Striking a balance when monitoring employees
The monitoring of workers’ behaviour in the workplace, and nowadays often their homes (p.17), is not new but goes right back to the early days of the industrial revolution, as I discovered on two visits in recent weeks.
The world’s first cotton mill in Cromford, Derbyshire, developed by Sir Richard Arkwright, was where shift working in a large factory first started in 1771. The isolation of home working gave way to the disciplines and dangers of the factory system with close visual supervision of the workers’ every move.
For a few moments in August, I followed in the footsteps of generations of factory and office workers who have been required to “clock in” when arriving at work and “clock off” when they left at the end of the day. Visiting the Timeball Tower in Deal on the Kent coast as a tourist, I inserted a card into a mechanical clock machine used to print date and time information on a card, a common workplace practice since the early 20th century.
Clocking in and clocking out still exist in some workplaces. But these days they deploy RFID chips, fingerprint and facial recognition software. One product claims to “simplify your payroll and eliminate attendance fraud……A clocking in system will stop employees clocking in and out for each other. To clock in, simply present your face to the terminal. No more paying for time when employees are actually absent.” Some products claim to be “GDPR compliant” but display a narrow interpretation of GDPR legal duties.
The Office for National Statistics has estimated: “The services sector makes up approximately 80% of UK gross domestic product (GDP).” The result is that during the pandemic, the novel aspects of monitoring employees are no longer just in traditional factories or other industrial sites. Instead, the focus of management attention for many organisations is now office work which has shifted to private homes.
This shift has enabled many organisations to continue to function but at the same time opening up a degree of surveillance never imagined before. Even 50 years ago, the degree of employee monitoring available today would be regarded as science fiction. People’s private domains are now visible to colleagues. Private computers and other devices are being hooked into office systems, in many cases using unofficial alternatives which have not received the blessing of the organisation’s IT Department.
The ICO has produced a very useful guide on working from home which gives practical advice: a security checklist for employers; bring your own device [although in this context working from home with your own device]; how do I work from home securely? and video conferencing: what to watch out for.
So around 250 years after the decline of the UK industrial economy dependent on small cottage industries and small workshops, we can see the development of a new type of cottage industry, now fully connected to the organisations which employ them, and the Internet which gives infinite scope for creativity and discovery but also surveillance of all staff.
Data protection laws, the ICO encouraging privacy friendly innovation via the Regulatory Sandbox (p.21), increasing collective action (p.16 and p.21) and in the future representative actions (p.22), will seek to strike a balance between the need for management supervision and workers’ rights.
Stewart Dresner, Publisher
Binding Corporate Rules and Brexit – a practical way forward
Sian Rudgard of Hogan Lovells explains what the situation is for organisations that are considering applying for, or already have BCRs approved.
Gamify it! Making your data protection training stick
Using games to deliver DP training can be a fun and cost effective way to get your message through. By Abigail Dubiniecki, freelance data privacy lawyer and consultant.