Insight
Category

The Door You Can't See

The door you can't see

Every workplace has a loo. And every loo has a door.

Nobody thinks twice about it. Nobody questions why it's there. Nobody argues that because the building belongs to the business, and the employee is on company time, and the facilities are paid for by the employer — the door should come off.

The door stays. Always. In every workplace, in every industry, in every country. Not because of a policy. Not because someone wrote a rule about it. Because there's a point — a hard, non-negotiable point — where the employer's legitimate interest in what happens in their building stops, and the individual's privacy begins. The door is that point, made physical.

That principle matters more than you'd expect if you've ever wondered what your staff are actually doing on company time — and thought about checking.

You can put CCTV in the corridor. You can put it over the shop floor, at the entrance, in the car park. You can even, if you announce it, point a camera at the corridor outside the loo and track how long people are away from their desk. Some employees would tolerate that. Some wouldn't. But it's on the employer's side of the door.

Now imagine a camera inside the cubicle. Always on. Pointed right at the person.

Nobody needs a law explained to them to know that's wrong. The reaction is instant, visceral, unanimous. You don't need to read UK GDPR, or know what a Data Protection Impact Assessment is, or understand the difference between a data controller and a data processor. You just know. The door exists for a reason, and putting a camera on the other side of it violates something fundamental.

That reaction — that gut-level certainty about where the line sits — isn't a legal principle. It's a human one. Privacy isn't something the law invented. It's something people feel before they think about it. The door on the loo wasn't put there by an act of Parliament. It was put there because everyone already knew it needed to be there. The law came later, and all it did was write down what was already obvious.

But here's the thing about privacy: it doesn't stop at the door.

What a ridiculous idea reveals

Behind the loo door, privacy is absolute. Nobody argues with it. Nobody needs it explained. Nobody needs a law to enforce it. Privacy protects itself there, because it's too obvious to violate. That's the easy case.

Now let me humour you for a second.

Imagine you start a new job and the boss says: "We've got CCTV — it's here to deter theft, provide evidence if something happens in the workplace, you know, the usual. Oh, and we also use it to monitor how long people spend in the loo."

Ridiculous, right? No serious workplace is going to do this. But sit with it for a moment, because your reaction is doing something useful.

You felt two things at once. First: that's off. Something about it is immediately wrong, even though you can't quite put your finger on why — the boss owns the building, owns the cameras, has a legitimate interest in productivity. Second: wait — is that even possible? Could someone actually do that?

Both reactions matter. The first one is your privacy instinct firing — the same instinct that makes a camera inside the cubicle obviously wrong, now showing up outside the door where things are less clear. The second one is the question that reveals something most people don't know: there is a law that covers this. A law that governs privacy in the workplace, in the employer's own space, even when the employer owns everything in sight.

The boss who announces CCTV toilet-timing is technically allowed to do this. Not banned. Not breaking the law by wanting it. But the law says: you must declare it, your people must agree to it, and they get to decide whether they're willing to work under those conditions. That's the deal. Some employees genuinely won't mind — they take a normal break, the number is unremarkable, they don't care.

But others will see it very differently. The employee with a gut condition they'd rather not share with anyone. The one who simply considers their body and their habits to be their own business. For them, that number on the boss's spreadsheet isn't a productivity metric. It's private information about their life, made visible through what sounded like a harmless measure of time. They'd think twice about working there — not because they're lazy, not because they've got something to hide, but because something genuinely private just got caught by a camera that was pointing at a door, not at them.

Two angles on the same ridiculous scenario. The boss's logic makes sense. The employee's objection makes sense. You can hold both in your head and feel the tension between them.

And this is where the law enters the picture — not behind the loo door, where privacy was obvious enough to protect itself, but here, in the shared space, where the boss has power and the employee's privacy is real but can no longer defend itself on instinct alone.

