NSW Government Bulletin: Surveillance Technologies In The Workplace

Agencies are increasingly considering or deploying surveillance technologies to manage security, safety, productivity and risk. These technologies include facial recognition technology (FRT), fixed and mobile CCTV, audio recording tools, and wearable devices capable of recording audio, video or biometric data. While such tools can deliver legitimate benefits, their use raises complex legal, privacy, governance and workforce relations issues.

Recent regulatory activity and judgements highlight that surveillance technologies continue to be subject to scrutiny and that compliance depends heavily on context, purpose and implementation.

Common surveillance technologies in the workplace

Agencies may encounter surveillance technologies in a range of forms, including:

• FRT, used for site security, access control, or anti-theft and loss prevention
• video and audio surveillance, including CCTV, body-worn cameras and fixed recording devices in workplaces or vehicles
• wearable technologies, such as smart watches, smart glasses, body-worn cameras or sensors that may collect location, biometric or health data
• covert or semi-covert recording devices, including wearables or accessories that record without being obvious to others.

The risks associated with these technologies often arise not from their existence, but from how, why and where they are used.

FRT considerations

Recent regulatory and tribunal decisions have confirmed that the use of FRT will not be assessed in the abstract. Regulators will closely examine the specific environment, risk profile and purpose for which FRT is deployed.

If using FRT, agencies should consider the following:

• purpose limitation – FRT must be demonstrably necessary for a legitimate business purpose, for example, serious safety or security risks. Convenience or general monitoring will rarely justify its use
• proportionality – requires agencies to consider whether less privacy intrusive alternatives could reasonably achieve the same outcome
• transparency and notice – individuals must be clearly informed about the use of FRT, what data is collected, how it is used and how long it is retained.

To ensure compliance with governance and documentation requirements, agencies should implement privacy impact assessments, clear policies, staff training and oversight mechanisms.

Recent determinations involving retail or high-risk environments, such as the recent Bunnings FRT appeal should not be read as a blanket approval for other sectors. Each workplace must assess its own risk profile and justification for using FRT, as those determinations turned on risks unique to the Bunnings environment.

Wearables and recording devices

Wearable technologies present a growing challenge for agencies because they are increasingly powerful, portable and difficult to detect. Risks arise whether wearables are employer-issued or employee-owned. Recent cases of individuals using Google glasses or Meta glasses to circumvent confidentiality obligations highlight these concerns.

Agencies should be aware of the following risks when using wearable technologies:

• covert recording through devices that record audio or video without obvious indicators can undermine trust and may breach surveillance and privacy laws
• unintended data collection may occur when wearables collect sensitive information, including biometric, health or location data, beyond what an employer intends to collect
• workplace relations issues may arise when undisclosed monitoring affects psychological safety and exposes agencies to complaints, disputes or claims
• third-party risk may arise when data captured by wearables is stored or processed by external providers outside the employer’s control, such as Meta glasses which upload data.

Even where wearables are used for legitimate purposes such as safety, fatigue management or productivity, agencies must ensure transparency, consent (where required) and clear limits on use.

Digital work systems — NSW update

Recent legislative amendments have expanded how work health and safety risks are assessed in digitally enabled workplaces. The Work Health and Safety Amendment (Digital Work Systems) Act 2026, passed by the NSW Parliament in February 2026, recognises that software and digital platforms used to allocate work, monitor performance or automate decisions may themselves constitute a workplace hazard.

The legislation introduces specific duties requiring Persons Conducting a Business or Undertaking (PCBUs) to ensure that the use and allocation of work by a digital work system, broadly defined to include algorithms, AI, automation and online platforms, does not put workers’ health and safety at risk.

Importantly, the Act treats the technology itself as a system of work, which requires PCBUs to actively design, monitor and control these systems to prevent harm. Other requirements include ensuring outputs do not result in unreasonable workloads, excessive performance metrics or tracking, or excessive monitoring or surveillance and avoiding outputs that lead to discriminatory practices.

Ambiguous concepts, such as ‘unreasonable workloads’ and ‘excessive monitoring’, may present challenges because this creates uncertainty about how these concepts apply, including whether they capture fatigue from automated scheduling, psychological stress from intensive performance tracking, and bias embedded in decision making systems. Responsibility for these outcomes remains with the PCBU, even where systems are provided by third parties.

Legal and regulatory framework

Across Australia, agencies must navigate a combination of privacy law obligations, including limits on collection, use, disclosure and security of personal and sensitive information. On top of this, different state and territory surveillance devices legislation may restrict audio or visual recording without consent while employment and workplace laws, including obligations relating to consultation, fairness and lawful evidence-gathering also apply.

Finally, governance and WHS duties apply, particularly where surveillance is justified on safety grounds. Non-compliance can expose agencies to regulatory investigation, civil liability, reputational damage and internal workforce issues.

Guidance for government agencies

Agencies considering or using surveillance technologies should clearly define and document the purpose of the technology and the specific risks being addressed. They should also assess whether the technology is necessary and proportionate, conduct and document appropriate privacy impact assessments, and implement clear, accessible policies covering surveillance and wearable devices, including any prohibitions on covert devices.

Agencies should also ensure transparency by providing notice to employees, contractors and visitors, and regularly review whether the technology remains justified as risks and environments change.

These steps support a practical, risk-based approach that enables lawful and consistent use of surveillance tools.

This publication does not deal with every important topic or change in law and is not intended to be relied upon as a substitute for legal or other advice that may be relevant to the reader's specific circumstances. If you have found this publication of interest and would like to know more or wish to obtain legal advice relevant to your circumstances please contact one of the named individuals listed.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.