The Unblinking Eye: Employee Monitoring in the IoT Era - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Data Management
01:00 PM
Christine Lyon, Partner in the law firm of Morrison & Foerster
Christine Lyon, Partner in the law firm of Morrison & Foerster

The Unblinking Eye: Employee Monitoring in the IoT Era

Monitoring machines in the Internet of Things can provide valuable data, but there could be privacy issues when employees are using those machines.

The privacy concerns raised by the Internet of Things (IoT) have focused mostly on the consumer, whose personal data is captured in a growing list of goods, including mobile devices, fitness trackers, cars, and home appliances. 

Less attention has been paid to the privacy of employees interacting with IoT in the workplace. For ample reasons, innovation in so-called industrial IoT (IIoT) is projected to explode in coming years. With the latest technologies, companies can better manage and track their inventory; automatically spot and service equipment failures; create safer work environments; and improve employee efficiency. These improvements are made possible through real-time communication between machines with software that collects and interprets vast amounts of data.

But companies investing in these technologies should be aware of potential legal-privacy risks that await. Even if it’s not their primary function, many IIoT applications could be used to monitor employees in unintended ways. Use of such data, if it’s not obtained properly, could damage a company’s reputation or put it on the defense in litigation.

Christine Lyon
Christine Lyon

Take, for example, sensors that some industrial companies embed in employee uniforms and helmets. These kinds of sensors can detect hazardous conditions such as toxic gases, or warn of over-exertion based on the reading of an employee’s heartbeat. Or consider GPS-enabled devices or mobile applications that permit employers to track the precise physical location of workers in order to deploy them most efficiently to new work assignments.

But what if information gleaned from these devices was used to detect patterns about an employee’s movements, which could be used to draw negative conclusions about the employee’s efficiency or performance? Yet an employee’s slow pace in moving between work stations, or frequent departures for bathroom breaks, might be due to a legally protected medical condition rather than laziness. Penalizing the employee based on this data might set the employer up for a disability discrimination claim. Similarly, an employer may face whistleblower or retaliation claims if a manager is able to use location data to figure out which employee went to the human resources office to lodge a complaint about him or her. It is inevitable that employers will seek to use IoT data to better manage their employees, as well as their inventory and equipment, but employers will need to guard against inappropriate or even unlawful uses of this data.

The sensors do not need to be carried by the employees to raise potential privacy concerns. In a connected workplace, data about employees can be captured in any number of ways. Sensors connected to equipment -- forklifts, for instance -- could provide detailed information about an employee’s movements. Again, harvesting and using this data could open up a Pandora’s box.

Unfortunately, a myth persists that an employee’s privacy rights end the moment he or she walks through an employer’s door. The reality is more nuanced in the United States, where employees can and do bring claims against their employers alleging that monitoring activities invade their privacy, especially when the monitoring is high-tech or unexpected. And the myth is fundamentally wrong in places outside the United States, such as in Europe, which views privacy as a fundamental human right that follows employees into the workplace and thus imposes broad restrictions for monitoring employees.

Other stakeholders may have a say in employee monitoring as well. Unionized employers will need to consider their potential obligations to consult or bargain with the labor unions over employee monitoring programs. Employers will also need to assess their obligations under local employment laws to consult with works councils or other employee representatives and potentially to register with (or even seek approval from) local data protection authorities of certain employee monitoring activities. Employee monitoring activities that may be permissible in one country may be problematic in another, so it is important to consider local laws and practices.

To reduce the risk of employee claims and reputational harm, companies should keep a few best practices in mind:

  • Give proper notice to employees. Office workers are used to receiving privacy notifications from their employers when they log onto their work computer. Similar notifications should be given to employees who are interacting with the IIoT.
  • Be thoughtful about what you collect and collect only what you need. In seeking to improve workplace efficiency and safety, it’s natural to want more data. The richer the data, the better the conclusions can be made about what needs improvement. But the more data collected, the more likely you could run into unforeseen legal consequences. Generally, when deciding what information to collect, make sure there is a strong business case that outweighs privacy concerns for individuals. In court, it’s harder to defend data collection seen as excessive.
  • Be thoughtful about how long you maintain the data. With data storage so cheap, it may be tempting to keep data for extended periods of time. But again, the longer you keep data, the more potential for legal risk. If maintaining data for long periods is critical, think about aggregating data so it’s no longer personalized.


Christine E. Lyon is a partner with Morrison & Foerster. She advises organizations on cutting-edge issues related to the collection, use, sharing, and safeguarding of data, including personal information of customers and employees.

The InformationWeek community brings together IT practitioners and industry experts with IT advice, education, and opinions. We strive to highlight technology executives and subject matter experts and use their knowledge and experiences to help our audience of IT ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
3/22/2017 | 9:13:26 AM
IoT security
There ara really lots of issues with IoT at the moment. In January there was a big IoT Tech Expo in London where industry experts discussed issues mentioned in the article. The main idea behind the Expo is that IoT is evolving, there is no single understanding of what it encompasses and what are the boundaries, especially legal. As IoT software developers we were really keen on learning more about software security. And there is no clear answer on how to provide it. One of the cases, for example, is when you use smart bulbs at you industrial premises/home and then - when it is broken - you throw it away. However, the lamp has in-built access to you network. Which means you even cant just throw away IoT devices....    
Enterprise Guide to Edge Computing
Cathleen Gagne, Managing Editor, InformationWeek,  10/15/2019
Rethinking IT: Tech Investments that Drive Business Growth
Jessica Davis, Senior Editor, Enterprise Apps,  10/3/2019
IT Careers: 12 Job Skills in Demand for 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/1/2019
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Flash Poll