Who’s watching us while we WFH? The pitfalls of monitoring a remote workforce

Working from home

As the worst of the covid-19 heath crisis appears to be behind us at last and we begin to take our first tentative steps out of lockdown, thoughts have turned to the economic consequences of the pandemic.

These have been stark, with the UK government’s furlough scheme supporting over 8 million workers and thousands more left unemployed. Many of us who are usually office-based have been working from home, and this is likely to continue for the foreseeable future.

In the legal profession, individuals have worked from home on a temporary or part time basis for many years, but it has still been a huge culture shock for entire firms to be working from home indefinitely. Technology is certainly playing its part, with video calling via Zoom or Teams increasingly becoming a part of our daily routines.

This has led many professionals to consider alternatives for their working arrangements like moving permanently to a new home (and office) abroad. Destinations like Spain prove to be very lucrative to UK citizens even post-Brexit, as the value and cost of buying a property in Spain is quite good.

As well as individuals getting used to working remotely, managers are finding new and sometimes controversial ways of supervising their teams.

Here technology is again playing a role. New tools such as ‘Sneek’, which can be set to automatically take photos of employees using their webcam every five minutes, have been in the news, with concerns raised about the potential for spying on employees. I don’t want to comment on the merits or otherwise of any particular application, but it got me thinking about the legal issues raised by the use of technology to monitor employees working remotely.

In person monitoring of employees as they work has always been a feature of the workplace. In recent years, this has increasingly been supplemented by automatic monitoring using technology, such as measuring internet usage and telephone calls.

As technology improves, these tools have become ever more sophisticated. Earlier this year (but what already feels like an age ago), Barclays faced a backlash when it was revealed that the bank was using software known as ‘Sapience’ to monitor activity and send alerts when employees were inactive for a period of time.

Following criticism from staff, the bank announced it was scrapping the software. Ironically, Barclays has since been in the news saying that big offices ‘may be a thing of the past‘.

The reason automated monitoring tools are controversial is that they can be much more intrusive than monitoring in person, and that can affect the privacy of employees. Human rights law gives all individuals a right to privacy, and that right extends to the workplace.

But it is not an absolute right, and may be overridden where it is necessary, proportionate and in accordance with the law to do so. Obviously, employers have a good reason to want to know what their employees are doing, to ensure that work is being done appropriately, meeting quality standards and time limits. So there is a need to balance the rights of the individual to privacy with the rights of the employer.

Exactly where the line is drawn remains a contentious area and there have been a number of court cases that have explored the boundaries of privacy and the world of work. In the Bărbulescu case, the European Court of Human Rights ruled that the right to privacy extended to the workplace.

Mr Bărbulescu had been sacked from his job after his employer had monitored his electronic communications and found that he had been using it for personal messages, in breach of the company’s IT policy. He appealed against his dismissal but lost in the Romanian courts, so took his case to the European Court of Human Rights.

The court ruled that Mr Bărbulescu did have a right to privacy in work, and that this right should only be overridden when there is compelling grounds to do so.

Data protection law contains obligations on employers, and rights for individuals, in relation to information collected about members of staff. This includes data obtained via automated monitoring systems. Employers need to consider carefully any systems that automatically monitor their staff, to ensure that they collect only the information needed.

Information needs to be handled appropriately, access limited to only those who need to know and kept securely. Without these appropriate safeguards, there is always a danger that appropriate monitoring will tip into unjustified and intrusive surveillance.

Employers wishing to monitor their staff whilst they are working remotely need to carefully consider these issues. Just because a technological solution exists, it doesn’t mean that it is automatically appropriate to use it. And any automated monitoring solution for home-workers could intrude into individuals’ domestic life as well as their working life, which magnifies the risks to privacy.

For instance, it is hard to see how remotely accessing a webcam in an employee’s home could ever be justified for monitoring purposes. So, employers will need to consider the utility of the solution and balance it against the potential negative impact on individuals.

One of the best ways to do so would be through a data protection impact assessment, a type of risk assessment that is designed to address these specific issues.

Finally, employers should not neglect any potential impact on staff morale. Working remotely certainly has its challenges and employers will naturally want to ensure that productivity isn’t lost. But over-zealous monitoring could lose trust and alienate employees which, in the long run, isn’t going to be good for any business.

Jon Belcher

Jon Belcher

Jon Belcher is a specialist data protection and information governance lawyer at Excello Law.
Jon Belcher


Jon Belcher is a specialist data protection and information governance lawyer at Excello Law.