CLOSE SEARCH
Monitoring employees can be an essential part of managing a modern workforce, particularly in the context of remote work, health and safety obligations, and performance management. However, English law places clear limits on what employers can do, how they can do it, and how employees must be informed.
Employee monitoring is permitted under English law when carried out in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Human Rights Act 1998. Employers must be able to demonstrate that any monitoring is necessary, proportionate, and serves a legitimate purpose, such as ensuring productivity, protecting confidential information, or safeguarding employee safety.
Transparency is essential. Covert monitoring is rarely justified and generally only lawful where informing employees would prejudice the investigation of serious wrongdoing. In all other cases, employees must be clearly informed in advance about what data is being collected, how it will be used, and their rights.
Employers should set out their monitoring approach in both employment contracts and internal policies. Contracts should reference the employer's right to monitor communications and IT systems, ideally pointing to a separate monitoring or IT usage policy.
That policy should explain the scope and purpose of monitoring, the tools used (e.g. CCTV, tracking software, email review), and how data will be processed, with sufficient detail and clarity. This helps ensure legal compliance and manage employee expectations.
It's also important to ensure you have a record of the employee confirming that he or she has fully read, understood and agreed to the policy.
Monitoring tools now range from basic login tracking to complex behavioural analytics. Used correctly, these can support operational needs—but must be lawful and proportionate.
Monitoring of logins and IT activity is common in remote work settings. Tracking access times or screen use may help identify workflow issues, but over-monitoring can quickly become intrusive.
Email monitoring is very common, particularly in regulated sectors. Employers may lawfully scan for keywords or viruses, or check compliance with internal policies, but real-time monitoring or reading personal content without notice may breach privacy rights. A clear policy is critical, particularly if private use is discouraged or prohibited.
CCTV is lawful when used for security, theft prevention or safety. Using footage for staff performance reviews, however, requires prior notice and specific justification. Employers must avoid monitoring private areas and ensure signage is in place.
GPS tracking of vehicles or devices can help manage logistics or lone-worker safety, but must be limited to work time. Capturing movement during breaks or outside hours risks overreach unless clearly justified and communicated.
Monitoring social media may be appropriate where reputational risk arises or clear links to the business exist, but employers should not seek access to private accounts or require disclosure of passwords.
Monitoring can support productivity goals, but employers must ensure it is proportionate and not oppressive. For example, tracking deadlines or customer response times may be justifiable, whereas recording keystrokes or constant webcam monitoring may cross the line.
Monitoring should not disadvantage employees with disabilities or caring responsibilities. Employers must make reasonable adjustments and avoid applying productivity data in ways that amount to indirect discrimination. Employers should ensure data use does not lead to discriminatory outcomes. For example, punishing staff for taking regular breaks without considering health reasons may breach the Equality Act 2010.
Data gathered through monitoring must only be kept for as long as necessary and used solely for the original purpose. Employers should have clear retention schedules. For example, a clear policy perhaps to delete CCTV after 30 days unless an incident justifies longer storage.
Data should be stored securely, with access restricted to relevant personnel. Repurposing monitoring data for unrelated disciplinary or performance actions without notice may breach data protection principles.
Improper monitoring can lead to claims for unfair dismissal, breach of privacy or discrimination, as well as regulatory investigation by the Information Commissioner’s Office (ICO). Employers also risk reputational damage and the erosion of employee trust.
Examples of outcomes where monitoring has been an issue in legal proceedings between employers and employees include :-
an employee was dismissed after personal emails sent from a work account were accessed without notice. The employment tribunal found the monitoring breached the employee’s right to privacy and rendered the dismissal unfair.
CCTV installed for security in a shop was later used to assess staff performance. The employment tribunal held that this change in use, without prior notification, was unfair and contributed to an unlawful dismissal.
a logistics employer tracked vehicle locations outside of working hours without informing staff. This was found to be excessive and unjustified, breaching privacy expectations and data protection duties.
We advise and assist employer clients on the legal and practical complexities of workplace monitoring, such as :-
Drafting and reviewing contracts and monitoring policies
Advising on lawful monitoring of email, IT systems and surveillance tools
Conducting Data Protection Impact Assessments (DPIAs)
Guidance on performance management and avoiding discrimination risks
Responding to employee complaints, SARs, or ICO enquiries
Defending tribunal claims arising from alleged misuse of monitoring
Get in touch
If you would like to speak with a member of the team you can contact us on:
Partner - Head of Corporate Commercial and Employment
Louisa is a Partner and Head of Department in the Corporate Commercial and Employment departments.
She undertakes a range of commercial work from advising on mer...
