The ICO exists to empower you through information.

Latest updates - 11 October 2023

11 October 2023 - In the section ‘What if we carry out health monitoring?’ we have added a link to related guidance we have published on ‘Monitoring workers’.

In detail

What do you mean by health monitoring?

This section considers some of the issues raised if you want to monitor the health of your workers. The focus here is on when your purpose is monitoring your workers’ health on an ongoing basis.

You may have sector-specific or industry practices to follow, where you have specific duties and are required to monitor the health of your workers. For example, employers in the nuclear industry who need to monitor radiation exposure of their workers. You may also want to generally monitor your workers health using certain technologies.

When we refer to health monitoring technologies in this guidance, we mean devices that result in the collection and monitoring of information about workers’ health, not just basic details that don’t reveal the state of someone’s health.

Further reading

We have produced separate guidance on monitoring workers in general using surveillance technologies. If you are to monitor workers specifically for performance and productivity, disciplinary, or other similar reasons, you should read that separate guidance.

When might we want to use health monitoring technologies?

As an employer, you may decide to use health tracking technologies to help monitor the health of your workers. This might include workers using health and fitness tracking apps and wearables. These technologies may track things like a worker’s heartbeat, their steps or other information. The information is then reported back to you or you have access to it. These technologies may also involve the use of automated decision making or artificial intelligence.


The following are some examples of practices where employers may use technologies to monitor the health of their workers. These examples do not discuss any of the potential issues that may be involved in the deployment of such technologies, but are intended to illustrate some of the different ways an employer may use devices to monitor their workers’ health.

A warehouse worker is equipped with a wearable device that tracks their physical activity around the premises for health and safety reasons.

A driver’s company vehicle is fitted with a tachograph to record miles and time logged to ensure they do not exceed safe limits on driving. The vehicle may also be fitted with an in-cabin camera to measure driver tiredness (which may also involve the use of AI) to ensure they have appropriate rest stops and don’t exceed legal limits on driving.

An office worker is offered a fitness app by their workplace as part of a scheme to promote healthier lifestyles and reduce sickness absence. The app allows workers to log their exercise and provides this personal information with the employer. The employer wants to collate and use the information to encourage participation in lunchtime fitness classes and other health activities, such as walking and cycling to work, eg though league tables and inter-team competitions. Workers may or may not receive some kind of reward or incentive if they use the app.

You may have an interest in ensuring the wellbeing of your workforce and may want to find ways to minimise staff absences resulting from ill-health. It is important to note that this isn’t limited to monitoring just physical health, but can involve mental health and wellbeing.

This has become more noticeable as a result of the Covid-19 pandemic, with more generalised monitoring of workers’ health. This included monitoring whether they may have been displaying Covid-19 symptoms or testing as positive cases, in an effort to reduce the spread of Covid-19.

The use of health monitoring technology goes beyond keeping a typical record of a worker’s sickness and absence details and can have the potential to be much more intrusive. If you want to introduce health monitoring technologies, you must justify this as a proportionate and necessary measure to achieve your purpose. You must not use it in a way that is unfair or discriminatory to workers.

What do we need to consider if we want to monitor the health of workers?

You must first consider what you are trying to achieve and whether there is a less privacy intrusive way to do this. You should carry out a data protection impact assessment (DPIA) before you start any processing. In some cases, you must carry out a DPIA.

You must identify a lawful basis and a special category condition for processing. Which lawful basis and special category condition are appropriate depends on your purpose(s) for the processing. For more information, read the sections 'What lawful bases might apply if we want to process workers’ health information?' and 'What special category conditions might apply?'.

You must also consider your other data protection obligations. For more information, you should also read the section 'Data protection and workers’ health information' which details the data protection issues you need to consider.

Can we ask workers to agree to the use of health monitoring technologies?

Consent as a lawful basis under data protection law is rarely appropriate in an employment setting, given the imbalance of power between the employer and the worker. This is because it is difficult to demonstrate consent to be ‘freely given’ in these circumstances.

If you are required by law to actively monitor a worker’s health, then consent would not be appropriate. You should consider another lawful basis, such as legal obligation.

However, if you are offering a real choice for workers to participate in the use of health monitoring technologies, such as part of a worker wellness program, and there is no risk of negative consequences for not doing so, then you may consider using consent.

Remember, as health information is special category data, you must also meet a special category condition for processing. If you are offering genuine choice to your workers and seek to rely on consent as your lawful basis, then explicit consent may be appropriate as your condition for processing.

For a discussion on the use of consent, please see 'Can we rely on a worker’s consent?'.


An organisation wishes to offer their office staff the opportunity to participate in a wellbeing programme. One of the goals of this programme is to raise awareness of the health risks of inactivity and sedentary behaviour.

The office workers are asked if they would like to take part and, if so, to download a fitness app to monitor their activity levels during the day. Workers are offered a genuine choice whether to participate or not and can leave the programme at any time. They won’t face any adverse consequences if they decline to participate, or later choose to leave the programme.

As participation is optional and there are no adverse consequences to those who do not want to take part, the employer can consider consent as their lawful basis. They can also consider explicit consent as their condition for processing, making sure to properly record and document the worker’s consent.

Further reading

For more information, see our separate guidance on consent.

See also:


☐ We only introduce health monitoring where it is a proportionate and necessary measure to address a particular issue, or where we have specific legal, industry or sectorial duties that require us to monitor the health of our workers.

☐ We ensure the health information collected from monitoring is not used in ways that is unfair or discriminatory to our workers.

☐ We carry out a data protection impact assessment if we want to introduce health monitoring of workers.

☐ We have identified a lawful basis for the monitoring and collection of workers’ health information.

☐ We have identified a special category condition for the monitoring and collection of workers’ health information.

☐ We have considered how the monitoring and use of the health information of our workers affects our other data protection obligations, such as accountability, data protection by design and default, and purpose limitation.

☐ We have considered how Article 22 applies if we are using automated decision making when monitoring the health of our workers. 

You can also view and print off this checklist and all the checklists of this guidance on our checklists page.