back to article Get your staff's consent before you monitor them, tech inquiry warns

Companies that monitor their employees should only do so after they consult with and get consent from the staffers they are watching or tracking. That's according to a report published this week after a year-long inquiry by the department formerly known as DCMS into the harms and benefits of connected technologies. The report …

  1. Anonymous Coward
    Anonymous Coward

    Well, duh..

    Companies that monitor their employees should only do so after they consult with and get consent from the staffers they are watching or tracking

    Frankly, if that is not your default approach you don't even deserve to have anyone working for you..

    1. Little Mouse

      Re: Well, duh..

      If it really came down to it, any such company would just add a "Consent" clause to the default employment contract. Most already do, I imagine.

      Consultation won't come into it. Or at best, you'd get "consulted" regarding whether you want to a) Like it or B) Lump it.

      Another HR tick-box, Hooray.

      1. Pascal Monett Silver badge
        Trollface

        Indeed. The general approach, in my opinion, is : you signed the employement contract, didn't you ? So you consent (or else you can find employement elsewhere).

        It is so easy to resort to the facist approach. You avoid a lot of time spent wondering about consequences . . .

        1. Anonymous Coward
          Anonymous Coward

          you signed the employement contract, didn't you

          Ah, but that dog may be a tad too geriatric to hunt anymore: remember the 'explicit' part of GDPR notification?

          I think it could be argued that that applies to contracts too. Would be interesting to get that in Court at some point to have that confirmed because if it doesn't apply it ought to be changed.

          1. ChoHag Silver badge

            Because arguing with your employer over your right to be employed by them always goes so well.

            1. Doctor Syntax Silver badge

              It depends where you are but in case you're in the UK I'll just leave this here: https://www.gov.uk/courts-tribunals/employment-tribunal

      2. tfewster
        Facepalm

        Re: Well, duh..

        Failure to read the Ts&Cs: https://en.wikipedia.org/wiki/Joan_Is_Awful

      3. spold Silver badge

        Re: Well, duh..

        Agreed - it will be in the small print that no-one reads (just like privacy policies.... I have read and understood <tick> <click>).

        I have come across both bad and reasonable examples in my time as an IT consultant.... the UK Bank that monitored call centre employees to see if they were wasting time at their desk instead of handling calls, and even had a badge lock on the toilets (washrooms) to monitor how often they were using them. A more reasonable one was a pharmacy that was dispensing nuclear medicine for hospitals... monitoring safe handling practices was for the good of both employer and employee.

  2. Doctor Syntax Silver badge

    If employers should get employees' consent before monitoring them where does this put HMG in regard to installing monitoring devices on everyone's devices?

    1. Neil Barnes Silver badge

      "Well, as you voted us into power, obviously you approve of our monitoring activities."

      Er...

      1. Yet Another Anonymous coward Silver badge

        As the recent Tory explained. If you don't like anything about the country, like the monarchy, you can emigrate.

        1. Anonymous Coward
          Anonymous Coward

          .. but of course they rather omitted the fact that if you do so, you will be treated the same as non-UK passport holders are treated by the UK.

          It's interesting that neither side of that idiocy is prepared to show they're a tad more intelligent and benevolent than the other side, politicians always opt for tit for tat all the way.

          1. Yet Another Anonymous coward Silver badge

            But you'll be an expat, not an immigrant

            1. Neil Barnes Silver badge

              There's a difference?

              1. anonymous boring coward Silver badge

                Expats are entitled, of course.

              2. Anonymous Coward
                Anonymous Coward

                Expats have an inflated idea of their own self importance.

                1. Anonymous Coward
                  Anonymous Coward

                  > 2 thumbs down

                  Ooh. A couple of upitty expat down voters there? (Or "immigrants" as they are known to everyone else on the planet.)

  3. Eclectic Man Silver badge

    OII

    OII is the Oxford Internet Institute : https://www.oii.ox.ac.uk

  4. Pascal Monett Silver badge

    "and freed them up to focus on more sophisticated tasks beyond the scope of automation"

    So, are Amazon employees finally getting bathroom breaks, or do they still have to pee in plastic bottles ?

    Because if AI hasn't improved on that, then tell me again what it is good for.

    1. Yet Another Anonymous coward Silver badge

      Re: "and freed them up to focus on more sophisticated tasks beyond the scope of automation"

      No but it means they have to tell you in the small print before filming you peeing

      1. Doctor Syntax Silver badge

        Re: "and freed them up to focus on more sophisticated tasks beyond the scope of automation"

        And you have to buy the bottle from Amazon.

