The majority of employers use monitoring software without their employees’ knowledge, finds a recent report. Here’s how employers can ensure monitoring stays within the limits of their privacy and safety obligations.

Employee monitoring has become standard practice in many workplaces – but for most employees, it’s happening out of sight.

A new report from the Human Technology Institute at The University of Technology has revealed that while 91 per cent of the employers surveyed use employee monitoring software, only nine per cent of their workforces are aware that this technology is being used.

While employee surveillance may seem like a recent invention, the principles governing them have existed for decades.

Below, Amanda Junkeer, a Partner specialising in industrial and employee relations at Gadens, answers common questions about  the regulatory frameworks governing employee monitoring, and how to navigate the grey areas that can arise.

1. What legal frameworks do organisations need to consider when using employee monitoring tools?

Employers need to consider both state and national laws when implementing employee monitoring systems.

“The first place you would start is by asking: ‘What is the surveillance and privacy legislation that governs our workplace wherever we operate?’” says Junkeer.

Australian employers have obligations under:

• The national Privacy Act 1988 (for most of the private sector with the exception of organisations with less than $3m in turnover, and Australian government organisations)
• State and territory-based workplace surveillance laws, including the NSW Workplace Surveillance Act 2005 and ACT Workplace Privacy Act 2011.
• National workplace and anti-discrimination relations laws, including the Fair Work Act 2009
• The employment contract with each of its employees (which can be written, verbal or a combination of both)

In the absence of official guidance regarding emerging surveillance tools, such as AI-enabled platforms, employers rely on their ability to implement lawful and reasonable directions to conduct workplace monitoring and surveillance, says Junkeer.

Subject to legislation regulating the surveillance, “as long as the instruction is lawful and reasonable, an employee must comply with it,” says Junkeer.

A basic example would be when an employee logs into their computer system at work. 

“Many employers will have a pop-up box which says, for example, ‘By entering [this] system, you consent to complying with the relevant IT use policies, procedures and not using it for any improper purpose.’

“That is part of the employer’s IT policy, and every time an employee clicks on it, they’re agreeing to it.”

There is some state and territory legislation in place which regulates the installation and use of monitoring devices and technology, says Junkeer. The information gathered through the use of that technology may also be restricted under applicable surveillance and privacy regulations. 

This is particularly the case with covert surveillance, she says.

2. How can you remain compliant if your organisation operates across multiple Australian states or territories?

If an employer operates across states and territories in Australia, they technically only have to comply with the regulation that applies for those employees in that jurisdiction, says Junkeer.

“You can’t go below the legislative standard, but you can provide for more.”

In the case where an organisation has employees who travel between borders and therefore operate in multiple jurisdictions, a pragmatic solution may be to have a standard approach that meets the highest standard of legal requirements, so as not to risk breaching those obligations.

“If you’re a large national employer… operating in every state and territory, you might have one [unified] policy just to make compliance easier.”

“Surveillance for surveillance’s sake is not a good enough justification. You have to have a lawful reason for the activity.” – Amanda Junkeer, Partner, Gadens

3. How transparent does my organisation have to be about employee monitoring?

Generally, workplace monitoring isn’t reasonable if employees don’t know about it or don’t understand how it works or when it applies, says Junkeer.

“It will come down to the particular state or territory laws that apply, the employer’s policies and instructions, and the circumstances. If you’re an employer trying to mitigate the risk of disputation, I’d recommend you be as open and transparent as possible within reason,” she says.

Clauses in organisational policies must also be easy to access and understand for all employees, to ensure informed consent can be provided.

“There was a Commission decision a few years ago with one of the airlines where the tribunal ruled against the airline’s enforcement of a policy requirement because the instruction manual was not clear and direct, so you couldn’t expect the employee could have understood all of the requirements.

“I’d encourage an employer to be as transparent as possible, because the clearer you are about your policy requirements and what you’re going to monitor, the higher the chance that a court or the Commission will enforce it.”

4. When does employee monitoring become intrusive enough to breach privacy obligations?

An employer has the right to check when an employee logs on or off during the work day, whether they’re working on site or from home. 

They might capture keyboard strokes, mouse movements and even record sounds from their work devices. But what happens if the tool they use to monitor this captures sensitive information about the employee or people in their vicinity?

“This begs a discussion about what is fair and reasonable in the circumstances and whether it is proportionate for the purpose for which you’re collecting the information,” says Junkeer.

“Surveillance for surveillance’s sake is not a good enough justification. You have to have a lawful reason for the activity.”

Junkeer says there are significant calls for law reform in this area, in order to provide for more clarity and certainty for employers. 

