It's absolutely natural to have concerns about how your employer might be keeping tabs on you at work and what that means for your privacy.
In today's digital world, workplace surveillance is on the rise as employers scramble for more control in the face of flexible and remote working. But here's the thing – we don't have to just accept it.
That’s why we’ve created three email templates to help you address workplace surveillance directly with your employer, express withdrawal of consent, and suggest alternative approaches.
Each template is backed by legal arguments in line with UK GDPR, making sure your rights are protected, and providing a solid starting point for open conversations about privacy and what a trust-based workplace should really look like.
Withdrawing consent that was explicitly granted
This email template can be used by employees to formally withdraw their consent for monitoring. It explains their reasons for withdrawing consent and highlights how important their data protection rights are under UK General Data protection regulation.
Subject: Withdrawal of Consent for [Specific Processing Activity]
Dear [Employer's Name or HR Department],
I hope this email finds you well.
I am writing to formally withdraw my consent regarding [describe the specific processing activity or monitoring practice] that I had previously agreed to on [date or approximate time frame when consent was given].
After re-evaluating the circumstances under which I gave my consent I have come to the conclusion that I am no longer comfortable with this arrangement. My decision is based on a personal reassessment of [any specific reasons such as new information that has come to light, changes in my personal circumstances, or a change in my perception of the impact this monitoring has on my privacy and rights].
I understand that consent must be a freely given, specific, informed, and unambiguous indication of an individual's wishes, which, by a clear affirmative action, signifies agreement to the processing of personal data. I feel that my consent no longer meets these criteria.
As such, I am exercising my right to withdraw my consent for the aforementioned data processing activities, effective immediately. This decision is made in accordance with my rights under UK GDPR Article 7(3).
I understand that this withdrawal does not affect the lawfulness of processing based on consent before its withdrawal. However, moving forward, I would like to engage in a dialogue about how my personal data is handled and explore alternative measures that respect my data protection rights while still meeting the company's operational requirements.
Please acknowledge the receipt of this email and confirm the cessation of the processing of my personal data for the specified activity.
I am open to discussing this matter further if needed and would welcome any opportunity to clarify any concerns or questions you might have.
Thank you for your attention to this matter.
Sincerely,
[Your Full Name]
[Your Position]
Requesting information about the extent, purpose and types of monitoring
This email can be used by employees to ask their employer for detailed information about how they are monitored at work. It underlines the importance of knowing what's being monitored, why it’s monitored, and how the data is being collected in line with GDPR.
Subject: Questions about Data Processing and Operational Requirements
Dear [Employer's Name or HR Department],
I hope this email finds you well.
I am writing to request more detailed information about the types of employee monitoring currently being conducted by [company name] and the specific operational requirements they are intended to fulfil. My aim is to understand the scope and purpose of these activities in order to be fully informed about how my personal data is being used and managed as I am aware that this is a requirement per UK General Data Protection Regulation.
Could you please provide the following details:
1. Types of Monitoring: What methods of monitoring are currently being implemented? For example, are these methods related to internet usage, email communications, physical surveillance, or other forms of data collection?
2. Purpose of Monitoring: For each type of monitoring, what are the specific operational requirements or objectives that the company aims to achieve? How does each monitoring practice serve these goals?
3. Data Collected: What kinds of personal data are being collected through these monitoring practices, and how is this data being stored, processed, and protected?
4. Lawful Basis for Monitoring: Per UK GDPR Article 6, what is the lawful basis upon which the monitoring is justified?
5. Employee Impact: How does the company assess the impact of monitoring on employees, and what measures are in place to mitigate any negative effects on privacy and employee rights?
6. Alternatives Considered: Has the company explored alternatives to achieve the same operational goals, and if so, what were the findings of this exploration?
It would also be beneficial to know if there are any policies or documents available that further elaborate on these monitoring practices.
I appreciate your attention to this matter and look forward to a detailed response. Please let me know if there is any additional information I can provide that would assist in this inquiry.
Thank you for your cooperation.
Best regards,
[Your Full Name]
[Your Position]
Proposing alternative methods of meeting operational requirements of the company
This email template can be used by employees to put forward different ways for the company to achieve its goals without constant monitoring. It highlights the importance of fitting with the "necessity test" in UK GDPR Article 6(1) and points out the advantages of building trust in the workplace.
Subject: Proposal for Alternative Measures to Monitoring
Dear [Employer's Name or HR Department],
I hope this email finds you well.
I am writing to propose alternative measures to the current [describe the specific processing activity or monitoring practice] that has been in place. My intention is to present options that could satisfy the company's operational requirements without the need for extensive monitoring, thereby meeting the bar set by the “necessity test” – a means of assessing whether processing can be considered a “legitimate interest” which itself is outlined as a lawful basis for processing in UK GDPR Article 6(1).
The necessity test requires that the processing of personal data must be necessary for the purpose it serves. If the same results can be achieved through less intrusive means, the necessity for certain types of monitoring may not be justified. With this in mind, I have considered an alternative that could potentially meet our company's needs:
[propose alternative means that the company can achieve operational requirements that aren’t reliant on monitoring. This will depend on your situation and the type of monitoring in place]
I believe that we can find a solution that upholds the company's operational integrity. This approach not only aligns with the necessity test but also fosters a trust-based work environment.
I am keen to discuss these suggestions in more detail and am open to collaborating on their development and implementation. Please let me know if you would like to discuss further.
Thank you for considering this alternative. I look forward to your response.
Regards,
[Your Full Name]
[Your Position]