The Information Commissioner’s Office has bowed to pressure over the rise of workforce snooping after confirming that it will update its Employment Practices Code to develop new guidance.
This move follows an calls by the Labour Party and trade union bosses for stronger regulation of the technology, amid claims that firms are using coronavirus as a cover to snoop on workers and unfairly punish those deemed to be slacking.
The TUC has cited research which shows that one in five companies has admitted that they have either installed the technology to snoop on staff already or are planning to.
Earlier this week, TUC general secretary Frances O’Grady said: “Worker surveillance tech has taken off during this pandemic as more people have been forced to work from home. We know many employers are investing in tech to micro-manage workers and automate decisions about who to hire, and who to let go.
“Staff must be properly consulted on the use of surveillance at work and protected from unfair management by algorithm. As we emerge from this crisis, technology must be used to make working lives better — not to rob people of their dignity.”
In a blog post, Mishcon de Reya data protection officer Jon Baines said: “The current Employment Practices Code, with supplementary guidance, was issued by ICO as far back as 2011. It has long been a key reference for HR professionals, data protection officers and lawyers, but is clearly in need of revision to reflect the massive advances in technology in the last ten years.
“Covid-19 has, of course, led to a massive (and unforeseeable) increase in home working, with many employers being faced with the twin issues of ensuring employee well-being and being able to monitor performance and conduct in a remote working context.”
In response, the ICO has released a statement which reads: “People expect that they can keep their personal lives private and that they are also entitled to a degree of privacy in the workplace.
“[We have] published guidance to help employers who are using or planning to use both systematic and occasional monitoring of their employees to comply with their data protection obligations. The ICO’s guidance makes clear that, in all but the most straightforward of cases, employers should carry out a Data Protection Impact Assessment (DPIA) to decide if and how to carry out monitoring and whether the monitoring is justified.
“The ICO is at the early stages of developing new employer-focused guidance. As this work develops, we will be engaging with organisations and seeking their views.”
Calls grow for action on working from home snooping
You’re fired! Sorry Lord Sugar, WFH is more productive
New normal? Bah, data sector has been WFH for years
Covid piles pressure on ‘maxed out’ data professionals