Some states and territories are more progressed in legislating for emerging technology being used for workplace monitoring but national alignment still remains a goal. The intersection of workplace monitoring rights and obligations and privacy rights is also another area in which there are calls for reforms.

The Australian Privacy Principles (APPs) apply to most employers but don’t directly deal with workplace monitoring.

“Privacy legislation talks about what is personal information, what is sensitive information and how a body or a person can use that information that they collect and store,” says Junkeer.

However, employers also need to consider the employee records exemption.

A private sector employer is exempt from the APPs if “the organisation’s act or practice is directly related to either a current or former employment relationship between the employer and the individual” or “an employee record held by the organisation relating to the individual”. 

The exemption may only apply to the use of records already held, rather than the original collection of personal information through surveillance. In these cases, where information about third parties is collected or if the surveillance collects ‘sensitive information’ (such as biometric data for identification), the Privacy Act applies.

Covert surveillance, which landed a Melbourne-based compliance training company in hot water last year, is also inherently off-limits.

To ensure surveillance doesn’t breach privacy obligations, employers must audit the type of surveillance they are carrying out and ensure employees have consented to the collection of this data in their employment contract in a meaningful way, says Junkeer.

5. Can we use data collected via employee monitoring as evidence in workplace reviews or investigations?

The implementation of monitoring is lawful and reasonable if you are conducting it in accordance with legislation, your policies and procedures which have been clearly articulated and communicated, says Junkeer.

“We’ve seen situations where employers have used ‘private’ messages as evidence. Employees thought they were private but they weren’t because they were sent using work systems.” 

Provided HR is using this data to assess performance in line with their company policy, to which the employee has agreed, then employers have the right to use this data in performance reviews. For instance, Junkeer says she has seen cases where employers have been able to use communications between employees as the basis for improper conduct allegations or bullying allegations, even if the employee didn’t know their employer could access the messages.

Data collected through employee monitoring can generally be used if it was intended to measure productivity and remove the risk of the misuse of work resources and time, says Junkeer.

“If those are your focus points, then you should have a proportionate and reasonable response. The more proportionate and reasonable your response is, the more likely that a court or [Fair Work] Commission is going to say your requirement was reasonable and lawful.”

6. Is my organisation liable if an inaccurate assessment by surveillance tools leads to disciplinary action against an employee?

The short answer: Yes.

“The employer needs to ensure that its systems are robust and the information it’s relying on is accurate,” says Junkeer.

“[Look at] tools like AI-generated meeting notes – if you haven’t checked those records, they might not accurately reflect what happened [in that meeting], and therefore you might have a gap in terms of your evidence. That can be quite problematic.

“Ultimately, if the Commission or the court found that the employer’s data was inaccurate and it hadn’t properly established the factual basis of the decision, the decision could be vulnerable to challenge – whether it’s compensation or overturning the decision.”

This consideration is particularly pertinent given the recent rise in the use of AI-enabled monitoring tools, says Junkeer.

“In call centres, they might use AI to monitor the calls rather than a human. If the AI inaccurately summarises the employee’s attributes and productivity – for example, some emerging tools may be used to assess subjective attributes like ‘attitude’ – and that was used as a reason to take disciplinary action, the employer may be liable for the decision, meaning they might be ordered to reinstate the employee or pay compensation damages.”

Key takeaways for HR

Australian regulation, as it stands, has not yet caught up with the rapidly evolving use of workplace monitoring tools, including AI-enabled monitoring. However, there have been significant pushes for law reform in the past year, says Junkeer.

“For example, in Victoria in May 2025, there was the Victorian Legislative Assembly Economy and Infrastructure Committee inquiry into workplace surveillance,” she says.

The Victorian Government has provided ‘in-principle’ support for 15 of the 18 recommendations, including ensuring that automated decisions have human review and consultation with employees is sought on the implementation of surveillance tools, but the Government has said it will need to consult with stakeholders prior to finalising its approach.  

“Even if there is no regulation, it’s worth mapping out what your current practices are and getting a good understanding of whether they’re legislated or not,” she adds.

In this way, when regulation eventually comes into effect, you can more easily ensure that all your monitoring practices are compliant, whether they’re AI-enabled or not.

This can be achieved by checking that:

• Monitoring practices adhere to the relevant national and state-based legislation including privacy law and applicable surveillance legislation
• The use of surveillance tools is clearly communicated in company policies and the employment contract
• Monitoring is designed to measure workplace measures such as employee productivity and the appropriate use of work resources and time
• Any records retained by the company are fact-checked prior to use as evidence for disciplinary action

All information, content and materials available on this site are for general informational purposes only. The contents of this article do not constitute legal advice and should not be relied upon as such.