Workplace Surveillance in 2026: What Employers Must Know

Workplace monitoring has never been static, but the past few years have seen a sharp shift in how employers observe and understand day‑to‑day work. Traditional tools, such as email and internet logs, CCTV systems, and GPS tracking were designed to maintain safety, protect assets, and manage operational risks. They provided information, but with clear limits.

Today, those limits have all but dissolved.

AI‑enabled monitoring systems now supplement (if not replace) conventional surveillance. These systems can analyse tone, word choice, behavioural patterns, and even emotional indicators in routine interactions. In practice this means employers can capture not only what work is done, but how it is carried out, including how a worker appears to feel while doing it.

This expanded visibility raises clear questions for employers and HR professionals alike:

1. What are the regulatory risks in capturing personal, behavioural, or biometric data?
2. To what extent can workplace surveillance be used to measure employee performance?
3. What are the employer obligations relating to psychosocial safety?

What was once primarily a question of privacy compliance is now increasingly treated as a work health and safety issue.

In this article, we explore how employers can fortify their workplace surveillance practices for legal compliance, fairness in decision‑making, and the maintenance of a safe and psychologically healthy workplace.

Australia’s surveillance framework is a complex patchwork of state and federal legislation. States regulate through surveillance‑devices legislation, with NSW and Victoria adding workplace‑specific statutes such as the Workplace Surveillance Act 2005 (NSW) and the Surveillance Devices Act 1999 (Vic). Federal laws, including the Surveillance Devices Act 2004 (Cth) and Telecommunications (Interception and Access) Act 1979 (Cth), regulate devices and data in broader contexts. The Privacy Act 1988 (Cth) does not regulate surveillance itself. While the Australian Privacy Principles will often be displaced in the employment context by the employee records exemption, that exemption is narrowly confined and does not regulate how, when, or why surveillance systems are deployed in the workplace.

Workplace monitoring today stretches well beyond traditional CCTV. Employers increasingly rely on keystroke logging, location tracking, screenshots and screen‑recording, and even facial‑expression and sentiment analysis. However, regulators and academics warn that this “big brother” style oversight can create psychosocial harms including overwork, stress and burnout, exemplifying an emerging WHS issue.

Modern AI enabled systems analyse volume, speed, tone, facial cues, response times and behavioural patterns. The concern, however, is not accuracy, but the creation of automated inferences about performance, attitude or competence.

Victorian parliamentary submissions have highlighted failures where AI incorrectly categorises interactions. Experts emphasise that these tools can intensify work and create new pathways for unfairness or discrimination, particularly when opaque systems make decisions managers cannot justify or replicate. With Victoria recently providing in principle support for 15 out of 18 recommendations from the parliamentary inquiry into workplace surveillance, more jurisdictions are likely to tighten their governance frameworks.

In February 2026, the NSW Parliament enacted the Work Health and Safety Amendment (Digital Work Systems) Act 2026 (“the Digital Work Systems Act”) to amend the Work Health and Safety Act 2011 (NSW), creating Australia’s first statutory digital work systems duty.

The Act defines digital work systems broadly, and imposes a duty on the employer to ensure (so far as is reasonably practicable) that digital systems do not create health and safety risks, including:

• excessive or unreasonable workloads;
• unattainable KPIs or performance metrics;
• unreasonable or intrusive surveillance; and
• discriminatory or unexplained automated decisions.

(A). To what extent can workplace surveillance be used to measure employee performance? 

The Fair Work Commission accepts surveillance evidence provided the monitoring itself complies with state surveillance laws and proper notice requirements. In Suzie Cheikho v Insurance Australia Group Services Ltd,^[1] the Fair Work Commission upheld a dismissal based on keystroke‑monitoring, finding the inactivity data a valid indicator of underperformance.

Similarly, misrepresentation of working hours was held to be a valid reason for dismissal in the recent case of Kumar v Hansen Corporation Pty. Ltd.^[2] The Fair Work Commission paid heed to monitoring software that detected logins to the Applicant’s work computer, and falsified timesheets in upholding the dismissal.

