From your fingerprint being scanned when you get to work to your every location being monitored through a GPS tracking device while you’re on the road, employee monitoring has come a long way since the traditional punch clocks or handwritten mileage registers.
But which countries have the greatest scope for employee monitoring, thus creating the most-watched workers in the world?
Comparitech studied the world’s top 50 countries by GDP to find out. We looked at the use of biometrics for timekeeping/security purposes, how much access to personal information there is, how employee activities can be monitored, and to what extent CCTV may be used within the workplace.
Where is there adequate legislation to protect employees’ privacy rights and where does legislation provide vast surveillance opportunities for employers?
Key employee monitoring statistics:
Out of the top 50 countries studied, five were omitted due to lack of data (Algeria, Bangladesh, Iran, Kazakhstan, and Venezuela). Of the remaining 45 countries:
- All allow biometrics to be used in the workplace to some extent – only Poland and Sweden provide strict measures which largely prohibit employers from using biometrics for timekeeping purposes
- The majority ensure an employee can refuse to give their biometrics. But workplace policies often enable organizations to stipulate it as a requirement for the role, thus requiring the employee to hand over their biometrics or miss out on the role
- Most lack clear data retention periods for biometrics
- All keep personal data records on employees for a significant (or unspecified, “no longer than necessary”) period of time. But all provide some level of access to this data
- All permit some form of background check on a candidate but most limit these to specific roles and/or require employee consent
- All allow employers to monitor emails and calls to some extent with the majority also permitting this so long as the employee is notified (consent is often deemed irrelevant in the workplace due to the employer-employee relationship)
- The vast majority also provide scope for employers to monitor private communications and/or devices so long as this is stipulated in workplace policies and employees are aware
- All allow a certain level of social media monitoring (most are restricted to workplace use/improper use outside of the workplace, i.e. defamation of the organization) and all allow GPS tracking of employees (again, often with strict rules around employee privacy)
- Almost half lack adequate legislation around CCTV use in the workplace
- Most enable ongoing surveillance in the workplace (often within limits, e.g. it cannot be used to control employees) but employees must be notified of its existence, and cameras aren’t permitted in areas employees would expect privacy, e.g. recreational rooms and restrooms
- Only a third of countries have strict data retention laws in place for CCTV surveillance footage
The top 10 countries for employee monitoring
To find out where workers are the most tracked, we scored them across four categories to give them a score out of 50. The lower the score, the heavier the surveillance. The following 10 countries are our worst-scorers:
- China = 6/50: Our worst-scoring country is perhaps the least surprising. With its data protection law still pending and the evidence of widespread and invasive use of biometrics and surveillance technology, China scores a mere six out of 50. Its six points come from employees’ access to personal data, some restrictions around conducting background checks on employees (consent is often required), and a certain level of consent (or notification at the least) surrounding workplace monitoring. Of greatest concern is the widespread and invasive use of biometrics in the workplace (employees’ brainwaves have even been monitored for productivity levels) and the lack of clear legislation in many areas, including CCTV in the workplace. Although China is looking to add its own layer of data protection through legislation, many remain doubtful as to how restrictive/implemented it will be.
- Pakistan = 7/50: Scoring just one point higher than China is Pakistan. Here, biometrics are heavily in place for employees in schools and government entities, there is a lack of data protection legislation, employers are able to conduct background checks “to protect their interests,” notification is all that’s required for employee monitoring, and CCTV use in the workplace remains largely unregulated.
- Vietnam = 7/50: Joint with Pakistan is Vietnam. In Vietnam, biometric use in the workplace is growing, but biometric data remains somewhat unprotected (although steps are being taken). Employers also have a lot of scope when it comes to monitoring their employees (notification within policies will normally suffice), and CCTV in the workplace lacks clear legislation and/or guidance. Employees do have the right to request access to their personal data.
- Indonesia = 9/50: Biometric use in the workplace is also growing in Indonesia with many public organizations using them. Sensitive data is also vastly unprotected by legislation which leaves them open to abuse. The laws surrounding workplace monitoring are also unclear but consent or notification is generally required. Employees should also be informed of CCTV monitoring but further lack of legislation here leaves this open to abuse, too.
- Iraq = 11/50: It is much the same story in Iraq where lack of legislation leaves employees open to surveillance and monitoring from their employers. However, their personal data is given some protection as it should be destroyed two years after the employment period ends.
- The United Arab Emirates = 11/50: Tied with Iraq is the United Arab Emirates where, again, there is a lack of proper guidance and legislation to protect employees’ privacy. Consent is a requirement for workplace monitoring and surveillance should be limited to the workplace, but lack of clarity creates some gray areas. And while there may be suggestions that employees should be notified of CCTV surveillance, it is only that–a suggestion.
