The Ethics of AI Safety Monitoring: Employee Privacy vs Workplace Safety

Australian employers face a genuine tension: they have a legal duty to protect workers from workplace hazards, yet they also have legal obligations to respect worker privacy and comply with the Privacy Act 2024 and Fair Work Act 2009. When AI systems can monitor worker behaviour, biometrics, location, and communication patterns in real time, how do organisations balance the employer’s duty of care against the worker’s fundamental right to privacy? And where should the line be drawn between safety-critical monitoring and invasive surveillance?

This article explores the legal and ethical frameworks governing AI safety monitoring in Australian workplaces, examining what the Privacy Act and Fair Work Act actually require, how the principle of proportionality helps navigate this tension, and how to build a worker monitoring programme that is simultaneously effective and respectful. The premise is clear: safety and privacy are not zero-sum. Organisations that invest in transparent, proportional, and participatory monitoring frameworks achieve both better outcomes and stronger worker trust than those that treat surveillance as a quick shortcut to safety.

The Genuine Tension: Duty of Care vs Privacy Rights

The Work Health and Safety Act 2011 imposes on employers a non-delegable duty to ensure, so far as reasonably practicable, the health and safety of workers and others. This duty can support AI monitoring: if a hazard (e.g., operator fatigue, unsecured load, proximity to machinery) can be detected and mitigated by AI systems, the employer arguably has a duty to consider and potentially implement such systems. Not monitoring when monitoring is feasible could constitute a breach of the duty of care.

Conversely, the Privacy Act 2024 establishes Australian Privacy Principles that protect individuals’ rights to privacy and control over personal information. Personal information includes location data, biometric data, communications, and behavioural patterns. The Fair Work Act 2009 protects workers’ rights to privacy and autonomy in employment, and excessive monitoring can breach Fair Work obligations by being unreasonable or unjust. These laws are not negotiable: privacy rights exist whether or not an employer prioritises them.

The tension emerges because both duties are real and enforceable. An employer cannot claim privacy concerns as a reason to ignore a serious safety hazard, nor can an employer claim safety concerns to justify invasive, unregulated surveillance. Australian regulators—the Office of the Australian Information Commissioner (OAIC), Fair Work Ombudsman, and state WHS regulators—increasingly scrutinise employer monitoring, particularly when monitoring affects worker entitlements, discipline, or dismissal decisions. The organisations that succeed are those that navigate this tension thoughtfully, rather than trying to escape it.

Privacy Act 2024 Obligations for Biometric and Behavioural Data

Biometric data—fingerprints, facial recognition, iris scans, heart rate, voice patterns—and behavioural data (location patterns, communication logs, task timing) are personal information under the Privacy Act 2024. Collecting, using, or disclosing this data requires compliance with Australian Privacy Principles, particularly APP 1 (open and transparent management of personal information), APP 5 (notification), and APP 6 (use and disclosure).

First, collection must be necessary for a lawful purpose related to the organisation’s function. An organisation can collect location data to monitor worker proximity to hazardous zones, but not to track workers’ bathroom breaks or location outside work hours. The purpose must be directly connected to safety or security, and excessive data must not be collected “just in case.” Second, before collection begins, workers must be notified in writing about what data will be collected, why, how long it will be kept, and who will have access. Tucking a note about monitoring into a 50-page employee handbook is insufficient; workers need clear, accessible information they actually understand. Third, data must not be disclosed to third parties without consent unless permitted by the Privacy Act—health data to insurance companies, location data to law enforcement—must be restricted and transparent. Workers must have the right to request access to their own data and understand how it has been used.

The OAIC has issued guidance specifically on workplace monitoring, noting that biometric monitoring (wearables, facial recognition) is high-risk and requires heightened transparency, security, and audit controls. Organisations deploying such systems should conduct a Privacy Impact Assessment (PIA) before implementation, document their compliance measures, and be prepared to demonstrate them to regulators if challenged. This is not bureaucratic burden—it is the legal baseline.

Fair Work Act and Employment Contract Considerations

The Fair Work Act 2009 protects workers’ rights to privacy in the workplace and protects them from unreasonable and unjust conduct by employers. Excessive monitoring can constitute a breach of an implied term of the employment contract requiring mutual trust and confidence. Additionally, if an employer uses monitoring data—e.g., a worker was identified by an AI system as being in a non-work zone, or movement data showed someone taking longer breaks—to justify discipline or dismissal, the worker may claim the monitoring itself was unfair and unlawful.

Enterprise agreements and collective instruments also shape monitoring obligations. Many Australian enterprise agreements contain clauses restricting monitoring scope, requiring consultation before implementation, and specifying how monitoring data can and cannot be used. An employer cannot unilaterally implement AI monitoring in breach of a collective agreement, even if the monitoring would nominally improve safety. Consultation and agreement with worker representatives and unions must occur first.

