AI tools are making employee monitoring easier than ever. Software that tracks keystrokes, screenshots desktops every few minutes, monitors email, and analyses productivity patterns is cheap and widely available. But in Australia, the rules around what employers can legally do are more restrictive than many business owners realise.

The legal framework

Employee monitoring in Australia sits across several overlapping laws. The Privacy Act 1988 covers how personal information: including employee data: is collected, used, and stored. The Fair Work Act 2009 sets out employee rights and employer obligations. State-based surveillance legislation: particularly the Workplace Surveillance Act 2005 in NSW and equivalent laws in other states: adds specific rules about covert vs overt monitoring. The Telecommunications (Interception and Access) Act 1979 covers interception of communications.

The key principle across all of these: covert surveillance of employees is generally not permitted. If you’re monitoring employees, they need to know about it.

What you can do

Employers can monitor employees’ use of work systems: computers, email accounts, phones, vehicles: if the monitoring is disclosed. That means telling employees clearly what is being monitored, how, and why. A written policy that employees have acknowledged is the standard approach. Monitoring that is disclosed in the employment contract or workplace policy, and that employees are aware of, is generally lawful.

AI-powered productivity tracking: tools that analyse how time is spent, flag unusual activity, or score output quality: falls into the same category. If employees know it’s happening and what data is being collected, it’s usually permissible. If it’s covert, it’s almost certainly not.

What you can’t do

Covert surveillance is the main line you can’t cross. Installing keyloggers, taking hidden screenshots, or reading employees’ emails without their knowledge is a serious legal risk in Australia: potential criminal liability in some states, and significant civil exposure under privacy law.

Monitoring personal devices is another area of high risk. If an employee uses their own phone or laptop for work, your right to monitor that device is very limited, even if work data is on it. Get legal advice before attempting to monitor employee-owned devices.

Using AI to make employment decisions: hiring, promotion, termination: based on monitored data also creates risk. If the AI analysis is wrong, biased, or based on inadequate data, and an employee is treated unfairly as a result, you may face unfair dismissal or discrimination claims.

What this means for your business

If you want to use AI monitoring tools with your team, the process is straightforward but not optional: update your workplace policy to disclose what monitoring is happening, have employees acknowledge it, and make sure the monitoring is proportionate to a legitimate business purpose. Don’t monitor employees secretly. Don’t make significant employment decisions based solely on AI-generated analysis without human review. And get legal advice if you’re in a sector with additional obligations: healthcare, finance, and legal services all have their own rules.