- Saudi Arabia = 12/50: Although data protection legislation is lacking in Saudi Arabia, there are some provisions that help go toward some level of privacy for employees. For example, cameras are only permitted in some areas and company policies should be clear around employee monitoring. That said, with proper notification, employers are able to monitor their teams to a great extent and lack of clarity leaves this open to abuse.
- India = 15/50: India does offer some protections for biometric use in the workplace, requiring consent for its use and the deletion of this data once it has served its purpose. Employee monitoring is also quite widespread but employees should be informed of these policies, although with areas like “geolocation” not being classed as personal information, there is the potential for quite invasive measures to be implemented. This is also true with CCTV in the workplace with legislation and guidance lacking here.
- Colombia = 19/50: Although biometric use in the workplace is quite widespread in Colombia, there are strict rules surrounding its use, e.g. consent is a requirement. While employees should also be informed of CCTV surveillance, some interpretations suggest these methods of monitoring can be used to “control” job performance.
- Turkey = 20/50: Despite the fact Turkey is governed by GDPR and has its own data protection legislation, there is an allowance for employee monitoring through clear policies. There isn’t specific legislation surrounding CCTV use in the workplace, either, but privacy legislation will need adhering to.
It is also worth noting that while legislation/guidelines may be in place, this doesn’t necessarily mean that they are being fully adhered to by employers. Also, where there are case laws governing some practices, there is no guarantee that these will be followed indefinitely.
Which industries have the most-watched workers?
While the legislation we have covered tends to be aimed at all workers, that’s not to say these laws don’t give scope for employees from certain industries to be placed under more surveillance than others.
- Fingerprint or facial scanning for signing-in or security purposes tends to be limited to industries where it is proven to be necessary and the only option available. For example, asking a call center worker to scan their fingerprint to clock in may be deemed “excessive” but asking the same of an employee working in a bank may not. But with facial recognition providing a contamination-free solution to COVID-19 restrictions, this could provide employers with the loophole they’ve been looking for. This type of technology is already seen as a great solution to cross-contamination in the food and beverage industry, with factory workers being given different levels of permission so they can only enter certain production lines.
- GPS tracking enables constant monitoring of those in driving-based jobs, with their every movement being tracked and perhaps even timed. But it’s also being expanded to other industries to “increase productivity.” Take Amazon, for example. Its controversial wristband tracking system proposed the use of ultrasonic tracking to pinpoint exactly where an employee’s hand is as they go to retrieve an item from the warehouse, vibrating to point them in the right direction. Add COVID-19 into the mix here, too, and these technologies are now being used to ensure employees don’t get too close to one another.
- CCTV monitoring may not be permitted in certain areas or as a constant monitoring tool, but add in a requirement to your company policy (for staff safety, for example) and every move may be on camera.
Essentially, with technology expanding at a much faster rate than legislation (some countries don’t even have adequate data protection policies in place yet), there is an increasing number of areas that leave employees open to surveillance within the workplace. An app advertised as a tool to help improve company efficiency, like the housekeeping app that tracks an employee’s workflow, may be all a company needs to monitor an employee’s productivity levels within privacy requirements. And is there any industry that’s safe?
High-level roles that require security clearance are likely to see a growing trend in biometrics for signing-in and access purposes, while entry-level roles are being increasingly tracked by apps and other productivity-monitoring tools. And even though those in mid-level positions may escape these types of surveillance, it’s more than likely their employee has some kind of monitoring policy written into their contract.
Which countries are providing their employees with the greatest protections against employer monitoring?
It wouldn’t be fair to do a top 10 list of countries with the “least-watched” workers as this simply wouldn’t be true. Of all the countries we studied none of them prohibited employee monitoring across the board. However, many European countries provide greater protections thanks to the General Data Protection Regulation (GDPR). The top 13 best scorers in the study are all within Europe.
Our best scorers overall are Austria, France, and Sweden. Good practices include:
- France’s clear legislation on biometrics in the workplace, with the stipulation that raw biometric data templates should be deleted as soon as they are created and identification data kept for six months further.
- Sweden’s strict rules surrounding biometric use in the workplace, with the use for timekeeping being generally unpermitted.
- Austria’s prohibition of permanent monitoring of employees’ workplace emails and computers.
All three countries also have clear legislation surrounding CCTV use in the workplace. That said, all allow for it.
Even with protective legislation, employers continue to have the upper hand surrounding workplace monitoring.
