The Legal Implications of Employee Surveillance

17th December 2020

The Legal Implications of Employee Surveillance

Working from home has become the norm rather than the exception for many in the UK, posing a very interesting legal question: do employees have the right to privacy when working in their homes, or can surveillance software be legitimately used?

The British public has been advised to work from home for the majority of the year since the outbreak of the Covid-19 pandemic. Today, workers are still being told they should work from home if they “can effectively do so” to limit the spread of the disease.

The impact has been stark. According to the Office for National Statistics, between January and December 2019, around 1.7million said they worked mainly from home, approximately five per cent of the workforce. In the same period, 8.7million said they had worked from home at some stage, still less than 30 per cent of the workforce.

By contrast, in April 2020, 47 per cent of people in employment worked at home at some point.

It’s expected that the pandemic will be the catalyst for lasting change in the workplace culture, even when the vaccine delivers us to some sort of normality next year. Indeed, many large businesses and government offices have already said they will allow, and even encourage, more employees to work from home in the future.

Various studies have suggested no notable difference in productivity as a result of homeworking but, even so, interest in surveillance technologies has skyrocketed. Programmes such as ActivTrak and Sneek have quite far-reaching capabilities to keep track of an employee’s activities during working hours, including monitoring keystrokes, websites visited, taking regular screenshots and even webcam spying.

A poll of 3,000 workers carried out by the Trades Union Congress (TUC) found that 15 per cent of workers have experienced an increase in employer monitoring since the COVID-19 pandemic began in March 2020. Concerningly, less than 31 per cent had been consulted before the monitoring technology was introduced.

Surveillance software is nothing new. Indeed, one large bank was found to have covertly installed heat and motion sensors under employees’ desks. But the fact that the prying is happening within a person’s home raises interesting legal considerations as employers wrestle with the difficult challenge of striking the balance between taking measures to protect the business and respecting the right to private life.

Article 8 of the European Convention on Human Rights provides the right to respect private and family life and correspondence and was incorporated into UK law by the Humans Rights Act 1998.  The question is, how can this be reconciled with employee surveillance in their private homes?

Where there is an interference with an employee’s right to respect of private life, the measures taken should be necessary and proportionate to a legitimate aim. Some employers’ legitimate aims in this context might include assessing an employee’s productivity and performance, reducing the risk of misconduct, limiting the business’ exposure to liabilities, and protecting confidential information of the business.

Monitoring an employee’s use of the employer’s equipment, such as a laptop, would likely be justified and proportionate and raise a lower expectation of privacy than monitoring by video surveillance at all hours of the day. Covert surveillance is rarely likely to be necessary or proportionate.

There is no law in the UK which specifically governs monitoring of employees. The legislative framework has developed alongside the improvements in technology.

General Date Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA 2018)

  • As electronic surveillance of employees at home involves the processing of personal data, this is regulated by the General Date Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA 2018).
  • In order to be compliant with the GDPR, employers must establish a legal basis for monitoring employees and processing their personal data. As consent is rarely an appropriate legal basis for processing employee data, employers will have to rely on the ‘legitimate interests’ basis for monitoring employees. It is therefore recommended that a legitimate interest assessment (LIA) is carried out to meet obligations under the GDPR principle of accountability.
  • Under the GDPR, employers must also carry out data protection impact assessments (DPIAs) where “a type of processing in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons”. Employee monitoring is likely to amount to "high risk" processing so a DPIA should be completed. The DPIA should set out why the monitoring is proportionate and necessary.
  • Employers must inform their employees of any data processing under the GDPR in order to ensure that data is processed in a lawful, fair and transparent way. Information provided should be detailed and include what data will be obtained, why, how, and who it will be disclosed to.


Investigatory Powers Act 2016 and the Investigatory Powers (Interception of Businesses etc. for Monitoring and Record-keeping purposes) Regulations 2018 (SI 2018/356)

  • The Investigatory Powers Act 2016 and the Investigatory Powers (Interception of Businesses etc. for Monitoring and Record-keeping purposes) Regulations 2018 (SI 2018/356) govern the interception of electronic communications, making it an offence to intentionally intercept any communication in the course of its transmission without lawful authority.
  • In brief, intercepting is making the communications available whilst it is being transmitted, to a person other than the recipient or the sender. This also includes recording the communication for later use.
  • In order to be lawful, “the interception must be effected by or with the express consent of a person who has the right to control the operation or use of the telecommunication system by means of which the communication is being transmitted.” 
  • Consent for the monitoring of phone calls should be obtained from employees and customers/clients.

Duty of mutual trust and confidence

  • The duty of trust and confidence implied into an employee’s contract of employment may also be relevant. Research by the Chartered Institute of Personnel and Development (CIPD) suggests that workplace surveillance can damage trust. It is easy to see how being monitored at home could have a negative impact on an employee’s mental health. Employers should consider the duty of care they owe to employees before putting any measures in place and consider their employees’ health and wellbeing. If an employee feels that there has been a breach of the implied term of mutual trust and confident, they could resign and make a claim for constructive unfair dismissal.

Discrimination under the Equality Act 2010

  • Employers should unsure that they are not unfairly targeting certain employees with monitoring measures, as this could result in a claim for unlawful discrimination under the EqA 2010.

Advice to Employers

  • In order to find the right balance and not infringe on employees’ rights under Article 8 ECHR and the legislative framework in the UK, it is recommended that employers: establish a legitimate reason for any monitoring or surveillance of employees at home and carry out an LIA.

The working world has changed and employers may well find that, into 2021 and beyond, the best candidates for a role may well expect to work from home at least part of the time. Business owners will naturally want some reassurance that the time they are paying for is being used responsibly and, perhaps, in some cases surveillance software will offer that.

But employers must be sure their actions are proportionate and, most importantly, legal.

Our team of experts at Higgs & Sons can offer help and guidance where required. 


Other news

Contact us

3 Waterfront Business Park
Brierley Hill
West Midlands, DY5 1LX

Call Us: 0345 111 5050


Keep up to date with all the latest here.

Higgs & Sons is authorised and regulated by the Solicitors Regulation Authority number 51162.