Beware! You may be watched during office hours. As ‘stay at home’ became a general motto, the number of remote workers drastically increased. Yet, privacy and remote work don’t always seem to go hand in hand.
Before 2020, for many employers, work productivity meant as much time as possible spent behind a desk. But now, companies are introducing tracking and monitoring systems to get a clearer picture of the business day.
While employee monitoring is not a new concept, the pandemic turned it into widespread practice, even without people’s knowledge or approval.
So, it’s no wonder that some companies are under fire for violating the General Data Protection Regulation (GDPR) in Europe. The privacy law stipulates clear boundaries and justifiable reasons for any data collection practices. This includes video surveillance or any other tracking mechanism during working hours.
Let’s find out more about remote employee monitoring and the laws protecting privacy at work.
European authorities are investigating illegal employee monitoring
European data protection authorities have started to check worker surveillance violations closely.
For example, the Danish privacy authority issued guidelines explaining how organizations should handle current and former workers’ data.
Recently, the French regulator emphasized an essential rule about the lawful management of privacy issues for remote employees. Workers can’t be under constant surveillance through video cameras or key logger technologies that capture everything they type.
Privacy doesn’t seem to be a given in offices, so European regulators have been quite busy lately. Here are just a few examples of GDPR fines and notices for unlawful employee tracking and monitoring:
- A German electronics retailer was fined $12.6 million for using video surveillance cameras to monitor employees. The company violated the privacy law in the European Union’s 27 countries.
- Another German regulator fined a famous fashion retailer $41 million for collecting personal data from employees, including details about their health and religion.
- UK regulators are investigating a multinational bank after allegations that it used software to monitor individual workers without their knowledge. The UK union described this approach a “dystopian Big Brother tactics.” The company had previously been criticized for installing heat sensors to detect if the staff was at their desks.
- The Norwegian Data Protection Authority has fined a local computer hardware company $24.000. A former employee disclosed that the company activated automatic forwarding of the personal email address to its servers.
Hamburg’s #dataprotection authority slaps €35 million fine on Hennes & Mauritz for unlawful #employee monitoring. @privacylaws have an upcoming series of webinar’s on #Germany‘s data protection law to look at #enforcement and other trends. https://t.co/6g3NoAZmwI— Laura Linkomies (@LauraLinkomies) October 2, 2020
People don’t expect surveillance in the workplace, so companies using video surveillance must justify why this is necessary to avoid GDPR fines.
But these reasons can be tricky. For example, some companies tried to point out that they use cameras to track how goods are stored and sold or whether they are damaged or go missing. Video surveillance isn’t aimed at monitoring staff members.
However, according to EU’s 2019 guidelines on the processing of personal data through video devices:
Video surveillance is not by default a necessity when there are other means to achieve the underlying purpose. Otherwise, we risk a change in cultural norms leading to the acceptance of lack of privacy as the general outset.
The tools used to track workers’ productivity
Way before the pandemic and before GDPR came into force, corporations were using some non-traditional monitoring techniques such as email monitoring and location tracking.
Learn more about how you can protect your privacy when working from home.
Here is what a 2007 survey by the American Management Association showed:
- 66% of employers monitored internet connections;
- 45% tracked keystrokes, content, and time spent at the computer;
- 43% stored and reviewed computer files;
- 10% monitored employee social media accounts.
A 2018 Gartner survey of over 200 companies revealed that more than 50% applied some form of employee tracking, a rise from 30% in 2015.
Initially, organizations with jobs that required physical work, such as in manufacturing and warehouses, were more often employing these invasive techniques. Later, white-collar jobs began to be monitored. But now, advanced software allows companies to assess the workforce faster and in detail.
Since the coronavirus pandemic, more companies have decided to introduce tools to monitor employees’ work.
Some of the most commonly used features are:
- Activity monitoring websites and applications;
- Analytics dashboards showing where time has been spent and if it was productive;
- Regular screenshots and continuous video recording;
- Recording of audio from a device’s speaker and microphone;
- Keystroke logging tracking keystroke across any software application;
- Tools monitoring employees’ email and their activity on social media;
- Systems monitoring online collaboration tools.
Check out the privacy risks of commonly-used work apps.