    2. Anonymous Coward
      Anonymous Coward

      Re: "and freed them up to focus on more sophisticated tasks beyond the scope of automation"

      Because if AI hasn't improved on that, then tell me again what it is good for.

      It will have identified better bottles so employees can be back at work sooner, of course. It would be rather naïve to assume that Amazon was going to spend computer power on anything that benefits employees..

    3. Boris the Cockroach Silver badge
      Go

      Re: "and freed them up to focus on more sophisticated tasks beyond the scope of automation"

      Peeing in a bottle at amazon 'forfillment centers'* will soon be a thing of the past as the employment contracts are going to be modified for more efficiency

      In other words, you'll be forced to wear a catheter and the bottle will be strapped to your leg and you'll empty at the end of your shift...... although more likely it will be a special amazon bottle that will filter/process the liquid and return drinkable(if slightly warm) water to the user so that they can take a drink break without stopping.

      * that phrase is just so cave johnston

      1. M.V. Lipvig Silver badge

        Re: "and freed them up to focus on more sophisticated tasks beyond the scope of automation"

        Yes, I can see that - just like I can see the filter is actually a repurposed coffee filter.

        1. mistersaxon

          Re: "and freed them up to focus on more sophisticated tasks beyond the scope of automation"

          Amazon Warehouse goods finally reaching their proper level of utility...

      2. Yet Another Anonymous coward Silver badge

        Re: "and freed them up to focus on more sophisticated tasks beyond the scope of automation"

        >a special amazon bottle that will filter/process the liquid and return drinkable

        Arakis - a new, off-shore, tax-exempt, fulfilment location

      3. Great Southern Land

        Re: "and freed them up to focus on more sophisticated tasks beyond the scope of automation"

        Why bother with the bottle?

        Just plug the catheter into a socket at the desk.

        The Matrix is one step closer!

  5. This post has been deleted by its author

  6. Plest Silver badge

    I once asked my boss's boss if the company would implement staff monitoring on PCs. He said, "That would be a very bad idea. We have to have trust in those we employ and from a personal point of view, if I have to monitor what my staff are doing across the whole dept then it means my under-managers are not doing a very good job and by dint of that neither am I.".

    1. Yet Another Anonymous coward Silver badge

      And he was the risk manager at Barings, before moving to the Barclays LIBOR group

    2. Cliffwilliams44 Silver badge

      And the 1st time the company gets hit with a ransomware attack, then the monitoring begins!

      Companies don't want to know every key stroke you enter, every work you write, but we must know what sites you are visiting. This is not used to produce evidence to fire someone. If they are screwing off at work, their manager should already know that and doesn't need this to make that decision.

      we also need to know, if/and/or prevent you from installing in authorized software on your PC/Phone!

      1. Anonymous Coward
        Anonymous Coward

        Monitoring occurs by default without intent

        Most employers will need to obtain consent even if they’re not intentionally spying on their staff, making this all a bit pointless.

        For example, everyone using Microsoft 365 is subject to monitoring. Employers can trial Priva and/or E5 whenever necessary and view metrics on which private conversations could be construed as ”targeted harassment” from electronic monitoring which already happened long before the licences were trialled. Likewise for Windows event logs, which show when users logged on/off, booted their workstations, locked/unlocked screens and many other productivity metrics. Phone systems will have extensive CDR logs, email systems will monitor how many messages are sent by any given user per day, and who those messages are going to, This is all long before we get into the realm of best practices for auditing the accessing of files on servers.

        This data is being collected by default and every company will simply issue a boilerplate agreement saying that they’ll use the data for pretty much anything (refine business processes, aid in training, monitor general productivity as well as ensure system security) will end up in the oft-unread Office Equipment Policy and Data Protection Policy sections of the employee handbook, where all the cheeky cant-believe-theyre-not-NDAs end up anyway. Nobody in IT, HR or middle management will accept anything less, since novel uses for this type of data to protect company interests when sharks circle will almost always pop up.

  7. b0llchit Silver badge
    FAIL

    Yeah right...

    Employer: Please consent to tracking.

    Employee: No.

    Employer: You are fired. because I have found a really good excuse not related to you not consenting to tracking, no sir, honestly

    1. Doctor Syntax Silver badge

      Re: Yeah right...

      As per my previous psot: https://www.gov.uk/courts-tribunals/employment-tribunal

  8. Tron Silver badge

    Outliers have minimal push.

    We are not part of the EU any more. UK-only requirements for tech design will just cut the UK off from technologies. As well as becoming a third world toilet courtesy of the economic impact of Brexit, we will revert to the 1970s in our technology. Nothing new will be legal here.

