ICO publishes guidance on monitoring workers


2 mins

Posted on 17 Oct 2023

ICO publishes guidance on monitoring workers

The Information Commissioner’s Office (ICO) has published new monitoring guidance to help employers comply with the UK General Data Protection Regulation and the Data Protection Act 2018. The guidance follows on from its public consultations.

Workplace monitoring is a sensitive area, with the ICO’s research revealing that 70% of the public would find it intrusive to be monitored by an employer. The research also revealed that almost one in five people believe they have been monitored by an employer, and fewer than one in five would feel comfortable taking a new job if they knew their employer would be monitoring them. Employers must therefore consider their legal obligations and their workers’ rights before implementing any monitoring in the workplace.

What the guidance contains

The ICO explains that with the increase in remote working and developments in technology, many employers are seeking to carry out checks on their workers. Monitoring can include tracking calls, messages and keystrokes, taking screenshots, webcam footage or audio recording, as well as using specialist monitoring software to track activity.

If seeking to use such measures, any processing must be lawful in the first place and staff must be made aware of it. The ICO’s guidance outlines necessary steps to take, including:

  • Making workers aware of the nature, extent and reasons for monitoring
  • Having clearly defined purpose and using the least intrusive means to achieve it
  • Having a lawful basis for processing workers' personal data
  • Telling workers about any monitoring in a way that is easy to understand
  • Only keeping information relevant to the purpose
  • Carrying out a Data Protection Impact Assessment for any monitoring that is likely to result in a high risk to workers' rights.

Following these steps does not automatically mean that monitoring will be lawful, but it will help determine whether organisations have a lawful basis for monitoring in the first place, and mitigations they can apply to minimise the data privacy risks for individuals. The ICO is clear that any monitoring undertaken must be necessary, proportionate and respect the rights of workers, and it will take action if it believes people’s privacy is being threatened.

If you are considering implementing monitoring in the workplace, the ICO’s guidance contains helpful practical advice and checklists. Legal advice should also be sought. Please contact our Data Privacy team for further information.

You can view the ICO monitoring guidance here.

Piers Leigh-Pollitt

Piers advises a mixture of corporates and individuals on a wide range of HR/employment law matters and data protection issues (mainly from an HR perspective). Piers is also the firm’s internal compliance officer and handles all regulatory and internal compliance matters. He also heads up the firm's Data Privacy team and holds the Practitioner Certificate in Data Protection (GDPR).

  • Partner & Compliance Officer for Legal Practice
  • T: +44 (0)118 951 6761
  • Email me

View profile

Mike Hibberd

Mike is an employment and data privacy law expert advising both organisations and senior individuals on a wide range of human resources and related issues.

  • Legal Director
  • T: +44 (0)118 951 6765
  • Email me

View profile

The articles published on this website, current at the date of publication, are for reference purposes only. They do not constitute legal advice and should not be relied upon as such. Specific legal advice about your own circumstances should always be sought separately before taking any action.

Back to top