After a period of consultation, and in response to rapidly changing work practices following the Covid pandemic, the ICO has issued new guidance on monitoring in the workplace. The ICO refers to “workers” in its guidance and places workplace monitoring in the broad context of any relationship between an organisation and an individual where the individual carries out work for the organisation. While noting that data protection law does not prevent workplace monitoring, the ICO makes it clear that monitoring must be necessary, proportionate and respect the rights and freedoms of workers.
The guidance is informed by recent survey results which showed that 70% of workers consider any form of workplace monitoring to be intrusive and have a higher expectation of privacy in their home than they would in the office or other workplace. A DPIA would be required where the monitoring is likely to present a high risk for the interests of workers and a number of examples are set out, including the tracking of biometric data, keystroke monitoring and any monitoring that may result in financial loss (e.g., performance management).
Employers who use monitoring to make automated decisions also need to ensure transparency by giving workers “meaningful information about the logic involved, as well as the significance and the envisaged consequences” of the processing.
Organisations relying on biometric data for workspace access controls should provide an alternative for those who do not want to use biometric access controls, such as swipe cards or PIN numbers.
You can read the guidance in full here.
If you would like any assistance in relation to workplace monitoring arrangements, please get in touch with your usual contact, or email email@example.com