What Your Employer Can Legally Know About You

Workplace monitoring has expanded considerably in the past decade. Remote work, bring-your-own-device (BYOD) policies, and the proliferation of employee productivity software have made monitoring technically easier and organisationally more common. The legal frameworks governing what employers can and cannot do differ markedly between the United Kingdom and the United States — and within the US, between federal law and individual states.

This topic describes those frameworks. It does not offer advice about any individual's employment situation; it describes what the law says and where documented limits lie.

Why the jurisdictional difference matters

The UK and the EU more broadly approach employee monitoring from a starting point of data protection rights: monitoring must be justified, proportionate, and transparent. Employees have legally enforceable rights to know they are being monitored and to challenge monitoring that exceeds legitimate business purposes.

The United States begins from a different starting point. Federal law provides relatively weak baseline protections for employee privacy. The Employment-at-Will doctrine, which governs most US employment relationships, gives employers significant latitude. The primary federal statute — the Electronic Communications Privacy Act (ECPA) — was enacted in 1986 and contains significant exceptions that allow employers to monitor communications on company-owned systems.

This structural difference means that the same monitoring activity might be clearly lawful in the US but require careful justification and documentation in the UK.

The scope of monitoring technology

Employee surveillance software — sometimes marketed as 'productivity monitoring' or 'employee engagement' tools — can capture keystroke logs, screenshots at regular intervals, application usage data, website visit history, active and idle time, location data from company devices, and in some cases video from webcams. Tools in this category include products such as Teramind, Hubstaff, Time Doctor, and many others.

A 2023 survey by ExpressVPN found that 78% of employers admitted to monitoring employees remotely, and approximately 57% of remote workers were unaware of the extent of monitoring in place (ExpressVPN, 2023). A 2024 study by the Institute for Employment Studies found a significant increase in formal monitoring policies following the shift to remote work during and after 2020 (Brinkley et al., 2024).

The legal question — what an employer is permitted to do — is distinct from the prevalence question — what employers actually do. This topic focuses on the legal framework.

Employer-owned devices vs personal devices

A consistent principle across both UK and US law is that monitoring of employer-owned devices on employer networks generally receives more legal latitude than monitoring of personal devices or personal communications. This distinction is foundational to understanding both frameworks.

On an employer-owned device, the employer typically has a stronger basis for monitoring: the device is company property, used on company time (or for company purposes), and the employee's use of it is generally subject to policies set out in an employment contract or acceptable use agreement.

On a personal device — even one used for work, as in a BYOD arrangement — the legal position becomes more complex. The employer's right to monitor is more limited, and the specific scope of any monitoring must generally be addressed explicitly in a BYOD policy. This topic will address the BYOD context specifically for each jurisdiction.