41 most asked questions on UK employee monitoring laws

May 4, 2023

51 554

9 min read

41 most asked questions on UK employee monitoring laws


Employee monitoring in the United Kingdom is recognized and permitted for employers who wish to monitor their employees on legitimate work-related grounds. However, this must be done in a way that complies with the laws in force.

Basics of employee monitoring

Is employee monitoring legal in the UK?

Yes. Employee monitoring is legal in the UK. In fact, there are laws in the UK that guide monitoring employees in the workplace. These include, but are not limited to, the Data Protection Act (DPA) 2018, and the Employment Practices Data Protection Code (EPDPC) 2011. According to the Data Protection Act, these six principles should at least be followed if employers wish to monitor their employees:
  • Monitoring must be lawful, fair, and transparent.
  • The purpose of the monitoring must be specified, explicit, and legitimate.
  • If employee monitoring involves collecting or using personal information, the data collected must be adequate, relevant, and not excessive.
  • The personal data must be accurate and kept up to date.
  • If personal data is collected, it shouldn't be kept for any longer than is necessary.
  • Information gathered through monitoring should be kept secure.
Businesses must understand that employees have a right to a certain degree of privacy at work. It is best to strike a balance between their business interests and employees’ expectations of privacy. Most importantly, the monitoring process should be fair and reasonable.

Is it required to inform employees of the monitoring?

Yes, this is a requirement in the UK. It is relatively uncommon to carry out monitoring in secret without notifying the staff. However, there are limited exemptions where employers can monitor employees without informing them. Specifically, the exception applies where:
  • There is suspicion of criminal activity, and it is most likely that letting the employee know would make it more difficult to detect the crime.
  • Businesses covertly monitor for specific investigation purposes.
  • Covert monitoring must be carried out as quickly as possible and only as part of a particular investigation. Covert monitoring must stop immediately after the investigation has been concluded.
Although it is necessary to inform employees of the monitoring process, employers do not need employees' consent in some cases. Employees do not need to consent to the monitoring (including monitoring the use of social media) provided that:
  • An impact assessment has been carried out.
  • The monitoring is for legitimate purposes.
  • The monitoring does not involve the handling of sensitive personal data.

Informed consent - mandatory or not?

Yes. Obtaining informed consent is a mandatory requirement under U.K. law for integrating employees into a monitoring system. It is illegal to use employee monitoring without obtaining consent, unless there is a good reason why the employer cannot obtain the employee's consent.

Monitoring policy – mandatory or not?

Yes, employee monitoring policies, handbooks e.t.c are mandatory. Policies help lay down guidelines for employee behavior and company devices inside and outside the workplace. Businesses ought to have comprehensive monitoring policies that cover:
  • The nature and extent of the monitoring process.
  • The reason for the monitoring.
  • The impact of the monitoring on the business.
  • How confidential or sensitive information is handled. (If any is taken)
  • Point out acceptable and unacceptable uses.
Additionally, employers need to ensure that they inform employees of the policy, provide copies to each employee, confirm that employees have read and understood the policy, and finally notify employees of any changes or updates to the policy. The provision of data security training to those who are handling the monitored data is also crucial. Employers must ensure that their monitoring policies are compliant with legal requirements.

Is it legal to monitor employees during breaks?

Yes. An employer may monitor employees during breaks, but it requires a legitimate good reason, such as if the employer is acting to detect criminal activity.

Is it legal not to inform employees about what is being monitored?

Yes. The employer must inform the employee about what is being monitored and how it is being done. For instance, if the employer is using a video camera in the workplace, they must inform the employee about it.

Company’s devices monitoring

Is it legal to monitor company’s computers?

Yes. In the UK, monitoring company computers is permissible by law. Employers have the right to ensure that computers in the workplace are used appropriately and not improperly. However, before implementing the monitoring, employers must first discuss this with their employees and clarify the monitoring. These reasons should be legitimate and in line with the business goals. Employers are also required to establish written policies on the use of work computers by employees, and employees should sign these policies accordingly.

Is it legal to monitor company's phones?

Yes. Under UK law, since the phone belongs to the employer, they are allowed to use monitoring on the device, which includes listening to calls and GPS monitoring.

Is it legal to monitor activity on a company device outside of work hours?

