Spying on your staff? Why bossware is bad for privacy and your company

Regulators are starting to crack down on the use of workplace surveillance technology, which has grown in popularity since the pandemic

By Emma Sheppard


May 2023

Last month the Irish regulator – the Data Protection Commission (DPC) – published a new guidance note on data protection in the workplace. In it, the DPC acknowledged that “organisations have a legitimate interest in protecting their business, reputation, resources and equipment” and may decide to monitor staff use of the internet, email and telephone. But, it stressed, “the collection, use or storage of information about workers … involves the processing of personal data and, as such, data protection law applies.” It also pointed out that individuals have a right to private life at work under the European Convention on Human Rights. 

So called ‘bossware’ is becoming widespread in workplaces around the world. According to Gartner, 60% of employers with more than 200 workers in the US use employee productivity monitoring technologies. Another study found almost nine in 10 employers terminated workers after implementing monitoring software. More than one in 10 (14%) remote employees are unaware they’re being monitored. 

The DPC isn’t the only body to try and temper such surveillance. Last October, the UK’s data protection regulator, the ICO published 54 pages of draft guidance on monitoring at work aimed at employers. Also in October 2022, a remote worker in the Netherlands won a case against his US-based employer, which fired him because he refused to keep his webcam running while working. The Dutch court ruled his rights had been breached and ordered the company to pay €75,000. 

In the US, employers in New York, Connecticut and Delaware have to give employees notice if they’re monitoring email, internet usage or telephone conversations. And in February 2023, Senator Bob Casey and other Senate Democrats introduced the Stop Spying Bosses Act, which aims to protect workers from intrusive employer surveillance “on and off the clock”.

Answer our GDPR compliance checklist questions and we will email you an objective, personalised audit report within minutes, completely free of charge.

Get your audit

Productivity paranoia

This need to know what employees are working on is not a new phenomenon. The ‘productivity conundrum’ has occupied leaders since the day dot. And surveillance tools have been used in all types of work environments including regulated settings such as financial services, accountancy and legal firms to monitor billable hours, and on factory and fulfilment floors run by the likes of Amazon (not to mention in their delivery vehicles). But it’s certainly picked up pace over the past few years. 

In their book Your Boss Is an Algorithm, Antonio Aloisi and Valerio de Stefano blame the boom in bossware on  the “expanded managerial powers” companies felt they had to put in place during the pandemic as the world shifted to remote working. It led to a “practice by which every movement, either offline or online, is traced, revised and stored as necessary, for statistical, financial, commercial and electoral purposes”.  

Ryan Fuller, former vice president for workplace intelligence at Microsoft puts it another way: “We’re in this era of measurement but we don’t know what we should be measuring”. The proliferation of technology gives us endless opportunities to track, collect and analyse data. But it’s certainly giving privacy experts cause for concern. 

These tools have innocuous names such as Clever Control, Time Doctor and Work Examiner, tracking everything from keystrokes and mouse movements to the websites employees visit. They take photos of screens and record video from webcams. And they provide dashboard overviews and productivity scores for managers to compare employees to their colleagues. 

If you want more practical content like this article, please click below to sign up for our monthly newsletter.

Sign up now

Privacy matters for employees too

The advancement of workplace surveillance may seem tempting to managers who feel pressure to find efficiencies, optimise processes and increase productivity. They may even be concerned about keeping a handle on privacy while teams work from home. One company gives workers a daily risk score which indicates the likelihood they pose a security threat to their employer, perhaps because they accidentally leak something or because they intend to steal data or company intellectual property. 

But infringing on employee privacy isn’t the way to run a successful business. Metrics such as keystrokes and time at desk have been shown to be poor measures of high quality work. It may also have the opposite effect. Surveillance has been found to erode trust between leaders and their employees, and has a psychological toll on wellbeing. One study found the use of excessive monitoring lowered job satisfaction and increased absenteeism and turnover. 

Organisations that introduce bossware technology are also likely to be in breach of the spirit of the UK GDPR – if not the letter of the law – which requires data minimisation. There’s much more potential for harm if there’s a data breach, where excessive amounts of personal information have been collected. And in the same way that businesses must be transparent about the purpose for which they’re processing personal data and prioritising privacy by design in their dealings with customers, those obligations apply equally to how they treat their employees.

More to watch and read