KG LEGAL \ INFO
BLOG

Blog home > IT, NEW TECHNOLOGIES, MEDIA AND COMMUNICATION TECHNOLOGY LAW > Employee supervision methods that may violate employee rights

Employee supervision methods that may violate employee rights

Publication date: April 15, 2025

Monitoring employees at work is a common practice in many organizations. The tools used for such monitoring are designed to assess employee performance and time spent on individual tasks. This system has proven useful during the pandemic, when many people switched to remote work and the supervisor’s supervision was significantly reduced. However, employee control must be applied in a manner consistent with legal regulations, especially the General Data Protection Regulation (GDPR), which requires employers to protect employee privacy. There are a number of monitoring methods that can lead to serious violations of these rights if they are not used in accordance with the appropriate rules. Recently, there has been a boom in such methods for monitoring employees, such as keylogging – measuring keyboard keystrokes in a given unit of time, tracking what someone is typing on the keyboard, recording mouse movements, or the number of logins to a given system.

Legal Basis for Employee Privacy Protection

It is worth recalling that employees’ rights in terms of privacy and personal data protection are strictly protected by law, including the GDPR and national privacy and labor law regulations. By introducing appropriate regulations, the legislator has ensured that employers do not abuse this right.

GDPR imposes an obligation to protect personal data, including data relating to employees. The key principles that apply in the context of employee monitoring are:

  • Principle of transparency (Article 5(1)(a) of the GDPR) – Employers must clearly inform employees that their data is being processed, for what purpose, by whom and on what terms.
  • Purpose limitation principle (Article 5(1)(b) of the GDPR) – Personal data may only be processed for specified and lawful purposes, and their processing must be appropriate and not excessive in relation to those purposes.
  • Principle of proportionality (Article 5(1)(c) of the GDPR) – The collection and processing of data should be limited to the minimum necessary.
  • Security principle (Article 5, paragraph 1, letter f of the GDPR) – Employers are obliged to ensure appropriate measures to protect the personal data of employees.

The employer must also comply with employee privacy laws, including specific employee surveillance regulations that may be included in national labor laws. Such laws require that monitoring be used only when absolutely necessary and that employees be informed of it.

Employee supervision methods

Among the methods of supervision of employees that may violate their rights, the following stand out:

  1. Keystroke Monitoring

Keystroke monitoring involves recording all keystrokes made by an employee on a computer. This type of monitoring can be used to identify attempts to misuse a computer system or to look for evidence of unauthorized activities (e.g. data leak attempts). It can also be used to assess employee performance.

Arguments suggesting that the method violates employee rights:

  • Privacy Invasion: Every keystroke may contain personal data, passwords, sensitive information or private messages. An employer has no right to track an employee’s private conversations or activities that are unrelated to their work.
  • Lack of transparency: Employees may not be aware that their activities are being monitored in such a detailed manner. This type of monitoring, if not properly justified, can lead to a feeling of unjustified surveillance, and the lack of information on this is a violation of the transparency principle of the GDPR.
  • Inappropriate Purpose: Collecting data on every keystroke may be considered unnecessary and disproportionate to the purpose. If the goal is to increase efficiency, for example, then this method is too intrusive, especially if the employee does not consent to it.
  • Biometric Monitoring

Method Description: Biometric monitoring involves the use of facial recognition technology, fingerprints, irises, or other biometric features to identify employees or control access. Such technologies are increasingly used in companies to ensure security.

Arguments suggesting violation of employee rights:

  • Sensitive data: Biometric employee data constitutes sensitive data (Article 9 GDPR). The processing of such data requires special safeguards and justification, as it may lead to identification and unauthorised use.
  • Lack of consent: Collecting biometric data without the explicit consent of an employee may constitute a violation of data protection law if there is no legitimate legal basis, such as employee consent or an explicit justification in a security policy.
  • Disproportionality: The use of biometrics for purposes that do not require such technology (e.g. monitoring work efficiency) may be considered disproportionate to the purpose of monitoring and inappropriate for the scope of the employer’s activities.
  • Monitoring with cameras (Webcams Monitoring)

Video cameras can be used in offices to monitor employee behavior , ensure property security, or verify compliance with policies. Video surveillance can be overt (visible) or covert.

Here are some aspects that suggest that this method violates employee rights:

  • Privacy surveillance: When cameras are used to monitor employees outside of the workplace (e.g. in common areas, during breaks), this constitutes a violation of privacy rights. Employees have the right to rest and privacy, especially during breaks, which means that they cannot be constantly monitored.
  • Lack of transparency: If monitoring is conducted in a manner that is not clearly defined in company policy or is hidden (e.g., in locker rooms or break rooms), the employee is unaware that he or she is being monitored.
  • Proportionality: Video cameras may be justified for security purposes, but their excessive and disproportionate use in other situations, such as monitoring work performance, is a violation of privacy principles.
  • Covert Surveillance Techniques

Covert surveillance methods include activities in which the employer does not inform the employee that monitoring is taking place. This can include hidden cameras, wiretapping, or secret monitoring of the employee’s activities without their consent.

Here are some aspects that suggest that this method violates employee rights:

  • Lack of consent and awareness: The employee is not aware that they are being covertly monitored, which is a violation of the principle of transparency and consent, according to the GDPR. The employer is obliged to inform the employee about the methods of surveillance.
  • Violation of the principle of proportionality: Covert methods of supervision are usually used in cases where other methods of supervision do not produce results. However, if they are used without a clear basis (e.g. to control daily work), they constitute excessive interference in the private life of the employee.
  • Lack of clear purpose: Such methods may be used without a clear purpose, leading to an unjustified invasion of employee privacy rights. Any monitoring must be justified by specific, legitimate organizational purposes.
  • GPS monitoring

It can be GDPR compliant if it meets certain requirements. Key aspects include:

Purpose of monitoring – the employer must clearly define why they are implementing monitoring, e.g. to improve efficiency or safety.

Informing employees – employees must be aware that they are being monitored and what data it concerns.

Data minimization – only collect data that is necessary to achieve the monitoring purpose.

Data protection – employers must ensure appropriate data security measures are in place to protect employee privacy.

When implementing GPS monitoring, employers must also conduct a risk assessment and ensure compliance with data protection regulations to avoid GDPR violations.

To ensure that supervision of employees does not violate their rights, the organization should follow several principles:

  • Transparency and information: Employees must be adequately informed of any surveillance methods used in the company. Surveillance policies should be clearly defined and employees must consent to the use of monitoring.
  • Purposefulness and proportionality: The use of surveillance must be justified, proportionate to the purpose (e.g. verification of compliance with security rules, data protection) and limited to the minimum necessary.
  • Data protection: When monitoring personal data (e.g. via biometrics), data protection requirements such as encryption and secure storage of data must be met.
  • Employee consent: Where required by law (e.g. biometric monitoring), employees must consent to the processing of their personal data.

It is worth bearing in mind that such actions can have a negative impact on team relations. Employees may get the impression that management is distrustful of them, doubting the reliable performance of subordinates’ duties. This depends on the atmosphere at work and an important task for management will be to present the reasons and benefits of this solution. Supervision of employees, although it may be justified in the context of ensuring safety and compliance with procedures, must be applied in a manner consistent with the law and with respect for the privacy of employees.

UP