Yes. Since the device used by the employee was provided by the company, it is the property of the employer. Therefore, they are allowed to conduct surveillance on it, even outside of working hours.

Personal devices monitoring

Is it legal to monitor employees’ personal devices?

Yes. But only if the device holds work-related information or the employer wants to restrict use during working hours, guarantee quality control, or ensure that employees comply with company rules. Businesses should also have a clear BYOD policy that all employees are aware of in place. Other than that, employees' personal devices should be out of bounds to the employer.

Is it legal to monitor employees’ personal computers?

Yes, as stated in the "Is it legal to monitor employees' personal devices" section, if the computer contains work-related information or the employer has a clear BYOD policy that all employees are aware of, this is legal. But again, employers should be reasonable about how and when the monitoring is carried out.

Can employers require employees to install monitoring software on personal devices?

No. If an employee does not agree with this condition, they have the right to challenge it under UK law. While there are some businesses where employee monitoring may be necessary, the employer cannot force the employee to accept it, and the employee has the right to request dismissal in such cases.

Phone conversations & content monitoring

Is it legal to monitor screen contents and keystrokes?

Yes. While it is legal for employers to monitor screen contents and keystrokes in the UK, this monitoring type should only be considered if there is a legitimate business reason to do so. It is also considered to be illegal if employers do not notify their staff about the monitoring. As a general rule, it is always a good practice to establish clear monitoring policies. Employers may need to obtain written agreements for certain monitoring types, such as keystroke capture in some cases.

Is it legal to monitor or record phone conversations?

Yes, phone monitoring or recording is legal, especially if the purposes are relevant to the employer's business and if the employee uses the company's telecommunication device. The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 give businesses the right to monitor communications on their own networks. Monitoring or recording phone conversations is authorized if the purpose is:
  • To allow employees to comply with the business regulations.
  • To ensure that employees carry out their work under company standards.
  • To prevent or detect criminal activity.
  • To ensure that the communication system operates effectively.
  • To allow the business to identify any unauthorized use of a company device.
  • For security purposes.
Employers must also inform potential users of the interception telecommunications system and establish monitoring policies for company-owned equipment.

Is it legal to monitor email content?

Yes. In the UK, employers are allowed to monitor email content as long as it is on a company-provided device, and there is a legit business reason behind it.The employer also has the right to introduce policies limiting the use of work emails for personal use and provide full details of the monitoring in policies, handbooks, etc. Email monitoring policies should include the following:
  • When the email content is monitored.
  • Why the email content/use is being monitored.
  • How the information collected will be used.
  • Who the information collected will be disclosed to.

Is it legal to monitor private messages and email content?

Yes, employers are allowed to monitor and limit certain activities, such as sending or receiving private messages or emails during working hours, particularly on the company device. At the same time, employers should be careful not to infringe laws such as the Data Protection Act 1998, the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000, among others, when accessing private information. Before monitoring takes place, employees should be notified about this, and they should understand that there is a limit to how much privacy they have when working on a company device.

Video surveillance

Is it legal to use video monitoring systems in the workplace?

Yes. Video monitoring systems are allowed in the workplace as long as there is a legitimate business purpose. That being said, it is important to note that employees must be aware of the surveillance, and it is recommended that signs be displayed to show the cameras' locations. Employers are also not allowed to monitor employees in certain areas (restrooms, lactation rooms, washrooms). Data Protection Act advises employers to be clear about the purpose of monitoring, and the following should be taken into account before the monitoring:
  • Employers should also consider the nature of the problem they are looking to address and whether a surveillance system would be justified and a practical solution, or whether better solutions exist.
  • Employers should consider what effect this kind of surveillance may have on employees and whether its use is a solution to the problem.
  • If employers decide to implement it, the video monitoring systems should not be intrusive to privacy.
Aside from video surveillance systems, there are various employee-friendly options to consider if the primary goal is to monitor overall productivity and ensure that company resources are properly utilized. Employee productivity monitoring software is a great way to balance the benefits of monitoring with the risks of invading employees' privacy.

Is it legal for an employer to monitor employees through a web camera in a device?

Yes. If the device belongs to the employer, they can monitor the webcam on the device during work hours without impediment. However, if the device belongs to the employee, the employer must obtain the employee's consent before monitoring the webcam.

