Danish DPA highlights employee monitoring in its New Year’s resolution
Employee monitoring will be one of the focus areas of the Danish Data Protection Agency this year. The subject is relevant to most, as many are monitoring the workforce to some degree, often through new technologies. By default, such monitoring is typically both intrusive and involves a larger amount of personal data.
It is not the first time that the Danish Data Protection Agency has focused on employee monitoring. A few years ago, the aim was to map the extent and nature of such monitoring in practice. This year, it aims to utilise that knowledge to conduct more targeted supervisory visits.
Employee surveillance can take many forms, such as TV and GPS surveillance, as well as logging and other forms of monitoring. From a data protection perspective, these measures share that lawfulness typically depends on proportionality.
Generally, monitoring is possible when necessary for operational reasons. However, several conditions must be met first. Among other things, the monitoring must not be intrusive, and employees must, as a main rule, be informed in advance. We have previously written more specifically about CCTV monitoring at the workplace in the Nordics here.
IUNO's opinion
It can be challenging to anticipate potential issues when implementing new technologies within a business. For that reason, risk assessments are usually a good idea prior to implementation. That is especially true when it comes to the use of AI in the workplace.
IUNO recommends that companies remember the duty to inform – generally, but especially when using new technologies or conducting monitoring activities. Exceptions from the duty to inform are narrow. Usually, you would need to document that informing employees would make it close to impossible to conduct the monitoring.
[Danish Data Protection Agency's announcement of 7 January 2026]
It is not the first time that the Danish Data Protection Agency has focused on employee monitoring. A few years ago, the aim was to map the extent and nature of such monitoring in practice. This year, it aims to utilise that knowledge to conduct more targeted supervisory visits.
Employee surveillance can take many forms, such as TV and GPS surveillance, as well as logging and other forms of monitoring. From a data protection perspective, these measures share that lawfulness typically depends on proportionality.
Generally, monitoring is possible when necessary for operational reasons. However, several conditions must be met first. Among other things, the monitoring must not be intrusive, and employees must, as a main rule, be informed in advance. We have previously written more specifically about CCTV monitoring at the workplace in the Nordics here.
IUNO's opinion
It can be challenging to anticipate potential issues when implementing new technologies within a business. For that reason, risk assessments are usually a good idea prior to implementation. That is especially true when it comes to the use of AI in the workplace.
IUNO recommends that companies remember the duty to inform – generally, but especially when using new technologies or conducting monitoring activities. Exceptions from the duty to inform are narrow. Usually, you would need to document that informing employees would make it close to impossible to conduct the monitoring.
[Danish Data Protection Agency's announcement of 7 January 2026]
Similar
Sharing data to comply with labour clauses
Poor handling of access requests triggered criticism and police reports
New guidelines on prohibited AI practices
Managing transfer impact assessments in practice
Secret audio recordings of conversations led to serious criticism
Updated guidelines regarding breaches of data security