However, there is limited further authority justifying reliance on surveillance data, particularly as AI technologies develop to measure newly created performance metrics such as tonality, sentiment, or behavioural cues. Parliamentary materials further warn that AI‑driven tools may produce incorrect performance inferences, such as misclassifying neutral comments or paying insufficient heed to context.

___________

[1] Suzie Cheikho v Insurance Australia Group Services Limited [2023] FWC 1792.

[2] Kumar v Hansen Corporation Pty. Ltd. [2026] FWC 519.

(B) What are the regulatory risks in capturing personal, behavioural, or biometric data?

Capturing personal or behavioural data through monitoring systems triggers the Australian Privacy Principles once the information identifies a worker. Where biometric identifiers are involved (such as facial and fingerprint recognition), the data becomes sensitive information, meaning employers must obtain consent and apply heightened safeguards.

State surveillance‑device laws such as NSW’s Workplace Surveillance Act 2005 and Victoria’s Surveillance Devices Act 1999 further require strict notice, limitations on covert surveillance, and restrictions on how devices can operate. Victorian parliamentary commentary notes that although surveillance is often “consented to,” there are currently no clear limits on how employers may use the data once captured, creating legal risk around secondary use, profiling, and automated decision‑making.

The introduction of the Digital Work Systems Act means employers in New South Wales have an expanded duty of care and must evaluate the risks of monitoring employees against the foreseeable benefits. The Act treats digital monitoring tools as systems of work, meaning employers must assess and manage their WHS risks in the same way they would with any physical or operational hazard.

(C) What should employers do to prepare?

Employers in New South Wales must begin reviews of their processes and policies immediately to ensure compliance with the newly amended Work Health and Safety Act 2011 (NSW).

Employers across Australia should prepare for similar legislation to be passed in other jurisdictions, as the legislative recognition of psychosocial hazards and psychological health and safety as core work health and safety obligations continues to expand nationally.

Reclassify surveillance as a WHS risk, not an IT function

Employers should formally treat workplace surveillance and monitoring tools as WHS‑relevant systems of work, not merely productivity or security tools. This requires identifying psychosocial hazards created by monitoring (such as stress, work intensification and loss of autonomy) and addressing them through WHS risk assessments, controls and consultation processes.

Narrow surveillance to defined, defensible purposes

Monitoring should be necessary, proportionate and purpose‑limited. Employers should be able to clearly justify why surveillance is used, what risk it addresses, and why less intrusive measures are insufficient. AI‑driven tools that infer attitude, sentiment or behaviour should be used cautiously, particularly where outcomes cannot be clearly explained or independently verified.

Build transparency and human oversight into monitoring systems

Employees should receive clear notice of what is monitored, how data is used, and whether automated decision‑making is involved. Employers should ensure human oversight of surveillance outputs, particularly where data informs performance management, discipline or termination decisions.

Decouple raw surveillance data from performance conclusions

Employers should avoid treating monitoring data as determinative evidence of performance or misconduct. Surveillance outputs should be contextualised, tested for accuracy, and supplemented with managerial judgment. Employees should have a genuine opportunity to respond to or challenge surveillance‑based conclusions to ensure procedural fairness.

Audit and stress‑test existing surveillance practices now

Employers should proactively audit existing monitoring tools, data flows and decision‑making processes. This includes identifying where data is reused, retained indefinitely, or feeds into automated assessments. Early remediation reduces exposure to WHS claims, privacy breaches and unfair dismissal risks as regulatory expectations tighten.

Mapien is here to help employers navigate these obligations.

Our industrial relations team regularly assists with legislative compliance, policy and procedure review, and advocacy across jurisdictions. We are complemented by our workplace psychology specialists who are experienced in identifying and addressing psychosocial risks arising from digital and AI‑driven surveillance.

For further information about our offerings, please reach out to our team below.