Is it legal to monitor employees through a web camera outside of work hours?

No. If the employee's device belongs to the employee, the employer has no right to monitor the web camera outside of working hours. Such actions may amount to surveillance, and the employer may be held liable under UK law.

Monitoring using GPS

Is it legal to track employee locations using GPS?

Yes. The employer can track the employee's location via GPS, but only in those cases:
- The employee has consented - Type of activity requires such monitoring measures - Employer does so to detect criminal activity - Employee uses a company device

Is it legal to track a company car using GPS?

Yes. Since the car belongs to the company, the employer has the right to track its location.

Is it legal to track an employee's location outside of work hours?

Yes. However, the employer must have a valid reason for tracking the GPS outside of work hours, or they must obtain the employee's consent.

Social media monitoring

Is it legal to monitor internet and social media activities?

Yes. This is legal in the UK. It is within the employer's right to see if employees use the internet and social media inappropriately or excessively during working hours. That said, the following should be taken into account before monitoring.
  • Employers must notify their employees before monitoring their internet and social media usage.
  • Employers are to establish clear policies on the internet and social media monitoring (on the company's own social media page or the employees' personal one) during designated work hours.
  • Monitoring policies should also specify the extent to which the monitoring is carried out and when employees can access certain sites.
  • Policies must confirm the employer's right to monitor employees' use of email and the internet, including access to social media sites.
Although notifying employees about monitoring is a must, obtaining consent is, on the other hand, unnecessary in some cases. According to Regulation of Investigatory Powers Act (RIPA) 2000, these exceptions allow businesses to intercept and record communications (including communications via social media) without consent:
  • To ensure compliance with the regulatory or self-regulatory practices or procedures relevant to the business.
  • To show company standards that are or should be met by employees.
  • To prevent or detect crime.
  • To investigate or detect any unauthorized or misuse of the telecommunications system.
  • To ensure that the system operates efficiently.

Is it legal to monitor internet and social media activity outside of work hours?

Yes. Employers have the right to monitor employees' internet and social media activity, which are regulated by a bundle of UK laws called RIPA.

Is it legal for an employer to keep collected data on their employees' Internet activity?

Yes. The employer can keep the data collected through employee monitoring, but they cannot distribute or publish the data without the employee's consent.

Employers’ rights and obligations

Which UK legislation protects employers’ rights?

In the UK, the rights of employers are protected by a set of laws called the Employment Rights Act 1996, which is still in force and serves as the main legislative force regulating the activity of employers and protecting them.

What are the consequences of violating employee monitoring laws?

The severity and type of violation determine the penalties that an employer may face. For example, if the employer used employee monitoring tools (such as screen viewing or internet traffic monitoring) without the employee's consent, they may face fines based on the amount of damages established by UK law and may have to pay moral compensation to the employee. If the employer used explicit surveillance tools, they may be criminally liable to the full extent of the law.

Can employers sue employees using information received from monitoring?

Yes. A similar practice can be used in the UK; for example, if an employer suspects criminal activity among employees, they can investigate and present their findings to the court or law enforcement agencies.

Employee’s rights

Are there laws in the UK that protect employee privacy in the workplace?

Yes. In the UK, the Data Protection Act 1998 (DPA) requires employers to protect the privacy of employees, particularly those who are subject to employee monitoring.

What UK law protects employee privacy?

Employee privacy is protected in the UK by both employment law and a combination of civil laws that prevent breaches of personal privacy and employee privacy.

Can employees sue employers for violating monitoring laws?

Yes. If any of the laws regarding employee monitoring are violated, the employee has the right to sue the employer.

UK monitoring legislation

What is UK GDPR?

The GDPR is a general data protection regulation that applies to everyone, not just employees. It regulates unauthorized access to personal data, preventing employers from using web cameras on employees' devices to monitor them without reason or consent.

What is The Data Protection Act?

This act was passed in 2018, according to it the personal data as well as the private privacy of employees is protected by law. The employer cannot use video surveillance cameras, wiretapping, monitoring of Internet traffic without the consent of the employee and without warning him beforehand. However, this law has exceptions, for example, the employer may not require consent and not warn the employee if monitoring is used to detect criminal activity among employees.

