Data monitoring & surveillance in & out of the workplace post-pandemic


AR/VR Attention Consumer Behaviour Contextual Targeting Diversity & Inclusion Transparency User Identity Show all

This content was created by an IAB UK member

Members of IAB UK can contribute to the Member Vault. Log in to submit your content.

iubenda’s Adrian Daniels explores key issues on monitoring and surveillance in the workplace post-pandemic: is it ever appropriate, ethical or fair to monitor or surveil the workforce and their personal lives?

How far is too far before crossing the line with surveillance and data privacy? How closely do we need to go with monitoring? We are now entering into an age of total surveillance. China is a great example of this. The West is slowly catching on, which will be explored further in this article. But, where is the line drawn and balance in this argument?

Legitimate & non-legitimate reasons for surveillance

Every time we walk into a shopping mall, we are surveilled. This can be reasonable due to shoplifting, etc. However, since the pandemic, employee surveillance software sales have soared by over 50%. Some of this software even enables employers to turn on remote cameras and mics. Does this signify the lack of trust in employees working remotely? Or is this an indication of the discreet intrusion companies have had on their staff’s privacy all this time ,and now it’s just more apparent because they are working from home?

In some instances, this may be necessary where a company cannot afford for an employee to compromise, where they may have access to sensitive information as part of their role (e.g. Banking, Finance, HR, etc). However, if a staff member is monitored at home via their devices, and their employer is able to see who comes in and out of your home and bedroom, this is a clear privacy invasion and does not justify surveillance. There needs to be a balance and a proportion with monitoring.

In a new remote workforce culture, can staff members today be trusted to do the job they have been employed to do? If they can’t be trusted, should this be tied to performance and productivity alone? If they underperform, should more surveillance be installed around an employee to motivate performance and productivity, or is this violating personal rights and freedoms?

Spanish supermarket case studies: facial recognition & CCTV surveillance

One supermarket owner reported profit loss but couldn't identify where this was coming from. As a result, they installed covert CCTV above the tills. This isn’t a concept in the UK. Nevertheless, Spanish employees still found a way to steal, using customers as an accomplice. Employees that were caught stealing were asked to resign and sign a compromise agreement. Some agreed and some didn’t. The staff members that refused to sign the compromise agreement were referred to an employment tribunal. This tribunal said the situation was unfair and the evidence couldn't be proved, even with the CCTV, and accused the supermarket for violating their human rights. However, when this case went to the European Court Justice, they were in favour of the supermarket, as they had evidence and staff refused to comply with agreements.

Another supermarket in Spain used facial recognition technology instead of CCTV. This was to detect people who either had a criminal record or a restraining order to stop them going into the supermarket. Unfortunately, this powerful technology also picked up other categories of people, including elderly people and babies.

The supermarket broke the law, as it didn't fulfil any of the legal grounds for the collection and processing of biometric data (that are considered as sensitive data). Therefore, it received a generous fine for violating the GDPR regulation. More generally, the lack of specificity of facial recognition technologies makes them unsuitable for widely used surveillance that respects legal requirements. These technologies aren't effective enough, as they are unable to distinguish between persons of interest and persons who are irrelevant.

Future developments

Advanced facial detection technologies will become mainstream in the future. This technology is highly accurate most of the time, and data collected can be leveraged for behavioural marketing and advertising purposes. For example, surveying a group of people walking past a billboard at Westfield Shopping Centre, and then making changes to the billboard poster based on observations. A similar technology of the future is the 3D virtual world space called the metaverse. The metaverse is creating controversy as it possesses great potential to collect and process an incredible amount of personal data, which could pose issues with GDPR compliance. A lot of biases associated with the use of such technologies exist, in that pre-conceived notions of age, gender and ethnicity play a role in the inferences the technology makes about a person.

If surveillance is going to be an increasing part of our everyday life, then we must not ignore personal data regulations such as the GDPR. Such laws are put in place to protect our privacy in the EU. As a result, individuals are not simply at the mercy of companies, employers, etc, but have the law on their side. Informed consent is a key word here. In order for companies to start surveilling their employees, informed consent from the individual would be required. The question here is, would we ever give consent for this?

By Adrian Daniels, Growth Manager


iubenda is for everyone who has an online presence. iubenda's easy-to-use, yet powerful legal compliance software allows website owners, app developers, web agencies, and organizations in general, to comply with online privacy laws. 

iubenda is headquartered in Milan, Italy, and has teams all over the world including the UK, US, Canada, Brazil, and much more. Learn more at

Posted on: Friday 6 May 2022