The Principle of Proportionality

Proportionality is the ethical and legal anchor for balancing safety and privacy. It means: the intrusiveness of a monitoring system should be proportional to the safety risk it addresses. A wearable device monitoring a worker’s heart rate to prevent fatigue-related incidents in an underground mine is proportional. Facial recognition cameras in bathrooms to catch workers spending excessive time off-task is disproportionate and unjustifiable. Proportionality helps resolve the tension between competing duties:

First, use the least intrusive means necessary to achieve the safety objective. If a proximity sensor can detect whether a worker is near a hazardous zone without tracking their exact location all day, use the proximity sensor, not full GPS tracking. If you can assess fatigue through a wristband heart rate monitor, do not add facial recognition cameras to detect eye-closing. Second, collect only data necessary for the stated purpose. If you need to know whether a worker is fatigued, do not also collect data about their communication patterns, location outside work zones, or personal relationships. Third, limit access to monitoring data to personnel with a genuine need to know. Frontline supervisors may need to see fatigue alerts for immediate corrective action, but do not give them access to raw biometric data, historical movement patterns, or personal health information.

How to Build a Worker Monitoring Framework That Is Both Safe and Respectful

Begin with consultation. Before designing or deploying any AI safety monitoring system, organisations should consult with workers and unions about what hazards they perceive, whether they trust an AI system to address those hazards, and what privacy safeguards matter most to them. This consultation should be genuine, not performative. Workers’ concerns about surveillance and job security must be heard and addressed, not dismissed. Consultation builds buy-in: workers who feel heard and respected are more likely to trust monitoring systems and comply with safety recommendations.

Document your purpose and proportionality assessment. Create a brief document explaining what safety hazard you are addressing, why you believe an AI monitoring system is necessary and proportional, what data it will collect, how it will be stored, who will access it, and what safeguards prevent misuse. This document is evidence of your due diligence if you are later questioned by regulators or in a dispute with workers. Review this assessment with your legal and privacy counsel before implementation.

Provide transparent notice to all affected workers. Issue a clear written policy explaining the monitoring system in plain language: what it monitors, how often, who sees the data, how long it is retained, and how it will or will not affect employment decisions (discipline, performance ratings, dismissal). Do not hide this policy in a 50-page handbook. Post it visibly, discuss it in induction training, and make it accessible online. Workers should know what they are consenting to, and surprise monitoring is unethical and often unlawful.

De-identify data and restrict access. Do not store personal identifiers with monitoring data longer than necessary. Once alerts have been issued and data analysed, delete or pseudonymise raw data. Restrict access to monitoring outputs to authorised safety personnel, not to line managers, HR, or anyone with power over employment decisions unless absolutely necessary. If monitoring data does inform employment decisions (e.g., a fatigue alert leads to a worker being temporarily reassigned), workers have a right to access that data and understand how it was used against them.

Establish clear limits on use. Commit in writing that monitoring data will not be used for purposes beyond the stated safety objective. If an AI system detects that a worker is frequently absent from their assigned zone, that information will not be used to justify reducing their hours or targeting them for discipline; instead, it will prompt investigation into whether the task design or workstation setup is problematic. If you breach this commitment, workers will lose trust, and you will face legal exposure.

Regular audit and transparency reporting. Conduct regular audits of who has accessed monitoring data, for what purposes, and how decisions have been made. Publish an annual transparency report (if you are a larger organisation) showing how much data was collected, how many workers were affected, what alerts were triggered, what corrective actions resulted, and whether any data breaches or misuses occurred. Transparency builds confidence that the system is being used responsibly.

Frequently Asked Questions

Q: Can an employer require workers to accept monitoring as a condition of employment? A: Employers can make reasonable, proportional safety monitoring a condition of employment, but they cannot make unreasonable or invasive monitoring a condition without legal risk. If a worker is forced to choose between accepting invasive surveillance or losing their job, they may have grounds to claim constructive dismissal or unreasonable conduct under the Fair Work Act. The safer approach is to consult, propose proportional measures, and work with workers to develop acceptable solutions.

Q: What should a worker do if they believe monitoring is unfair? A: Workers can raise concerns with their employer, union, or employee advocate. If internal resolution fails, they can lodge a complaint with the Fair Work Ombudsman (for employment-related concerns), the OAIC (for privacy violations), or their state WHS regulator (if monitoring affects safety decision-making). Workers can also seek legal advice about potential breaches of their rights under the Fair Work Act or Privacy Act.

Q: Is there a legal standard for “reasonable” monitoring? A: No single standard exists, but Australian courts and tribunals assess reasonableness by considering proportionality (is monitoring proportional to the risk?), necessity (could the safety objective be achieved with less intrusive means?), transparency (do workers know they are being monitored and why?), and consent (have workers had a genuine opportunity to participate in the decision?). Monitoring that is transparent, proportional, necessary, and participatory is much more likely to be upheld as reasonable than monitoring that is opaque, excessive, or imposed without consultation.

The Path Forward

Organisations that succeed in balancing safety and privacy treat worker monitoring not as a surveillance tool but as a partnership with workers to create safer, healthier workplaces. This requires genuine consultation, transparent policies, proportional systems, and a commitment to respecting worker rights. The short-term temptation to deploy surveillance broadly to maximise safety metrics is not worth the long-term cost in worker trust, legal liability, and regulatory scrutiny. Build a monitoring framework workers can trust, and you will have both better safety outcomes and stronger organisational culture.

If your organisation is considering AI safety monitoring systems and wants to navigate Privacy Act and Fair Work obligations thoughtfully, Anitech can help. We assess safety risks, recommend proportional monitoring approaches, prepare privacy impact assessments, and help you design consultation and implementation strategies that work for your workforce. Contact Anitech today to explore how to strengthen your safety culture while respecting worker privacy and rights.