What is the Wiretap Act or RIPA in the UK?

This law also regulates interception and unauthorized access to telephone conversations. An employer cannot conduct a wiretap without good reason, and even then, it is highly undesirable in the UK and can be very damaging to the employer. The law also regulates instant messaging applications and other points related to personal data.

Is GDPR law in effect in the UK after Brexit?

No. EU GDPR does not apply to the UK after Brexit, but on the basis of this law, the UK has adopted virtually the same regulation, called the UK GDPR.

Workplace safety

Is it legal to use employee monitoring to prevent harassment and discrimination in the workplace?

Yes. If an employer wants to prevent or knit discrimination in the employee workplace, they can use employee monitoring to do so.

Is it legal to use employee monitoring to detect criminal activity?

Yes. Employers can use monitoring to detect criminal activity, as this is an important legal and public interest matter. Nevertheless, monitoring must be conducted carefully, without invading employees' privacy.
If an employer suspects an employee of criminal activity, they must inform UK law enforcement authorities and cooperate with them, following their instructions regarding monitoring.

Monitoring to detect criminal activity should only be conducted in collaboration with law enforcement and according to established standards.

Is it legal to use monitoring to track personal relationships between employees?

No, employers cannot monitor employees' personal relationships, as doing so violates their right to privacy. Infringing on this right may result in administrative penalties if the employee files a complaint against the employer with the appropriate government agency.

Other regions of the UK

Are employers allowed to monitor employees in Scotland?

Yes. In general, the laws of Scotland are virtually the same as those of the United Kingdom and they are also related, so Scotland is subject to the leading laws of the United Kingdom.

Are employers allowed to monitor employees in Wales?

Yes. In Northern Ireland, employers are allowed to monitor their employees, and it is subject to the laws of Great Britain, but there are a few differences. For example, employers cannot use CCTV cameras in the workplace without a good reason, such as detecting criminal activity or monitoring work through a video camera for business purposes.

Are employers allowed to monitor employees in Northern Ireland?

Yes. In the UK, some laws protect employees’ privacy in the workplace, and an employer must comply with those laws when monitoring employees. Article 8 of the European Convention on Human Rights (Human Rights Act 1998) provides the right to respect one’s “private and family life. The Data Protection Act 1998 puts in place fundamental principles that should govern the handling, processing, and storage of ‘personal data relating to employers’ employees. Other legislation includes the Regulation of Investigatory Powers Act 2000 (RIPA), The Telecommunications (Lawful Business Practice)(Interception of Communications) Regulations 2000 (LBP), among others.

Are there laws in the UK that protect employee workplace privacy?

Yes. In the UK, some laws protect employees' privacy in the workplace, and an employer must comply with those laws when monitoring employees. Article 8 of the European Convention on Human Rights (Human Rights Act 1998) provides the right to respect one's "private and family life. The Data Protection Act 1998 puts in place fundamental principles that should govern the handling, processing, and storage of 'personal data relating to employers' employees. Other legislation includes the Regulation of Investigatory Powers Act 2000 (RIPA), The Telecommunications (Lawful Business Practice)(Interception of Communications) Regulations 2000 (LBP), among others.

Is there professional lawyers’ advice on monitoring?

Yes. Lawyers acknowledge that, although there are many legitimate reasons employers may have to monitor employees, the monitoring process should comply with the law and should be fair. Lawyers recommend that businesses:
  • Conduct an impact assessment before the monitoring.
  • Clearly explain the purpose behind the monitoring to employees. (Reason should be valid and reasonable)
  • Create clear monitoring policies so that employees understand what is permissible or not.
  • Ensure that information collected from the monitoring is used only for the purpose for which it has been collected.
  • Avoid excessive monitoring, and only relevant information should be retained.
  • Ensure that only assigned personnel can access the data monitored.
  • Ensure that they balance the monitoring with the employee's right to privacy.

What is the bottom line?

Transparency and notification of employees about the nature and content of the monitoring is key to successful monitoring at the workplace. As a general rule, it is good practice for businesses to create monitoring policies and ensure that employees are familiar with them. That way, they can fully understand the monitoring process and comply. Disclaimer The information provided in this article is for general understanding only and not to be used as legal advice. To receive professional legal advice, please consult your lawyer.

What’s next