Protecting Employee Privacy Against Excessive Remote Surveillance

For many remote workers, the invasive (and dystopian) practice of device-level monitoring has become a reality. As the Covid-19 pandemic continues raging across the globe, offices have been shut down and workers have been forced to work from home unexpectedly, and woefully ill-prepared for the accompanying challenges of working in a fully remote environment.

Employees, however, weren’t the only ones caught off guard and ill-prepared for the sudden and monumental shift in the workplace dynamic. Employers – many of whom have never had experience managing a remote workforce – were left scrambling to figure out how to keep their newly-remote staff productive and motivated as they worked from their home offices without direct physical supervision.

What would be the most prudent solution here for businesses? Employee surveillance software, of course!

And so it was. Company executives – fearing their bottom lines were about to take a serious plunge, with frightful visions flashing in their heads of remote workers lounging around their homes, reclining (pantsless) on their sofas, with stale tortilla chip crumbles scattered on their nacho cheese-stained t-shirts, staring glass-eyed at their television sets, mindlessly flicking through their Netflix libraries instead of dutifully filling spreadsheets and pumping out reports – began slinging cash at companies that develop software solutions designed to monitor remote employees and keep them in line.

Done and done. Employee productivity, motivation, and morale are all saved! Right?

Well, no, not really.

Remote employee surveillance is not at all a trivial matter. The practice can have major privacy implications that can easily lead to an irreparable deterioration in employee morale and can even land the employer in trouble if the monitoring activities are excessive and inessential to the company’s day to day business operations.

Although remote workers generally can expect their bosses to keep tabs on their work and ensure their productivity, remote workers are still entitled to a certain amount of privacy while working from home. Remote workers in the United Kingdom and the United States should be aware of what recourse they have in the face of excessive monitoring and surveillance. They need to feel confident speaking up if and when an employer crosses the line with its employee surveillance practices.

The trouble is that – in both countries – proper privacy safeguards to address remote worker surveillance are severely lacking, leaving employers to largely exert their will and monitor their remote staff with impunity. It’s a Wild West scenario that is becoming increasingly important to rein in.

The good news is that the situation is not out of control... yet.  

 

What remote surveillance tools are available and what do they monitor?

With so many employees still working remotely as the pandemic roars on in the US and UK, the companies developing employee monitoring and surveillance software are seeing demand for their products skyrocket to astronomical heights. There are so many employee monitoring solutions available today that it is almost impossible to keep track of them all, let alone wrap your head around everything they are capable of. What is certain, however, is that many of these programs allow for egregious, alarming, and unnecessary employer overreach into the private lives of their remote staff.

Some of the most popular of these employee surveillance tools include the likes of Hubstaff, Time Doctor, SoftActivity, and Teramind, along with ones with considerably more menacing designations like ActivTrak, StaffCop, Work Examiner, and Sneek.

If you really want to know what these tools are capable of monitoring, here’s a non-exhaustive list to get the wheels turning:

  • Keystrokes
  • Mouse movements
  • Websites visited
  • Apps being used
  • Email messages
  • Files being accessed
  • GPS location
  • Computer idle time
  • Live and recorded feeds of employees’ computer screens
  • Regular and frequent screenshots of employees’ computer screens
  • Employees’ presence at the computer via their webcams
  • Facial recognition to detect employees’ moods at any given time
  • And much, much more!

Of course, the companies behind these surveillance tools like to point out that their tools aren’t actually meant for surveillance, but instead meant for “company culture”.

This is a thinly-veiled attempt at gilding something that has serious real-life ramifications, and some do not even make the slightest attempt to sugarcoat it. Monitoring software provider, SoftActivity, for example, proudly and without any misgivings whatsoever states the following on its website:

Problems at the office? Employees shopping on eBay or wasting time on Facebook? Doing everything but working? Or worse, stealing company intellectual property? You're putting a stop to it, right now. Remotely monitor employee computers on your network in real-time without them knowing.

SoftActivity

It's questionable without a shadow of a doubt, but regardless of the frustratingly murky landscape in terms of the legality of this kind of excessive monitoring, these software solutions allow employers inordinate access into the private lives of their remote staff and are clearly ripe with the potential for misuse.

Why do employers monitor their remote staff?

