• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!
Collapse

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

  • You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
  • You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
  • If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

Previously on "Activity monitoring software"

Collapse

  • SueEllen
    replied
    I think the thread starter is scared of this.

    Royal Mail, Amazon and Uber aare guilty of using it. Uber has been taken to court under GDPR for sacking people using surveillance software.

    https://www.theguardian.com/law/2023...s-staff-rights

    Campaigners, trade unions and MPs are calling for stricter oversight of the use of artificial intelligence in the workplace, amid growing concerns about its effect on staff rights.
    The Trades Union Congress (TUC) is holding a half-day conference on Tuesday to highlight the challenges of ensuring workers are treated fairly, as what it calls “management by algorithm” becomes increasingly prevalent.

    Leave a comment:


  • edison
    replied
    Originally posted by northernladuk View Post

    I don't see how it impacts SD&C. They certainly aren't directing and controlling how/when you do the work. You could argue supervision but that's supervision over the way you do your work, not supervising you are doing the work you are contracted to do. That's more like micro supplier management. It's pretty stupid but I don't see an IR35 issue with checking a supplier is working the hours you are paying them to.

    I also don't see how PII and GDPR factor either. They already store stuff like CCTV, email, internet access, log ins and all sorts of other stuff so I don't think monitoring software is breaking any new ground. Might need an update policy about when and where they will use info against you, but a bit like internet and email logs, they can pull it when the want. Aggressive use of it is going to get them in a lot of trouble if it's used to bully and coerce unreasonably but that's for them to create a fair use policy. I'm sure we will start to see more and more cases where it's being used unreasonably or to target individuals specifically so it's the HR people that are going to have the headache.

    Agree with acceptable use thing. They'd need to define what they are monitoring. I mean you can already check internet, email and logins etc. This new software adds a new level of detail to what you are doing so they'd need to define what it is doing to decide what a reasonable threshold is, particularly if they are going to use it on suppliers offering professional workings days or fixed SOW. Easiest and best option is to NOT put it on supplier laptops period but lets see how that goes.
    I agree with the general thrust of what you're saying, my thought on Acceptable Use and Privacy policies was that legally, clients have a right to monitor workers. However, they should be transparent to all those affected and make it clear what they are doing with the information and why.

    I had real fun and games a few years ago working with a client who had significant operations in Germany. German Works Councils have a mandatory right to be consulted about this sort of thing especially when it comes to implementing new software and systems.

    Leave a comment:


  • northernladuk
    replied
    Originally posted by edison View Post
    I personally would be cautious about the D&C element but if PII/GDPR is a concern, maybe ask to see the client's privacy policy. They should also have an 'Acceptable Use of IT' or similar policy for employees and contractors which ideally will contain references to any such monitoring on their supplied kit.
    I don't see how it impacts SD&C. They certainly aren't directing and controlling how/when you do the work. You could argue supervision but that's supervision over the way you do your work, not supervising you are doing the work you are contracted to do. That's more like micro supplier management. It's pretty stupid but I don't see an IR35 issue with checking a supplier is working the hours you are paying them to.

    I also don't see how PII and GDPR factor either. They already store stuff like CCTV, email, internet access, log ins and all sorts of other stuff so I don't think monitoring software is breaking any new ground. Might need an update policy about when and where they will use info against you, but a bit like internet and email logs, they can pull it when the want. Aggressive use of it is going to get them in a lot of trouble if it's used to bully and coerce unreasonably but that's for them to create a fair use policy. I'm sure we will start to see more and more cases where it's being used unreasonably or to target individuals specifically so it's the HR people that are going to have the headache.

    Agree with acceptable use thing. They'd need to define what they are monitoring. I mean you can already check internet, email and logins etc. This new software adds a new level of detail to what you are doing so they'd need to define what it is doing to decide what a reasonable threshold is, particularly if they are going to use it on suppliers offering professional workings days or fixed SOW. Easiest and best option is to NOT put it on supplier laptops period but lets see how that goes.

    Leave a comment:


  • edison
    replied
    I personally would be cautious about the D&C element but if PII/GDPR is a concern, maybe ask to see the client's privacy policy. They should also have an 'Acceptable Use of IT' or similar policy for employees and contractors which ideally will contain references to any such monitoring on their supplied kit.

    Leave a comment:


  • Snooky
    replied
    I wouldn't allow it on my own laptop but if they wanted to supply a laptop I'd use that for work and absolutely nothing else.

    The main issue for me would be that this doesn't sound like the lack of direction & control you'd expect from an outside IR35 contract. So I'd take that point straight back to the agent/client and ask them exactly what kind of monitoring it is and how it would be used, and how that fits in with the contract being outside. If they're monitoring how many minutes per hour the laptop keyboard and mouse are idle, that doesn't sit well with a contract based on delivering work packages.

    Unless their answer assuaged my doubts I'd probably thank them and move on, explaining why. They'll find someone else who isn't as on the ball as you, won't ask questions and may get a nasty surprise a few years down the line if HMRC decide to look a little more closely.

    Leave a comment:


  • northernladuk
    replied
    IMO this is the new future. With so many people wagging it at home what else can they do. We see it with so many contractors trying to double bill and a whole raft of people who were hard pressed to do a decent days work when they were in the office let alone perm WFH. There is also the generation of people that started work through COVID. Watching the apprentices my lad is working with, they have no concept of a solid days work with someone looking over them because they didn't work in an office environment for two years. Being afk for hours, missing meetings, talking about doing stuff during the day. The concept of putting 8 hours solid in to them is just alien.
    Yeah most of us on this forum are professionals but a vast majority of the workforce are not.