There is a lot of debate surrounding the use of consent in the workplace. Due to the employer-employee relationship and its hierarchy, seeking an employee’s consent isn’t often enough as they are almost “forced” into giving it in order to keep their jobs. However, making employees aware of company policies and writing these clauses into contracts also has the same effect–if you want the job, you have to sacrifice a certain level of privacy.
A recent case in Turkey offers us a prime example of this. An employee’s contract was terminated after the bank he was employed at found he had been conducting commercial activities through his wife’s business while working at the bank. Initially, the court dismissed the employee as he had been conducting private matters during work time. He appealed the decision but this was again rejected. He then resubmitted his appeal stating that his right to privacy and freedom of communication had been violated.
The court again rejected his application as the employer had a large number of staff providing financial services, permitting them legitimate access to corporate email content. The employment contract also clearly stipulated that corporate emails should be used for work-related purposes only and audits could be conducted without any further consent.
Decisions like these suggest that even with clear restrictions and protections in place for employee privacy, employers are almost granted a “loophole” through policies and contracts. So while European laws tend to find that consent isn’t adequate enough due to the imbalance of an employer and employee relationship, it can do little to protect against monitoring techniques being implemented within policies.
Unless countries strictly prohibit the use of monitoring techniques and biometrics in the workplace, workers are likely to be subject to increasing surveillance as technologies develop and more business is conducted online.
Methodology and scoring
Our team focused on the top 50 countries by GDP (from Index Mundi), searching through legislation, legal websites, and other high-authority sources to determine what legislation was in place to give the following scores:
- Time and attendance
- Can they use biometrics – Yes (0), No (2), only in strict circumstances/with consent or as part of a contract (1)
- How often are biometrics used – Widespread/invasive use (0), large-scale use (1), growing use (2), some evidence of use/strict restrictions (3), testing technology/have limitations on where biometrics may be used (e.g. for extreme security purposes but not timekeeping) (4), no use (5) — changes due to COVID-19 restrictions haven’t been used when scoring
- Refusing to give biometrics is punishable – Yes or unclear/no law which would allow for this (0), Yes but only if part of a contract or condition of employment (1), No (2)
- How long can an employer keep biometric data for? – Over 10 years/unspecified (0), 5 to 10 years (1), 3 to 5 years/“as long as necessary”/until the employment term comes to an end (2), 1 to 3 years (3), up to one year (4), no records kept (5)
- Personal information
- How long does an employer keep personal information for? – Over 10 years/unspecified (0), 5 to 10 years (1), 3 to 5 years/“as long as necessary” (2), 1 to 3 years (3), up to one year (4), no records kept (5)
- Can an employee request to see this information? No (0), Yes (2), only certain circumstances or areas/general law suggests they would (1)
- Can an employer carry out background checks on potential employees? No (2), Yes (0), only certain checks permitted, i.e. no criminal checks or only for certain roles (e.g. teachers/police officers) or with explicit consent from the employee (1)
- Activity monitoring
- Communications can be monitored (emails/calls) – Yes (0), No (2), only certain circumstances/not on a constant basis (1)
- Is consent required? Yes (2), No (0), only certain circumstances/consent not required but the employee must be informed/evidence of monitoring without consent even though it is recommended (1)
- Any additional limitations? No (0), prohibited to monitor private devices (2), some scope for access to private devices (i.e. through clear policies) (1)
- Other monitoring – Yes – GPS and screen/computer monitoring, (0), No (2), only certain circumstances (1)
- Is consent required? Yes (2), No (0), only certain circumstances/consent not required but the employee must be informed (1)
- Any additional limitations? No (0), some, i.e. location of monitoring (1), Yes – significant stipulations and requirements for monitoring (2)
- Can social media be monitored? Yes (0), No (2), only if the employee is using the platforms during work hours/defamatory content outside of work hours (1)
- Is there legislation in place regarding the use of CCTV in the workplace? – Yes (2), No (0), some areas with legislation but some without or no explicit law but court rulings/indications that privacy should be protected (1)
- Limitations – Yes – e.g. constant monitoring cannot occur (2), No – CCTV cameras can be on at all times (0), certain circumstances (1)
- Do employees have to be informed? – Yes (2), No (0), certain circumstances (1)
- Are cameras allowed anywhere or only in certain areas? Anywhere (0), no specific legislation but some guidance on camera placement/privacy protection (1), Certain areas (2)
- How long is footage kept for? Over 10 years/unspecified (0), 5 to 10 years (1), 3 to 5 years/“as long as necessary”, or different law requirements by states (2), 1 to 3 years (3), up to one year (4), no records kept/no monitoring for records to be kept (5)
Countries removed due to lack of data: Algeria, Bangladesh, Iran, Kazakhstan, and Venezuela.
Data researchers: George Moody, Rebecca Moody