According to a survey by Gartner, about 10% of business adopted applications for home office monitoring prior to the pandemic. The number has increased to 30% of businesses and is rising.
Among others, applications such as Office 365 Monitoring, ActivTrak, Timedoctor, Enaibe, Hubstaff, Teramind, StatusToday, Controlio, TeamViewer, CleverControl, Spyrix Employee Monitoring, Kickidler, Veriato, DeskTime, WorkAuditor, Timely, Sneek, SoftActivity are on the market.
Many of these systems use invasive ‘tracking’ elements such as eye tracking, location tracking, mouse movements, copy and paste behaviour, search behaviour, sound tracking, time tracking, keyboard tracking, etc.
Technological robustness and efficacy
No extensive research has been done assessing the effectiveness of AI-based monitoring tools compared to non-AI-based approaches that assure employee productivity.
It is unclear whether specific features of monitoring software actually capture true productivity and performance of employees.
It is possible to outsmart the software which raises accuracy and fairness concerns.
Reliable productivity measurements are difficult with more complex and creative positions.
Pos. (blue) / Neg. (red) impact on citizens and society
Home office monitoring has a significant negative impact on citizens and society as the use of ‘real-time’ and ‘always-on’ technology can undermine trust, confidence and well-being, specifically in employment relationships.
There is significant impact on the human rights to a private life, a safe and healthy workplace and human agency.
It might set an undesired precedent for the future: more (acceptance) of surveillance.
Governance and Accountability
There might be national labour laws that require a specific legal basis for worker monitoring. Also collective bargaining agreements could have specific rules for worker monitoring.
Most of the times, employees are not involved in the decision to apply the system.
Submission to the application is not voluntary (either because employees are not made aware of the use of the system or they are obliged to consent).
Acceptable trade-offs in times of crisis
We see no acceptable trade-off in times of crisis, primarily because it is not clear whether monitoring tools have a positive or a negative impact on employee’s productivity and performance. However, enough concerns and “chilling-effects” have been expressed that make the consideration of less intrusive techniques indispensable. Policies to support the transition to more widespread remote work will need to carefully consider the potential benefits and costs for productivity, job quality, and workers’ work-life balance and mental health. This is especially important in view of rising demand and development of home office monitoring systems, that will likely not be scaled back after the end of pandemic.
1. Impact on Society (1)
The use of real-time and always-on technology can undermine trust, confidence and well-being in employment relationships. A recent survey reveals that 75% of attendees considered monitoring systems as a cause for damage in workplace trust and 43% considered such systems to lie on the border of privacy violations.
Home office monitoring could create a power imbalance between employees and management.
Particular features of home office monitoring could create pressure of ‘being present’, potentially increase stress and make it harder for employees to disengage from work (having to be “online” and “available” all the time) (Eurofound, 2020). It could also lead to change of working behaviour in order to comply with the software.
Psychological implications resulting from online monitoring could negatively affect employee and/or organizational performance. (For instance, without the freedom to make mistakes and take time to think about things, it’s harder for people to get work done).
Home office monitoring could set undesired precedent: more (acceptance of) monitoring and decision-making control systems.
Home office monitoring could have discriminatory consequences: uneven ability to scale up remote work and digital skills could result in inequalities across employees (Eurofound, 2020). This goes hand in hand with the general challenge in dealing with the sudden shift to remote work. As such, prior to the crisis, most workers had little experience with remote work and also organization were not prepared for supporting this practice (Wang, 2021).
2. Human Rights (1)
Impact on human right to freedom of expression. Some monitoring applications allow to set up automated keyword triggers so that management can receive an alert or have all mentions aggregated into report.
Impact on human right to respect for a private and family life (Article 8 ECHR), including protection of the physical and psychological integrity of an individual from other persons. Software can collect sensitive data such as credit card numbers, health information and financial records through screenshots and videos and send corresponding alerts triggered by these details. Moreover, it was reported that one application, Hubstaff, tracked location and online activity outside working hours.
Impact on the right to seek information. Chilling effects on the fundamental rights of employees to organize, set up workers’ meetings and to communicate confidentially.
Impact on the right to mental integrity. Constant visibility and traceability during work.
Impact on the right to a safe and healthy workplace.
3. Democracy (1)
Risk of generalized feeling of surveillance among workers, especially problematic because of higher demand on availability (increasing overlap between private and working life).
Risk of habituation and trivialization of intrusive technologies (diminished expectation of privacy).
Risk of generating increased AI-powered mass surveillance.
Most of the times, workers were not consulted or even notified prior to the adoption of monitoring-tools. Even with prior notice, employees are obliged to consent or they are not aware of their right to appeal.
4. Legal Compliance (1)
Home office monitoring does not comply with the GDPR Article 29 Working Party (WP29), i.e., protection of individuals with regard to the processing of personal data. This is especially problematic if data is used for automated decision-making or profiling.
Home office monitoring features that may result in the preprocessing of personal data also do not comply with protections under GDPR Article 9 Working Party (WP9).
Profiling is subject to the requirements under GDPR Article 22 Working Party (WP29), i.e., the data subject shall have the right not to be subject to a decision based solely on automated processing. This also includes software features that automatically notify management about potentially malicious activity by an employee, or that calculate and assign a security risk score to an employee based on his or her network activity.
All records must be accurate, up to date and retained for no longer than necessary given the employer’s legitimate purposes. There is no information about how long business retain employee’s personal data.
Stealth mode does not comply with the principles of the GDPR. As such, employees must be individually informed in accordance with GDPR Article 13 and 14.