Remote employee surveillance is undoubtedly a prickly subject. It’s certainly not as cut and dry as one may assume it to be. This is because while there is a distinct potential for employer overreach, there are concurrently very legitimate reasons for businesses to monitor their remote staff. Employee monitoring is a common practice that helps companies maintain high levels of quality and ensure workers remain productive.

Monitoring can also be useful for the following:

Employees generally do expect a certain degree of oversight while at work, but it is vitally important that the monitoring is not excessive and that it serves an explicit, legitimate business purpose. Any excessive and/or superfluous monitoring that serves no true, pressing business necessity should be out of bounds. 

Remote work is here to stay – and so may corporate surveillance practices

One thing the pandemic was able to shed light on, is the fact that most (if not all) office work these days can be completed outside the confines of a traditional office environment. Remote work is here to stay for the foreseeable future; there is no doubt about that. The practice had already been steadily trending upwards for a number of years now, but the pandemic has shifted the trend firmly into overdrive.

And just the same as remote work is here to stay, so is corporate monitoring of remote workers – at least to some degree.

The challenge going forward will not be in keeping remote employees in line, but it will be in keeping companies in line and making sure they don’t cross the line and overreach in their monitoring practices. With limited safeguards currently in place for workers, that challenge will be considerable.

Some of the things companies should already be doing now to maintain the trust of their employees and to ensure they don’t cross the line into unnecessary, excessive surveillance include:

All of this information should be kept in a company handbook or any other place that is easily accessible to employees. Either way, the keys here to maintain employee trust and productivity are transparency, transparency, and transparency. That, and rigorously limiting the overall scope of the monitoring to only what is strictly needed. 

Why employees should be concerned about remote work surveillance?

Apart from the obvious creepiness of being under constant – or at least some degree of – surveillance while working from home, there is the added element of increased stress that monitoring can provoke in remote workers, especially if the surveillance is perceived as being excessive or unnecessary.

Sure, sometimes added levels of stress can increase an employee’s productivity, performance, and, in turn, overall job satisfaction. Good, positive stress can be a powerful motivating factor that gives employees the energy and drive to meet their goals. Being stuck in a role that doesn’t adequately challenge or push the employee to do their best work can often lead to complacency and low levels of productivity. This is why positive stress is so important to the success of the employee as well as the organization as a whole.

On the other hand, negative stress – the kind of stress that can, for example, be caused by invasive remote work surveillance policies – can be extremely detrimental in a variety of ways. For one, negative stress can lead to anxiety and other health-related issues that can have a considerable and adverse impact on an employee’s mental health, enthusiasm for work, and general on-the-job productivity. When productivity drops, not only do businesses suffer, but workers also miss out on promotions and other means of progressing their career paths. Not just that, but the negative stresses associated with excessive monitoring has the potential to drop worker morale – along with whatever company culture may have existed at an organization – straight down the tubes. The bottom line here is that being disproportionately monitored and watched all day while working remotely is not exactly beneficial for the health of the employee, nor for the health of the organization as a whole.

And it’s not just increased negative stress that remote employees should be concerned about when their bosses cross the line into excessive surveillance. Spyware, keyloggers, and other monitoring tools are becoming increasingly popular with employers who want to keep a close watchful eye on exactly what their employees are up to while working remotely. The problem, for workers, is that these tools can – even inadvertently – capture their private conversations, take screenshots of pages containing sensitive financial or medical information, and record their usernames and passwords for various online accounts. This is a very real risk, even if a company’s monitoring policies for remote employees distinctly preclude monitoring or collecting such information.

There are clear and obvious privacy concerns that remote employees and employers alike need to be categorically conscious of when it comes to worker surveillance. Employers need to ensure that any monitoring or surveillance is proportionate, necessary, and non-invasive of privacy, while employees need to know what recourse they may have in case they believe certain monitoring practices have crossed the line.

What laws exist and how do they protect workers from excessive surveillance?

In the UK, employee privacy laws are a bit more clear when compared to the US, where the landscape is mostly a tattered mess of individual state laws that protect workers from surveillance to varying degrees of effectiveness. That said, employee monitoring is legal and largely unregulated in both the UK and the US, and both countries certainly have a long way to go before either can be considered a competent defender of employee privacy rights, especially with the way the scene is so rapidly evolving.

In the UK:

In the US:

Existing laws that could be extended to meet modern data privacy needs

There are a few pieces of existing anti-discrimination legislation in the US that can potentially be extended and interpreted to apply to instances of employee monitoring. Let’s take a look:

What privacy rights do workers have in the face of corporate surveillance?