    1. Doctor Syntax Silver badge

      Re: Outliers have minimal push.

      "we will revert to the 1970s in our technology"

      Ah, the good old 1904.

      1. Yet Another Anonymous coward Silver badge

        Re: Outliers have minimal push.

        >Ah, the good old 1904.

        I think 1904 was the plan, so many of them believe the country has been going down hill since Victoria kicked it. Except for those who think it's been downhill since Agincourt

    2. M.V. Lipvig Silver badge

      Re: Outliers have minimal push.

      And people like you, who failed to vote, became upset with the results, and now hope to see the UK fail because of it will be the reason Brexit fails. Time to put on your big boy pants, accept the new reality for what it is, and work to make it succeed.

      1. anonymous boring coward Silver badge

        Re: Outliers have minimal push.

        Stop telling others what to do. You voted for it, you fix it.

        1. SundogUK Silver badge

          Re: Outliers have minimal push.

          It is fixed. It annoys all the right people, so I'm good with it.

          1. anonymous boring coward Silver badge

            Re: Outliers have minimal push.

            Many who voted for it now regret it. Those must be "the right people", if any.

            Luckily I have a EU passport, and can easily escape when I retire. I do feel very lucky.

  9. heyrick Silver badge

    get consent from the staffers

    Proper consent implies the ability to refuse.

    I rather suspect "consent" will be a case of "agree or find yourself another employer".

    1. Anonymous Coward
      Anonymous Coward

      Re: get consent from the staffers

      Another police officer that thinks a bodycam violates their human rights?

      Or a LIBOR trader that thinks having their messages to their chums in the other banks monitored by compliance is unfair ?

    2. ITMA Silver badge
      Devil

      Re: get consent from the staffers

      "I rather suspect 'consent' will be a case of 'agree or find yourself another employer' "

      I get exactly that attitude from my cat :(

  10. M.V. Lipvig Silver badge

    May as well not bother

    Unless there are very stiff penalties for companies that fire employees for refusing to consent.

    That being said, if I'm using the company computer for work, the company can monitor that all they want. They can monitor their phone as well as their email. But that's it. Any webcam will stare at the computer it's monitoring. It doesn't need to see me. The one on my laptop that I have no admin control to has a nice piece of tinfoil taped over the camera. It can monitor itself. Or, the docking station it's in is behind one of my monitors, go crazy.

    1. HerrGerbrandt

      Re: May as well not bother

      Yeah, may as well not bother.

      I don't think companies use the webcams of their devices for monitoring. Somebody would have to view the material and that costs money.

      Also, what would they do with their knowledge of you doing whatever in front of the work laptop screen?

      Don't think it's worth it.

  11. Anonymous Coward
    Anonymous Coward

    Genuine Question re proxy / web filtering

    Where does web filtering tech such as proxy services fit? I see it as a security feature, however employees see it as monitoring.

    Would this mean that companies have to obtain consent from employees to implement basic security tools?

    1. tfewster

      Re: Genuine Question re proxy / web filtering

      Computer access/email access/internet access needs an additional HR policy that needs to be accepted by the employee.

      Though automated web filtering isn't necessarily monitoring, unless you're reviewing the logs...

      1. Diogenes8080

        Re: Genuine Question re proxy / web filtering

        Although strictly speaking it should not make a difference, I suspect that any practical [1] distinction will fall on the motive for monitoring.

        If you only establish user identity after you know that a malicious link has been clicked and that you may need to remediate then that is one thing.

        If on the other hand you are deluged with line management requests to establish how much time employee X is home shopping, that is another thing. A specific inquiry comes close to fishing.

        1. practical distinction - never mind what this OII says; show me judgements and actual fines

        2. some proxies don't track user identity - they simply allow or block depending on the destination category

  12. russmichaels

    It's fine to monitor as long as you tell them you are doing it, permission should not be required, that is just nonsensical.

    Back in early 2000 i worked for a company called London web, who were secretly monitoring all staff, recording every keystroke and taking snapshots of desktop.

    I was mortified when i found out, as this meant the boss had been reading my personal email, messages to my girlfriend, had all my login for my online banking and everything else I did from my work pc.

    Obviously had I known, i would never have done anything personal or logged into anything from work and I would have been fine with that.

    Before you start with all your troll comments about how those things shouldn't be done from a work pc, yada yada, wind your neck in and take note of the fact this was over 20 years ago, everyone was oblivious to such things back then, including me and most people still are, which is the point.