There might be breaches of national labour laws and/or collective bargaining agreements.
5. Human Agency (1)
Behavioral “chilling-effects” on employees because they are constantly monitored.
Software can generate alerts caused by inefficient activities or suspicious actions (based on patterns or pre-specified triggers). The information is sent to management and could be used to build disciplinary cases against employees.
6. Explicability (0)
• Unknown whether recommendations or decisions of the applications are explicable.
7. Fairness (1)
Some working processes are not recorded or registered (such as hand written notes) and could falsify productivity measures.
There is the possibility to outsmart monitoring tools (e.g., by automating mouse movements, using a second monitor, timing the screenshots etc.)
Different working styles/characteristics of employees are not taken into account when automatically evaluating productivity and performance.
8. Accessibility (0)
Unknown whether the system is accessible for all employees, irrespective of their technical, physical or mental abilities.
9. Problem Definition (3)
There is a clear definition of the problem that home office monitoring tools try to address:
Monitoring working activity, productivity and performance of employees
Collecting data to optimize employee productivity and workplace processes
Protecting business from harm, including data leaks, fraud and insider threats
10. Solution Optimization (1)
Less intrusive methodologies exist and might be more optimal:
A recent study suggests to improve productivity and collaboration by increasing their self-awareness about work productivity through self-monitoring (Meyer, 2017). They propose various features for self-monitoring tools that could increase productivity.
Another less-intrusive non-AI based approach could involve setting goals and managing by results as well as giving regular feedback to employees rather than recording the means of getting there. Employees should be given the autonomy to achieve them.
11. Effectiveness (1)
It is generally unknown whether AI driven worker monitoring is effective in keeping workers productive.
There is increasing online information on how to outsmart home office monitoring systems.
12. Adverse Effects (0)
It is generally unknown whether adverse effects of the technology are identified by employers before implementing the monitoring system.
13. Security (2)
Collections of sensitive information through recordings and screenshots may cause security problems.
Surveillance may crease a false sense of security which can actually be a risk in and of itself.
This includes potential cyberattacks, exposing personal as well as corporate data, possible threats that pass through undetected and security breaches that may cause confidential data leakage. The consequences could be legal issues, loss of clients and damage to business’s reputation.
Some monitoring applications (e.g., Teramind) include data loss prevention (DLP) and other security tools to help prevent accidental or deliberate leaking of sensitive business data.
14. Accuracy (0)
There is the possibility to outsmart monitoring tools (e.g., by automating mouse movements) which falsifies the evaluation of employees’ activity and productivity scoring.
There is no information about accuracy based on data or models.
15. Generalisability (1)
Reliable productivity measurements are difficult with more complex and creative positions.
16. Human Oversight (0)
While the system could be easily intervened with, it is unknown whether there usually is a specific ‘human oversight’ structure in place
17. Legal Basis & Policy (2)
There are regulatory differences in European countries. In some countries, employees have the right to agree to the monitoring or not. In other jurisdictions, employees have less power.
The ICO and WP29 have issued guidance covering the privacy implications of remote employee monitoring. Key principles outlined by the ICO and WP29 include:
Expectation of privacy: Employee monitoring is intrusive and when working from home, employee’s expectation of privacy is significantly greater.
Data protection impact assessment (DPIA): Need to conduct a formal data protection impact assessment.
Legal basis and proportionality: Organizations are required to conduct a proportionality test to balance their interest again employee’s rights and privacy expectations.
Fair processing information: Employees must be provided with detailed information regarding the intended monitoring. Ensure that employees are notified in advance of the monitoring through a clear written monitoring policy, including the nature and extent of the monitoring process, the reason for the monitoring, the impact of the monitoring of the business, how confidential or sensitive information is handles (if any taken), point our acceptable and unacceptable uses.
Safeguards: Software should only be used in a manner consistent with the purposes originally communicated to employees and is subject to strict access controls.
18. Necessity & Proportionality (1)
Less intrusive approaches to increase and monitor productivity of employees exist.
The GDPR requires employers to carry out a Data Protection Impact Assessment (DPIA), taking into account the nature, scope, context and purpose of the monitoring process. It is unknown whether companies comply with/adopt this proportionality test.
According to the WP29, particular features of home office monitoring are unlikely to be lawful due to their disproportionate and excessive nature (and not necessarily a reliable measure of worker’s productivity).
19. Domain & Purpose Limitation (2)
Domain and purpose of the use of the tehcnology is usually clear.
It is usually unclear what is done with the employee data.
20. Transparency (1)
Large scale and covert collection of personal data is possible.
Most of the times, workers were not consulted or even notified prior to the monitoring.
Employees are not always adequately informed how their personal data is processed.
21. Voluntariness (1)
Mostly no consultation or voluntary submission to the software.
Mostly no clear understanding when information is obtained, why it is obtained and how it is used and by whom.
Often discomfort or objections towards the software (or particular features of software) are not communicated to management because of perceived normalization of AI based monitoring and decision-making tools as well as perceived power imbalance between employees and management.
22. Sunset Clause (1)
Many monitoring tools have already been developed and deployed in the past decade. The Corona crisis only led to an increasing demand of applications that enable home office monitoring.
Several companies have announced that they will support homeworking as a permanent option in the future.
A recent study by The Insight Partners also stresses that the global market for employee monitoring tools is predicted to increase by 84% to US%1322 million by 2027.
23. Stakeholder Involvement (1)
Most of the times, workers were not consulted or even notified prior to the monitoring (Stealth mode).
24. Accountability (0)
No public information on whether the specifics and workings of the system were documented for accountability purposes.