Unfortunately, the answer to that question for workers in both the UK and in the US is, not much...not much at all. 

In the UK:

According to the Information Commissioner’s Office, in the UK, employers are required to inform their staff of any monitoring activities being conducted and the specific purpose of those monitoring activities. But employers don’t necessarily always need to obtain the consent of employees to engage in monitoring activities. If any monitoring practice is provided justification through an appropriately conducted and thorough impact assessment concerning the necessity for the monitoring, then direct employee consent is not required. In cases where employee consent for monitoring would be required, those terms of consent are typically baked into employee contracts, effectively making consent to monitoring a condition of employment. Workers in the UK, unfortunately, have little recourse, even if the monitoring is seen as excessive. As previously mentioned, UK workers do, however, have the right to know what personal data their employers have collected on them, access that data, rectify that data, and have that data erased. While these are excellent privacy protections that cover UK workers across the country uniformly, they offer no real or specific protection against monitoring and surveillance activities being conducted by their employers.

In the US:

If anything, in the US, employers have more of a right to conduct surveillance on employees than employees have the right to protect themselves from monitoring and surveillance. Sure, when using company property and company systems, there is a general understanding that workers shouldn’t expect that what they do on those company-owned devices and services will remain private. But when employers hold all the power, when employees have no defense against intrusive surveillance practices, and when laws have egregiously failed to keep pace with the evolving technological landscape, then we’ve got quite a big problem on our hands.

Laws such as the PATRIOT Act can give employers a great deal of leeway and ‘justification’ in monitoring their employees and in disclosing information to authorities when required. It doesn’t take much deep consideration to understand that such authority in the hands of employers to conduct exhaustive surveillance is ripe for abuse and misapplication. American workers, on the other hand, have little to fall back on when it comes to protecting themselves.

That said, there have been a few high-profile instances where employees in the US have sought legal recourse against excessive surveillance endured at the hands of their employers.

In the 2010 court case Stengart v. Loving Care Agency, Inc., a former employee filed a discrimination lawsuit against the defendant, citing privacy violations after the defendant used software to record each website the employee visited on the company-owned computer the employee used for work. The web pages recorded by the defendant contained the employee’s private email correspondences sent from her personal password-protected email account, including email correspondences between the employee and her attorney. The New Jersey Supreme Court ruled that, even though the activity was conducted on a company-issued device, the employee still had a reasonable expectation of privacy in her communications with her attorney and that those communications were protected as privileged information.

Rene v. G.F. Fishers, Inc., is a 2011 court case in which a former employee successfully invoked the Stored Communications Act after the plaintiff discovered that her employer had accessed her personal email account and personal checking account after obtaining her passwords using a keylogger software installed on a company-issued computer. The plaintiff’s employment was subsequently terminated after she confronted her employer about the invasion of privacy. The court in Indiana ruled in the plaintiff’s favor citing her claim under the SCA as valid, even though she accessed her private accounts on a company-owned device.

These cases illustrate that workers do indeed have a certain amount of legal recourse against such egregious and unwarranted surveillance conducted by their employers. However, these cases where the employee is successful in securing a legal victory against an employer’s surveillance tactics are few and far between. Although it’s certainly encouraging that in some cases, employees have successfully fought back against such invasive surveillance practices, that employees generally have to lawyer-up and often contend against companies with deep pockets and plenty of resources to put up a solid legal defense isn’t exactly so encouraging. The truth is, without robust federal legislation specifically addressing employee monitoring practices, the balance of power will always be dramatically and inequitably skewed in employers’ favor, effectively giving them the latitude to carry out their surveillance practices however they see fit. 

What should be done to address these issues going forward?

So far, there are a lot of suggestions regarding what employers should do, but little to no real accountability when it comes to how, or to what extent, they may monitor their employees. This means that workers are largely left powerless to the will of their bosses, without any real legal protection against intrusive monitoring. This is true in both the UK and in the US.

It is this imbalance of power that needs to be fixed in both countries...especially at a time when many people feel lucky to be employed at all. And the continued absence of any true and beneficial regulatory framework specifically related to protecting workers against excessive surveillance will only ensure that the imbalance of power will persist.

