07 May 2026
5 min read
#Data & Privacy, #Workplace Relations & Safety
Published by:
Agencies are increasingly considering or deploying surveillance technologies to manage security, safety, productivity and risk. These technologies include facial recognition technology (FRT), fixed and mobile CCTV, audio recording tools, and wearable devices capable of recording audio, video or biometric data. While such tools can deliver legitimate benefits, their use raises complex legal, privacy, governance and workforce relations issues.
Recent regulatory activity and judgements highlight that surveillance technologies continue to be subject to scrutiny and that compliance depends heavily on context, purpose and implementation.
Agencies may encounter surveillance technologies in a range of forms, including:
The risks associated with these technologies often arise not from their existence, but from how, why and where they are used.
Recent regulatory and tribunal decisions have confirmed that the use of FRT will not be assessed in the abstract. Regulators will closely examine the specific environment, risk profile and purpose for which FRT is deployed.
If using FRT, agencies should consider the following:
To ensure compliance with governance and documentation requirements, agencies should implement privacy impact assessments, clear policies, staff training and oversight mechanisms.
Recent determinations involving retail or high-risk environments, such as the recent Bunnings FRT appeal should not be read as a blanket approval for other sectors. Each workplace must assess its own risk profile and justification for using FRT, as those determinations turned on risks unique to the Bunnings environment.
Wearable technologies present a growing challenge for agencies because they are increasingly powerful, portable and difficult to detect. Risks arise whether wearables are employer-issued or employee-owned. Recent cases of individuals using Google glasses or Meta glasses to circumvent confidentiality obligations highlight these concerns.
Agencies should be aware of the following risks when using wearable technologies:
Even where wearables are used for legitimate purposes such as safety, fatigue management or productivity, agencies must ensure transparency, consent (where required) and clear limits on use.
Recent legislative amendments have expanded how work health and safety risks are assessed in digitally enabled workplaces. The Work Health and Safety Amendment (Digital Work Systems) Act 2026, passed by the NSW Parliament in February 2026, recognises that software and digital platforms used to allocate work, monitor performance or automate decisions may themselves constitute a workplace hazard.
The legislation introduces specific duties requiring Persons Conducting a Business or Undertaking (PCBUs) to ensure that the use and allocation of work by a digital work system, broadly defined to include algorithms, AI, automation and online platforms, does not put workers’ health and safety at risk.
Importantly, the Act treats the technology itself as a system of work, which requires PCBUs to actively design, monitor and control these systems to prevent harm. Other requirements include ensuring outputs do not result in unreasonable workloads, excessive performance metrics or tracking, or excessive monitoring or surveillance and avoiding outputs that lead to discriminatory practices.
Ambiguous concepts, such as ‘unreasonable workloads’ and ‘excessive monitoring’, may present challenges because this creates uncertainty about how these concepts apply, including whether they capture fatigue from automated scheduling, psychological stress from intensive performance tracking, and bias embedded in decision making systems. Responsibility for these outcomes remains with the PCBU, even where systems are provided by third parties.
Across Australia, agencies must navigate a combination of privacy law obligations, including limits on collection, use, disclosure and security of personal and sensitive information. On top of this, different state and territory surveillance devices legislation may restrict audio or visual recording without consent while employment and workplace laws, including obligations relating to consultation, fairness and lawful evidence-gathering also apply.
Finally, governance and WHS duties apply, particularly where surveillance is justified on safety grounds. Non-compliance can expose agencies to regulatory investigation, civil liability, reputational damage and internal workforce issues.
Agencies considering or using surveillance technologies should clearly define and document the purpose of the technology and the specific risks being addressed. They should also assess whether the technology is necessary and proportionate, conduct and document appropriate privacy impact assessments, and implement clear, accessible policies covering surveillance and wearable devices, including any prohibitions on covert devices.
Agencies should also ensure transparency by providing notice to employees, contractors and visitors, and regularly review whether the technology remains justified as risks and environments change.
These steps support a practical, risk-based approach that enables lawful and consistent use of surveillance tools.
If you have any questions about the use of surveillance technologies or associated legal risks, please contact us here.
Disclaimer
The information in this publication is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, we do not guarantee that the information in this newsletter is accurate at the date it is received or that it will continue to be accurate in the future.
Published by:
