Nearly a third of British managers say their organisations are now monitoring employees' online activity, according to new data from the Chartered Management Institute (CMI).
The CMI poll of over 900 managers, notes that over one in three (36%) said their organisation monitors on-site workers, while a similar figure (32%) said the same for hybrid teams, and 30% for remote staff. The most common forms of monitoring include tracking login and logoff times (39%), monitoring browser history (36%), email content checks (35%), and screen activity recording (14%).
So-called 'bossware' – software that can be installed on an employee's computer or mobile phone - can include employee monitoring software, workplace analytics and / or automatic time tracking or productivity monitoring software.
More managers said they support (53%) than oppose (42%) the monitoring of online activities on employer-owned devices in their organisations, with one in seven (13%) feeling this 'strongly' and two in five (40%) 'somewhat'.
Supporters of online monitoring argue that it helps prevent misuse of systems (56%), protects sensitive data (55%), and ensures compliance with regulations (42%). More than a quarter believe it supports fairness (28%) and helps manage performance and workload (27%).
Among managers who oppose online surveillance, the vast majority say it undermines trust between employers and employees (79%), creates a sense of being watched (70%), and harms morale (58%).
However, there is broad agreement from both sides that transparency matters. More than half of managers (54%) said they would want clarity on what is being tracked and why, if their organisation introduced monitoring and 20 per cent would raise concerns with HR or their line manager and 16 per cent would say they would consider seeking another job.
"Surveillance can offer short-term reassurance, but it can risk long-term damage to trust, morale and workplace culture," said Petra Wilton, Director of Policy and External Affairs at CMI. "Effective management depends on trust, fairness and confidence. If online monitoring is used, organisations should be transparent and openly communicate what is being tracked and the reasons behind it.
Surveillance should not undermine trust or replace effective, personal performance metrics. Leading organisations are transparent, honest and focus on constructive feedback to help employees perform their best."
The use of surveillance software also risks employers leaving themselves open to regulatory or legal scrutiny. As senior solicitor in law firm Harper James' Data Protection team, Becky White, pointed out.
"Employers are understandably keen to ensure productivity and protect their business, particularly with the sharp rise in working from home that has occurred since the COVID pandemic," she said. "However, the use of so-called 'bossware' raises significant data protection concerns, and under the UK GDPR, any form of monitoring must be lawful, necessary and proportionate. That means organisations cannot simply collect large amounts of employee data on the assumption it might be useful, as they need an appropriate lawful basis for collecting this data.
"Compliance with a legal obligation, such as health and safety regulations, is one potential example, and another is where the monitoring is in the "legitimate interests" of the employer, and these interests are not overridden by the rights and freedoms of staff (examples include ensuring IT security or even operational efficiency). In all instances, employers must keep the intrusion to a minimum and be careful only to collect what is necessary to achieve the purpose.
"Transparency is equally vital and a core principle of UK GDPR. Employees must be told in plain language what data is being collected, how it will be used, how long it will be retained and who it will be shared with. This information is usually supplied in a staff privacy policy or a separate policy giving details of the organisation's approach to employee monitoring.
"The Information Commissioner's Office expects employers to carry out a Data Protection Impact Assessment before introducing any form of surveillance, to identify risks and explore less intrusive alternatives. Employers should also think carefully about the security of the information they are gathering keystroke data, browsing histories and screen captures can themselves be highly sensitive. Ultimately, technology should never be a substitute for effective leadership and open communication. Used without care, 'bossware' could expose organisations to regulatory action, legal claims and reputational harm."