Really, the bottom line here is that everyone deserves and has a fundamental right to a private life, even while working. Sadly, however, there are employers out there whose number one concern is lining their own pockets and protecting their own bottom line, rather than protecting the privacy interests of their employees. These employers often fail to consider that their employees are more than just tools meant to produce economic value for their organization and will not hesitate to push the envelope of what is legally permissible to ensure their employees are producing like a well-oiled machine at all times. This means doing whatever it takes to keep their employees in line, including deploying ridiculously invasive software tools to keep a close watch on them while they’re on the clock – and all too often, even when they’re off the clock.

For as long as there continues to be little to nothing legally stopping employers from doing so, they will certainly carry on and stretch their surveillance practices as far as they can possibly stretch them.

This is why it is so important for both the UK and the US to finally establish proper legislation that keeps up with the rapidly evolving technological landscape and helps level the playing field so that workers’ privacy rights don’t continue being eroded by unscrupulous employers. Technological advancements in the capabilities of monitoring software products have made it much easier and much cheaper for employers to conduct an almost limitless amount of surveillance on their employees. Meanwhile, legislation protecting worker privacy remains neglected, forgotten, drifting aimlessly in the dark ages, and legislation specifically protecting workers from undue monitoring and surveillance is simply non-existent. Re-establishing a proper balance of power between employers and employees when it comes to surveillance will require a robust set of laws that are specifically conceived as protection for workers against excessive monitoring.

Especially in cases where employees’ most sensitive private data is at stake (such as health information and privileged communications), laws must have the capacity to supersede an employer’s ‘justification’ and predilection to pursue excessive and disproportionate monitoring of their employees. But that being said, any form of excessive monitoring or surveillance practices that step outside the bounds of what is absolutely necessary for a business to operate and compete in its industry should be addressed through appropriate legislative measures.

Employers need to be held liable under the law if they cross the line into unnecessary, unreasonable employee monitoring.

One major problem that could potentially throw a wrench into any progress towards a form of acceptable employee surveillance legislation is the practice of baking monitoring clauses into at-will employment contracts. Because of this, employees are often muscled into consenting to being monitored as part of their employment agreement. Essentially, it’s like saying, “here, you can have this job, but you have to be cool with us monitoring basically everything you do, which may or may not extend into your personal life...please sign your privacy away on the dotted line below.” What’s happening is that workers are having to choose between a paycheck or their privacy, while employers hold all the leverage. And in today’s climate, when job opportunities are sparse, you’d be hard-pressed to find a worker in a position to pass up an offer.

The truth is that these types of provisions in signed employment contracts give employers largely unbounded latitude in their monitoring practices, while employees are left powerless to prevent it. Technically, by signing an at-will employment contract with a monitoring clause included, the employee has ‘consented’ to being monitored. That is the Ace up the employer’s sleeve and can allow the employer to effectively sidestep legal ramifications should a dispute arise. But can we really consider it actual consent when the consent to monitoring is non-negotiable and requisite for employment? No, not really, which is exactly why proper legislation is needed to level the playing field and give employees the legal backing to have a say in what extent their employers are and are not permitted to monitor them.

All of this is not to say that employers should not be able to take measures to ensure adequate productivity from their employees. Employers have every right to protect their assets and to ensure their business is healthy and operates effectively and efficiently. Employees should certainly be held accountable for completing their work in a constructive manner and remaining productive while at work, including, of course, when working from home. That said, clear-cut, comprehensive, and explicit legislation is needed to ensure that any employee monitoring practices are strictly limited to appropriate and relevant work-related contexts and that employees cannot be monitored in any capacity while off-duty. Proper legislation can help meaningfully protect employees against any form of surveillance that reaches beyond the scope of what can reasonably be classified as work-related. Laws designed specifically to protect against excessive employee surveillance can also help ensure that any monitoring practices that could be considered ‘out-of-bounds’ cannot be legally justified through employee-signed notice and consent arrangements in at-will employment contracts. Unreasonable, disproportionate, overreaching monitoring should never be a condition for employment, and proper legislation needs to be formulated and enacted to help make sure it never is going forward. 

Conclusion

Employers monitoring their employees is certainly nothing new and, it can be argued, is a practice that has in all probability been around in one form or another since the first time one individual hired another individual to help complete a task in exchange for monetary compensation. Bosses have always had to take certain measures to make sure their employees were doing what they were hired to do, and doing it effectively.

