued by the European Court of Human Rights have shown again and again that the right to respect for one’s private and family life granted by Article 8 of the European Convention on Human Rights extends to the employment context and that the employer should minimise surveillance where possible, by using the least intrusive methods.
An important aspect is the balance between the employer’s legitimate interest and the privacy rights of employees. Although employers may think it legitimate to monitor employees working remotely, there is a risk that the boundary between what is permissible and what is acceptable is crossed. Any intrusive and privacy-invasive employee monitoring – whether within the workplace or outside – may increase compliance in the short term but does not pay off in the longer term. It undermines employees’ autonomy and possibly adds to the intensity and stress of work. Worse, it erodes trust, the core of the psychological contract between workers and employers.
Regulations out of step with technological change?
Recent technological developments have raised the bar for national and European legislators, who are now confronted with a new and ever-evolving set of issues around privacy, data protection and ethics arising from the use of digital employee monitoring.
Most Member States’ legislation follows a technologically neutral approach, setting general rules of wide applicability that, at least in principle, cover all types of monitoring and processing. This is also the approach of the European General Data Protection Regulation (GDPR), which is recognised globally as the blueprint for data protection and an important step forward in preserving digital privacy. The GDPR leaves questions of personal data processing in the employment relationship to individual Member States, so there is a pressing need for them to build upon it and modernise national regulatory frameworks with a view to addressing the challenges posed by digitally enabled employee monitoring.
Some Member States have taken steps in this direction. Spain’s Organic Law 3/2018 on the protection of personal data introduces the concept of ‘digital rights’, which establishes the right for employees to disconnect at the end of their working day and sets limits on the use of digitally enabled monitoring. Recently amended French and Portuguese data protection Acts now regulate some new forms of employee monitoring, for example those involving biometric access-control devices. Many national regulatory frameworks appear to be out of step with technological change, however, and need to be made more robust and future-proofed.
Risks for the future
Many digital technologies and devices have been introduced during the pandemic, not only for monitoring the performance of remote workers but also for health reasons. Touchless biometric-based systems and wearables reminding workers of social distancing guidelines have been useful in helping to limit the spread of the COVID-19 virus. Public attitudes to these and other privacy-intrusive digital devices may already be changing. Microchip implants are beginning to replace credit cards, cash and key cards to access offices and buildings in some countries, including the high-trust society of Sweden, in a bid to contain the virus.
As online citizens, we are all too used to accepting cookies, giving consent to agreements we do not even read, and giving away personal data in return for free online services such as web search, email and social media. In doing so, we agree to be identified and monitored. This information is then used by large corporations to influence our behaviour, notably via advertising.
What has happened already to us as web users may increasingly apply in the workplace. Intrusive employee monitoring may become normalised and the enmeshing of private and work life accepted as an inevitability. Not least, once digital technologies are introduced in the workplace, initially for purposes other than performance monitoring, their use is legitimised and can be extended to less benign use. It is then more difficult to find a way back.
- Publication: Employee monitoring and surveillance: The challenges of digitalisation
- Working paper: Teleworkability and the COVID-19 crisis: a new digital divide?
Image © fizkes/Adobe Stock
Il est possible que des recherches effectuées avant le retrait du Royaume-Uni de l’Union européenne le 31 janvier 2020 et publiées après cette date incluent des données relatives aux 28 États membres de l’UE. À compter de cette date, les recherches ne porteront, sauf indication contraire, que sur les 27 États membres de l’UE (UE-28 moins le Royaume-Uni)