The Unblinking Eye: Employee Monitoring in the IoT Era


Monitoring machines in the Internet of Things can provide valuable data, but there could be privacy issues when employees are using those machines.

The privacy concerns raised by the Internet of Things (IoT) have focused mostly on the consumer, whose personal data is captured in a growing list of goods, including mobile devices, fitness trackers, cars, and home appliances. 

Less attention has been paid to the privacy of employees interacting with IoT in the workplace. For ample reasons, innovation in so-called industrial IoT (IIoT) is projected to explode in coming years. With the latest technologies, companies can better manage and track their inventory; automatically spot and service equipment failures; create safer work environments; and improve employee efficiency. These improvements are made possible through real-time communication between machines with software that collects and interprets vast amounts of data.

But companies investing in these technologies should be aware of potential legal-privacy risks that await. Even if it’s not their primary function, many IIoT applications could be used to monitor employees in unintended ways. Use of such data, if it’s not obtained properly, could damage a company’s reputation or put it on the defense in litigation.

Take, for example, sensors that some industrial companies embed in employee uniforms and helmets. These kinds of sensors can detect hazardous conditions such as toxic gases, or warn of over-exertion based on the reading of an employee’s heartbeat. Or consider GPS-enabled devices or mobile applications that permit employers to track the precise physical location of workers in order to deploy them most efficiently to new work assignments.

But what if information gleaned from these devices was used to detect patterns about an employee’s movements, which could be used to draw negative conclusions about the employee’s efficiency or performance? Yet an employee’s slow pace in moving between work stations, or frequent departures for bathroom breaks, might be due to a legally protected medical condition rather than laziness. Penalizing the employee based on this data might set the employer up for a disability discrimination claim. Similarly, an employer may face whistleblower or retaliation claims if a manager is able to use location data to figure out which employee went to the human resources office to lodge a complaint about him or her. It is inevitable that employers will seek to use IoT data to better manage their employees, as well as their inventory and equipment, but employers will need to guard against inappropriate or even unlawful uses of this data.

The sensors do not need to be carried by the employees to raise potential privacy concerns. In a connected workplace, data about employees can be captured in any number of ways. Sensors connected to equipment -- forklifts, for instance -- could provide detailed information about an employee’s movements. Again, harvesting and using this data could open up a Pandora’s box.

Unfortunately, a myth persists that an employee’s privacy rights end the moment he or she walks through an employer’s door. The reality is more nuanced in the United States, where employees can and do bring claims against their employers alleging that monitoring activities invade their privacy, especially when the monitoring is high-tech or unexpected. And the myth is fundamentally wrong in places outside the United States, such as in Europe, which views privacy as a fundamental human right that follows employees into the workplace and thus imposes broad restrictions for monitoring employees.

Other stakeholders may have a say in employee monitoring as well. Unionized employers will need to consider their potential obligations to consult or bargain with the labor unions over employee monitoring programs. Employers will also need to assess their obligations under local employment laws to consult with works councils or other employee representatives and potentially to register with (or even seek approval from) local data protection authorities of certain employee monitoring activities. Employee monitoring activities that may be permissible in one country may be problematic in another, so it is important to consider local laws and practices.

To reduce the risk of employee claims and reputational harm, companies should keep a few best practices in mind:

Christine E. Lyon is a partner with Morrison & Foerster. She advises organizations on cutting-edge issues related to the collection, use, sharing, and safeguarding of data, including personal information of customers and employees.

0 Comment

Leave a Reply

Captcha image


  • 5300c769af79e

    Hidden Tips for Mastering iOS 10

    With the release of every new mobile operating system—especially Apple's iOS—there comes a slew of new features.Like iOS 9 and iOS 8 before it, iOS 10 is no exception.
  • 5300c769af79e

    Too Busy to Read? 5 Services to Help You Save for Later

    That's what "read-it-later" (aka bookmarking) services are all about.Grab an article or Twitter thread you want to read or video you want to watch, and these services make it a breeze to capture and access later.
  • 5300c769af79e

    Dwayne 'The Rock' Johnson Made a Siri Movie

    Yesterday, Dwayne "The Rock" Johnson tweeted that he had teamed up with Apple "to make the biggest, coolest, sexiest, funnest (is that a word?Now, while The Rock may call this a movie, at under four minutes I'd call this a very well-crafted and expensive advertisement paid for by Apple.
  • 5300c769af79e

    Business Card Request Form

    Afghanistan Albania Algeria American Samoa Andorra Angola Antigua and Barbuda Argentina Armenia Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bosnia and Herzegovina Botswana Brazil Brunei Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Colombia Comoros Congo, Democratic Republic of the Congo, Republic of the Costa Rica Côte d'Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic East Timor Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Faroe Islands Fiji Finland France French Polynesia Gabon Gambia Georgia Germany Ghana Greece Greenland Grenada Guam Guatemala Guinea Guinea-Bissau Guyana Haiti Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Israel Italy Jamaica Japan Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kosovo Kuwait Kyrgyzstan Laos Latvia Lebanon Lesotho Liberia Libya Liechtenstein Lithuania Luxembourg Macedonia Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Mauritania Mauritius Mexico Micronesia Moldova Monaco Mongolia Montenegro Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Zealand Nicaragua Niger Nigeria Northern Mariana Islands Norway Oman Pakistan Palau Palestine, State of Panama Papua New Guinea Paraguay Peru Philippines Poland Portugal Puerto Rico Qatar Romania Russia Rwanda Saint Kitts and Nevis Saint Lucia Saint Vincent and the Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Sint Maarten Slovakia Slovenia Solomon Islands Somalia South Africa Spain Sri Lanka Sudan Sudan, South Suriname Swaziland Sweden Switzerland Syria Taiwan Tajikistan Tanzania Thailand Togo Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Tuvalu Uganda Ukraine United Arab Emirates United Kingdom United States Uruguay Uzbekistan Vanuatu Vatican City Venezuela Vietnam Virgin Islands, British Virgin Islands, U.S.