    So how to combat this? Monitoring. Welcome to the new world.

    That said monitoring suppliers is a step too far I'd say, maybe for inside gigs, but again, looking at the number of threads we've had about double billing and the slow emergence of clauses about not working for another client it's going to happen.

    Leave a comment:


  • SueEllen
    replied
    Originally posted by mem80 View Post
    Yes - they said they can supply their own laptop.
    However, I still have couple of concerns as described in the original post.

    Especially:
    • capturing keystrokes (ex. passwords related to browser history),
    • screenshots (PII, slack conversations, passwords, keys, certificates etc.),
    • GDPR (PII info) etc.

    Have any of you worked with activity monitoring software on the supplied laptop?
    Does the above sounds like a concern for you in such case?
    All companies I've done work for have monitored my activity. I only know because some people have been walked off site by security, or suddenly disappeared remotely and I have had an indication why.

    How much monitoring I don't know but then I don't post on CUK or whatever from their devices. I'm also careful what slack/teams/whatever messages I write.

    In regards to putting something on my home/business/personal stuff it's an absolute no.

    Even if I'm happy to consent to being monitored, which I'm not, other people who use or can use my devices/systems cannot consent to it.

    Leave a comment:


  • d000hg
    replied
    Originally posted by mem80 View Post
    Yes - they said they can supply their own laptop.
    However, I still have couple of concerns as described in the original post.

    Especially:
    • capturing keystrokes (ex. passwords related to browser history),
    • screenshots (PII, slack conversations, passwords, keys, certificates etc.),
    • GDPR (PII info) etc.

    Have any of you worked with activity monitoring software on the supplied laptop?
    Does the above sounds like a concern for you in such case?
    Don't think it's an issue if it's on their machine, doing their work. You will not be using that laptop for any personal work of course.

    It does still raise a question if this is to track productivity and check you are at your desk though. If the gig seems good otherwise and you need the work, I wouldn't let this stop me taking it if they provide the laptop.

    Leave a comment:


  • ladymuck
    replied
    Originally posted by mem80 View Post
    Yes - they said they can supply their own laptop.
    However, I still have couple of concerns as described in the original post.

    Especially:
    • capturing keystrokes (ex. passwords related to browser history),
    • screenshots (PII, slack conversations, passwords, keys, certificates etc.),
    • GDPR (PII info) etc.

    Have any of you worked with activity monitoring software on the supplied laptop?
    Does the above sounds like a concern for you in such case?
    The only person who can answer details about the data being collected is the client. Have they told you that's what's being collected or are you panicking based on no information?

    So you're worried that using a client-supplied laptop to deliver the contracted items to the client is going to collect information about the work you've done to deliver the contract?

    Yes, sounds like supervision and, potentially, control so I'd walk away on those counts (especially as it's supposed to be an outside job) but I'm also interested in what you're planning to do that would mean you'd fall foul of their monitoring. Are you planning on outsourcing the work without telling the client, or doing two jobs at the same time so you'd look inactive for half the day?

    Leave a comment:


  • tazdevil
    replied
    Originally posted by mem80 View Post
    Yes - they said they can supply their own laptop.
    However, I still have couple of concerns as described in the original post.

    Especially:
    • capturing keystrokes (ex. passwords related to browser history),
    • screenshots (PII, slack conversations, passwords, keys, certificates etc.),
    • GDPR (PII info) etc.

    Have any of you worked with activity monitoring software on the supplied laptop?
    Does the above sounds like a concern for you in such case?
    If they supply their laptop for use then simply remote desktop into it from your own box and only do the work stuff in their laptop with everything else such as surfing CUK on your own As for installing anything under direction on my kit, forget it

    Leave a comment:


  • WTFH
    replied
    Originally posted by mem80 View Post
    Have any of you worked with activity monitoring software on the supplied laptop?
    I might have done, I don't know, because I may have been supplied with a very secure laptop so I can't check everything that's on there.

    If you're worried about browser history, etc, then don't use the client-supplied computer to access anything you don't want them to know about, if they want you to get keys or certificates for things, then you charge them for those and you make sure that you only use the key/certificate/password for that client.
    Same with GDPR, don't put personal information on a client's laptop, then it's not an issue.

    If it's going to be a big issue for you, then walk away from the contract.

    Leave a comment:


  • mem80
    replied
    Yes - they said they can supply their own laptop.
    However, I still have couple of concerns as described in the original post.

    Especially:
    • capturing keystrokes (ex. passwords related to browser history),
    • screenshots (PII, slack conversations, passwords, keys, certificates etc.),
    • GDPR (PII info) etc.

    Have any of you worked with activity monitoring software on the supplied laptop?
    Does the above sounds like a concern for you in such case?

    Leave a comment:


  • cojak
    replied
    No way would I allow any monitoring software installed on my laptop.

    Tell them to supply you with their laptop or use a virtual remote as eek suggested.

    Leave a comment:


  • jamesbrown
    replied
    I wouldn't touch that at face value, but also because of what it implies about how the client operates more generally (they are likely to want a lot of D&C).

    Leave a comment:


  • eek
    replied
    Got to say the only connection I have to my current client is a Remote Desktop connection to a virtual machine that contains everything.

    npw that may have monitoring software on it but I couldn’t care, it’s not my hardware and it probably hasn’t because this contract has way more meetings and less work than I usually want,

    Leave a comment:

Working...
X