    1. Cliffwilliams44 Silver badge

      "I was mortified when i found out, as this meant the boss had been reading my personal email, messages to my girlfriend, had all my login for my online banking and everything else I did from my work pc."

      We would NEVER do this, and if any one was caught doing this, they would be terminated immediately!

      This is a blatant HR violation. We do not grant Managers access to staff mailboxes, if they ask they must go to HR and present a valid justification. That usually ends the conversation at that point!

      The argument, "don't do that on you work PC" is fine until you realize that it's just not possible to stop. People have lives, kids they need to be in touch with, personal business that must get done during business hours.

      But PLEASE, don't sign up to personal use websites with your company email address! And then complain to IT you are getting bombarded with SPAM!

      1. Yet Another Anonymous coward Silver badge

        Although it can go too far.

        Our corporate overlords are in the Eu and their reading of GDPR is that anything on an a user's company computer is private, even work email.

        So when somebody leaves, IT wipes the disk and archives email away somewhere. It takes a search warrant signed by 2 popes to get details of any work they've been doing that wasn't checked in or stored on a project fileserver.

  13. Cliffwilliams44 Silver badge

    Nonsense!

    You have no expectation of privacy at your place of business, or on their network! (except the rest rooms!)

    Act accordingly, and you won't get into trouble.

    While we do not actively examine internet traffic, will NEVER turn over traffic reports or browser history to a manager (if you, as a manager, suspect you have a problem with an employee wasting time on the internet, you already know you have a problem, deal with it!), understand, your internet traffic IS being monitored! Your PC IS being monitored and controlled. your company issued phone IS being monitors and controlled. We do not need your consent to do so! Your consent is assumed when you agreed to work here.

    Understand, we do not care about your personal life, your political views, your shopping habits (but you should not be doing that at work, but hey, that's your managers problem), we care about protecting our network, protecting our data, and, protecting you! Also understand, if you are downloading torrents, hacking tools, illegal material, abusing the companies bandwidth, etc. YOU WILL GET CAUGHT!

    If any of this bothers you then, BUY YOUR OWN PHONE, BUY YOUR OWN HOME PC and use that at home.

    1. Anonymous Coward
      Anonymous Coward

      Re: Nonsense!

      > You have no expectation of privacy at your place of business, or on their network! (except the rest rooms!)

      >

      > We do not need your consent to do so! Your consent is assumed when you agreed to work here.

      Sorry, you can say this over and over, and might even think it makes sense, but the law doesn't generally take what you believe into account.

      Over on the continent, companies have been finding that excessive* surveillance leads to fines. Employers aren't exempt from the rigours of GDPR just because they own the kit - if you're recording too much and someone starts using their machines in a way that leads to you processing a special category of data, it's going to be a bad day.

      *definite excessive is, clearly, a bit tricky so anything beyond the most limited monitoring carries the risk of liability.

  14. Anonymous Coward
    Anonymous Coward

    So can any of you help with a workplace privacy question? Where I work the door to the gents has never been able to shut. There is a cctv camera with line of sight of a urinal.

    When did that become legal?

  15. john.w

    Cheaper than employing someone to do it.

    Supervisors used to do the monitoring, including the time for bathroom breaks, so little has changed except you can now get rid of some unproductive headcount.

  16. Uncle_Bob

    Freely given consent

    "Companies that monitor their employees should only do so after they consult with and get consent from the staffers they are watching or tracking."

    Employers have a position of power over employees so consent is likely not to be considered "freely given" as required by GDPR and therefore not lawful. Therefore legal basis would have to be legitimate interests. Clearly consultation is still important, a DPIA for any new technologies used and most important of all is transparency.

  17. Grinning Bandicoot
    Big Brother

    Oops - look what I caught

    If you are busy looking over your shoulder to see who is looking, how can look ahead for roadblocks in your project?

    On another note there was a time when I operated in a position that had purchasing authority and in the process of carrying out my fiduciary duties would go on line to maximize the benefit for the agency. Kept getting blocked and after one finger pointing nasty session, it was found and quickly unfound [sic] that buying was done one good guy theory. So it can work both ways and managements brown streak can be unexpectedly aired.

  18. Anonymous Coward
    Anonymous Coward

    Hmmm

    To me this depends upon the ethical stance of the IT Director.

    As a former IT director I frequently got requests from senior management to provide access to staff's data without consent. I politely told them to bog off unless they could get consent. I even had the CEO threaten me if I did not provide access - to which I replied, "go on then". He didn't and they either backed off or got consent.

    So it is not a given that a company will act evil-ly if there are decent people looking out for the common man/woman and obeying the law....

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like