But we’ve come a long way since bosses used to prowl workspaces or dispatch private investigators to spy on workers outside of work. With the technological tools bosses have at their disposal today, the whole monitoring process has become much simpler, more convenient, and exceedingly more affordable. Yet laws have thus far failed to appropriately keep pace with the rapid advancements in surveillance technology, leading to an unacceptable imbalance of power between employer and employee. That employee protections have lagged behind significantly, or worse, that they are entirely non-existent is basically giving bosses carte blanche when it comes to what methods they use to monitor their employees.

A mishmash of state laws in the US, along with insufficient national laws in both the US and UK are woefully inadequate at addressing the issue, especially as remote work is undoubtedly here to stay and employee monitoring practices will continue to be a hot-button issue for the foreseeable future. Remote working, and specifically work from home arrangements, effectively blur the lines between work life and private life, which is why robust legislation needs to be put into place now to keep the two separate and to keep the line properly in focus. Employers should never have the jurisdiction to pry into the private lives of their employees simply because they are working from home. That is not a valid excuse. The fundamental right to privacy extends into the work environment, even if employees can reasonably expect a certain degree of oversight from their employers.

Essentially, employers are attempting to recreate the office environment and grasping for ways to keep an eye on their employees as they would physically do in the office. The problem is that the entire dynamic of the work environment has been gradually shifting for quite a while now, but many companies either ignored it or failed to see it. And now that remote work has so suddenly and unexpectedly become – for lack of a better term – ‘the new normal’, many companies have been ill-prepared for such an abrupt and seismic shift, causing them to scramble for any way to maintain control of their operations. Perhaps it hasn’t been their intent, but in the process, they have begun engaging in awfully invasive behavior and trampling on their employees’ rights to privacy in their attempts to conserve the levels of productivity they were able to cultivate in the office setting.

And while employers are becoming increasingly preoccupied with all the amazing ways in which they can go about recreating the same level of oversight they enjoyed in the physical office, they have evidently failed to realize that there is absolutely no evidence that workers are more productive when they are being monitored, and no evidence that they are less productive when they are working from home. In fact, when a recent UK research study indicates that the vast majority of remote workers were able to either get the same amount or even more work done when working from home, it really raises questions as to what the point of all this increased monitoring is and what are the real underlying motivations for employers in conducting excessive surveillance on their remote workers. Maybe it’s simply that some employers are completely unaware that the theories claiming that, increased monitoring equates to increased productivity, and that remote workers get less done, are nothing more than a myth.

In the end, whatever the case may be, we must never lose sight of the fact that employees have a fundamental right to a private life, even while at work, and we cannot continue to allow employers to trample on that right to privacy through the use of invasive surveillance tools. Employees should never be forced to acquiesce to such an invasion of privacy in exchange for a job. Laws protecting employees from undue monitoring are absolutely necessary, but so is an understanding on the part of employers that there are ways to encourage employee productivity other than by blindly jumping onto the surveillance bandwagon. Cultivating trust and establishing a healthy company culture that promotes enthusiasm for work can be a hundred times more effective at fostering productivity than slapping a piece of software on an employee’s devices that turns their remote workstation into a virtual panopticon.

Remote work is not going anywhere, that is certain. So once appropriate legislation that properly keeps pace with evolving employee surveillance technology is in place, and once employers begin to understand that their excessive monitoring activities are doing much more harm than good, perhaps then productivity will truly soar and organizations can genuinely thrive in ways they may have never imagined. Here’s hoping for a future where organizations respect employee privacy and view the concept as a business advantage rather than a liability. 

Written by: Attila Tomaschek

Attila is a Hungarian-American currently living in Budapest. Being in the VPN game for over 5 years, along with his acute understanding of the digital privacy space enables him to share his expertise with ProPrivacy readers. Attila has been featured as a privacy expert in press outlets such as Security Week, Silicon Angle, Fox News, Reader’s Digest, The Washington Examiner, Techopedia, Disruptor Daily, DZone, and more. He has also contributed bylines for several online publications like SC Magazine UK, Legal Reader, ITProPortal, BetaNews, and Verdict.

0 Comments

There are no comments yet.

Got Something to Say?

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives:

The fastest VPN we test, unblocks everything, with amazing service all round

Longtime top ranked VPN, with great price and speeds

One of the largest VPNs, voted best VPN by Reddit

Strong presence, no-logs policy