The coronavirus pandemic has been a boon to the surveillance tech industry. Governments across the world have scrambled for technological tracking solutions to fight Covid-19. Now businesses are investigating the potential of immunity passports, private contact tracing apps and workplace surveillance tools for getting employees safely back to work. But UK companies aiming to introduce this technology could be stepping into a legal minefield.
The Financial Times reported that companies including consultancy firm PwC are currently racing to build contact tracing apps and tracking devices that record where employees have been and who they were with. Global engineering consultancy Arup says that its thermal imaging camera that measures employee temperatures is attracting interest from UK companies. Reuters reported that workplaces are integrating artificial intelligence software – including cough and sneeze-detecting technologies – into existing security cameras that can track employee compliance with social distancing and mask-wearing regulations.
The idea underlying these initiatives is that although most democratic countries have said that national contact tracing apps will be voluntary – with NHSX claiming employers won’t be allowed to coerce employees into downloading the UK’s tracing app – employers will be able to call for the mandatory usage of such technologies.
However, there are some serious legal hurdles to introducing this tech into UK workplaces. “The starting point on these is they’re going to need specific legislation – because pretty easily, you’re going to start tripping over the Equality Act 2010,” says Peter Daly, employment lawyer at Slater and Gordon. Immunity passports – based on a concept still not fully endorsed by science – are likely to spark claims of discrimination.
In theory, immunity passports can be given to people who have already had coronavirus, and are therefore unlikely to contract it again – meaning they are ‘safe’ to enter public and working spaces. However, this concept risks discriminating against employees who have been shielding from the virus on government advice, such as older workers and pregnant women. “You would need to make specific amendments to the Equality Act to deal with that,” predicts Daly.
Daniel Shears, national health, safety and environment officer for GMB says the trade union has “major reservations about the use of technology to control Covid risk”. He says that the greater severity and mortality of Covid-19 in BAME people in the UK means that the union has concerns that “the [immunity] passports may entrench the concept that BAME workers are less suited for such passports”.
He also points out that the concept could prove dangerous, because “particularly in lower paid sectors […] they might provide a perverse incentive to deliberately contract Covid, to ensure that eligibility for a future passport is assured.” Of course, this could lead to outbreaks and increased mortality among a group that has been shown to be at greater risk from the virus.
Beyond discrimination, surveillance tech poses unwieldy implications for data protection. Health data, which would be collected by such technologies, is designated sensitive – and therefore more protected – under both GDPR and the Data Protection Act. “You’ve got to have really clear reasons for using it – really tight restrictions on when and how and who has access to it, how long you keep it for, all of these things,” says Daly.
For bespoke, private contact tracing apps, a worker’s right to privacy could also be put at risk. “If your company is able to monitor you 24/7, and know where you are at all times – who you were talking to, when you go to the loo, when you go for lunch – that’s a huge imposition on your privacy and your rights,” says Daly. “The European Court of Human Rights has repeatedly found that the right to private and family life extends to privacy protection in the workplace, and can be infringed by surveillance introduced by employers,” says Joe Atkinson, lecturer in Law at Sheffield University. This means that surveillance that goes beyond what’s necessary to make workplaces safe could potentially infringe the Article 8 right to private life under UK law.
Shears says any new employee-focused tracing technology would necessitate “cast iron guarantees around the use of data” because “the potential for abuse of tracking data is high [and there is] little confidence that employers will restrict the use of data to purely Covid tracking purposes.” GMB recently exposed the lack of privacy controls on the Care Workforce App, which was launched by health secretary Matt Hancock to provide guidance and resources to carers. The union found that the app allowed managers to access employees’ private messages and identify staff who had complained about pay, testing and personal protective equipment.
If employers ask workers to install contact tracing apps on their phones, it’s not just life in the workplace that’s under surveillance, but their personal life too. And it’s not just them, but anyone else they interact with, some of whom may be identifiable. “I can’t see why or how it would be justified for an employer to hold that data,” says Daly, adding: “From a practical perspective, I can’t see why an employer would want to have that data because it would be an absolute minefield.” Holding sensitive data like this invites huge legal risks related to data protection, storage, deletion and anonymisation.
What happens if employees refuse to agree to increased monitoring? It’s unlikely that any prior consent provided by employees would cover the “breadth and depth” of the new proposals, so Daly says that employers would likely have to seek new consent. If the employee refused, dismissal upon these grounds could be judged unlawful. Daly says that if an employee argued that they didn’t want to use a certain technology such as a tracking app because it would increase the likelihood of them losing their job due to discrimination based on a ‘protected characteristic’ (e.g. age, race, sex, disability), making them do so could be unlawful under the Equality Act 2010. Excluding more BAME than white employees on the basis of such technologies could be found to be discriminatory in itself, Daly points out.
If an employee is not symptomatic “there is currently no mechanism to force an individual to take a medical test against their will”, according to Daly. A workplace turning away an employee because of, for example, having a temperature, could even be in breach of contract for rejecting an employee who is ready, willing and able to work. This could differ if the employee was symptomatic, given a common clause in employment contracts that says if an employee is taking a lot of time off work they have to go to a doctor to find out what’s wrong with them.
If an employee provides consent, then technically these technologies can be used legally. “You have to question though, how can consent be validly withheld or withdrawn?” says Daly. Under GDPR, there needs to be a clear purpose for taking data, and the onus would be on businesses to prove they had legitimate reasons for doing so. Companies would need to conclusively demonstrate that collecting medical information such as employee temperatures would prevent the spread of Covid-19 – something that is tricky given the novelty of the virus and its symptomatic profile. “The short answer is, I don’t think you can at the moment,” says Daly.
Beyond legal issues, there are other concerns over employers introducing more surveillance technologies into the workplace. A potent one is function creep. Kirstie Ball, professor of management at St Andrews University, uses the example of workplaces investing in smart CCTV cameras to prevent the spread of Covid-19 in the workplace, only to repurpose them afterwards to monitor “how employees are performing, how long they’re spending at their work stations, how quickly they’re moving around the workplace”.
Many US employers have invested in technology to track remote workers during the pandemic, and routinely make employees turn on web cams and share screen functions. “That’s a classic example of making an employment contract more difficult to fulfil,” says Ball. She says that surveillance measures (even if ostensibly for the goal of public health) can violate the “psychological contract” that codifies employer and employee expectations of one another – particularly if their usage results in punitive action. This can lead to “knock-on effects in terms of motivation and commitment”, an erosion of trust, and damage to an employee’s sense of control and autonomy, which can in turn lead to increased stress and absenteeism.
The boom in technology has led to a surge in the tracking and monitoring of employees – particularly in the US where safeguards are looser. In The Age of Surveillance Capitalism, Shoshana Zuboff writes that the workplace is “where invasive technologies are normalized among captive populations of employees.” Surveillance tends to have an inverse relationship with workplace wellbeing. This is encapsulated best today by Amazon, a company which monitors its warehouse employees’ every movement and ejects those that fight for better conditions through collective action. Companies aiming to introduce similarly invasive measures because of coronavirus might want to tread carefully. As Ball says, they risk forfeiting employee cooperation, commitment and a positive organisational culture. “Those things are very easy to lose – but very difficult to gain back”.