How do employees feel about having their employer keeping tabs on them?
Research done by YouGov in 2019 shows that two-thirds of employees are uncomfortable knowing their employer takes screenshots and records keystrokes while working from home.
Currently, the UK Information Commissioner’s Office (ICO) plans to clarify workers’ rights about employers collecting data on them while also making sure they can express their opinion about workplace technology.
Yet, with the proper approach, employee surveillance while upholding privacy is possible:
There are some common misconceptions around what employee surveillance and monitoring really mean for the average user. You often hear people say it feels “Big Brother-ish”. No one wants to feel stalked and watched. To address this fundamental gap, I like to lean more towards a culture of transparency, trust, and communication. Why is monitoring important? What good can it do for us all? Imagine decades ago, when physical surveillance cameras started being installed in buildings, elevators, etc. I’m sure it felt a bit uncomfortable at first. But today, we all understand that from robberies and assaults to various criminal activities people are less opposed to being on camera. I appreciate those cameras for my own safety when I am walking alone in a parking garage for example. I think a similar evolution in understanding has to happen with digital surveillance. There is digital criminal activity and these “virtual cameras” serve a purpose when used ethically. I can’t emphasize the importance of that ethical aspect. Ultimately, privacy is a fundamental right of all employees, and upholding that should be a priority for everyone. With careful care and attention, I believe that a healthy balance can be struck between monitoring and respecting privacy.
Dr. Christine Izuakor | CEO of Cyber Pop-up
Get to know Christine Izuakor here.
We need new approaches
Illegal surveillance has grown gradually alongside digital transformations. Remote work just shone a brighter light on the problem, with privacy invasion becoming even more sensitive as the line between work and personal life blurred.
Many managers are now re-thinking their productivity strategies, shifting from ‘I want to see what you are doing’ to ‘I want to see how you are working.’
This new reality of working from home might continue for some time. According to a 2019 report from Buffer, 99% of people would choose to work remotely, at least part-time, for the rest of their careers. This only portrays the future challenges of remote work and its privacy issues.
Here is a positive outlook from Fareedah Shaheed:
Since the pandemic, we’ve seen more companies take up surveillance which has of course sparked more debate on the impact this has on workers. I believe we will see more push for effective laws to protect workers from this type of surveillance. Companies are a reflection of their values, so I also believe we will see some companies start to trust their employees and come up with better ways to manage accountability especially in a remote work environment. However, bigger corporations may be slow to follow and the breakdown in trust and safety will be even more evident.
Fareedah Shaheed | Sekuva
Online Safety Educator, CEO and Founder of Sekuva
Get to know Fareedah Shaheed here.
Laws protecting employee privacy
In the UK and countries subject to Europe’s GDPR, employers must notify the “data subject” — in this case, the employee.
By comparison, there are few legal restrictions preventing surveillance in the US if employees are using a company device or working on a corporate network. The only exceptions are Connecticut and Delaware.
US’s primary workplace privacy employee regulation is the Electronic Communications Privacy Act of 1986. The ECPA allows business owners to monitor employee verbal and written communication if it presents a legitimate business reason.
It also allows for extra monitoring if the employee gives consent. Yet, the ECPA consent can be tricky, as it might empower monitoring employees’ personal communications and business ones. Additionally, several federal court cases ruled that employers are legally authorized to look through employees’ emails after sending them.
That’s because the ECPA defines “electronic communications” as any electronic messages currently in transmission. Upon sending, these transmissions become “electronic storage,” which courts have determined employers can monitor.
Still, it is a privacy regulation that dates back 35 years.
Mitigating trust and ethical boundaries
No one should expect to see employee monitoring vanish for good. But we need consistent and up-to-date privacy laws in that respect. Plus, employees should know and give their consent for such practices.
After all, this is the basic philosophy of a work contract: the employer trusts the employee to do their job, and the employee does it. And productivity can be effectively measured without monitoring tools.
If you want to increase your privacy, use a reliable VPN and protect your digital identity. Also, check out these useful tips on how to avoid being tracked on any device and consider a secure alternative to messaging apps.
Are you wary of corporate surveillance? Do you believe it’s possible for companies to monitor their workforce while respecting their privacy?
Let me know in the comments below.