The corridor belongs to the boss. The camera belongs to the boss. The building belongs to the boss. In this space, the boss is empowered. But the law says: there is a higher authority than yours, even in a place that belongs to you. You can measure what you want to measure — but you must declare it first, and your people must agree to it. That's the letter of the law, and it must be respected. If it isn't, there are consequences.

The law doesn't ban the boss from monitoring. It doesn't side with the employee against the employer. What it does is balance the power. The boss holds all the cards in this space — the building, the infrastructure, the cameras, the authority. The employee's privacy is real, but it can't protect itself against that kind of power. So the law steps in: declare what you're doing, let people choose, and respect that choice.

And to be clear: declaring it doesn't make it right. The law doesn't bless intrusive surveillance by requiring transparency — it forces the boss to say the quiet part out loud, knowing what happens next. The employee with the gut condition leaves. The good people leave. The ones who stay are the ones who couldn't afford to go. That's not a healthy business. The law understood this — compliance isn't a substitute for conscience. It's a mechanism that exposes bad practice to the consequences it deserves.

That's the whole principle — learned through a ridiculous scenario that nobody would actually implement, but which reveals something important: privacy doesn't stop at the loo door. It extends into the shared space, where it's still quite easy to see once someone points it out. The privacy that was crystal clear inside the cubicle is still there in the corridor. It's just fuzzier. And the law is what keeps it protected when it can no longer protect itself.

Now take that understanding into the digital world, where things get much fuzzier still.

The boundary you can't see

In the digital world, the same privacy exists. The same law applies. The same balance is required.

But here, the employee's side of the argument has disappeared entirely.

There's no physical door. No visible boundary. No corridor with a camera you can see and judge for yourself. Everything looks like it belongs to the employer. The laptop is theirs. The software licence is theirs. The Microsoft 365 tenant is theirs. The email system, the Teams platform, the login credentials — all theirs. When you own everything visible, it's genuinely hard to feel that there's another perspective at all.

And the boss has a far more powerful tool here than any CCTV camera. The admin panel. The ability to pull activity logs, login times, presence data, idle minutes, browsing history — on any employee, at any time, without that employee knowing it happened or having any way to stop it. In the physical world, at least you can see a camera on the wall and form your own view of it. In the digital world, the surveillance is invisible, silent, and the employee has no idea the boundary was ever crossed. There's no moment where they can look at what's happening and decide how they feel about it, because they don't know it's happening at all.

Remember the ridiculous corridor scenario — how absurd it felt, but how it revealed two angles and a law you didn't know existed? The digital world is the same situation with the absurdity stripped away. The boss pulling activity data from an admin panel doesn't feel outrageous the way timing toilet breaks does. It feels routine. Reasonable. Like checking on something that belongs to them.

But the employee's privacy is just as present in those login times and idle minutes as it was in the corridor footage of how long they spent behind a door. The privacy didn't get weaker. It got harder to see. And the second you step outside that loo door — out of the space where privacy is crystal clear — it becomes fuzzier and fuzzier until, in the digital world, most people can't see it at all.

There's nothing in the Microsoft 365 admin centre that says "WARNING: you are about to cross a privacy boundary." No door. No handle. No lock. Just data, available, looking like it belongs to whoever's logged in. The ease of access creates the illusion that access is appropriate.

But the law learned in the corridor still applies here. The same law, for the same reason — a higher authority than the boss's, even in a space the boss owns, balancing an imbalance the employee can't balance alone. The privacy was always there. It just became invisible. And the law exists to mark where it still is, when people can no longer see it for themselves.

Now put that laptop on a kitchen table

There's one more step on this gradient, and it's the one that makes the principle hardest to ignore.

Picture a company laptop sitting on an employee's kitchen table. The employee works from home. They pay the mortgage. They pay the electricity. The building is theirs — the kitchen, the hallway, the room where the laptop sits. The employer's physical authority, the thing that gave the corridor example its force, has completely evaporated. The only thing the employer owns is the device and the software licence.

But the admin panel still works. The boss can still pull activity logs, still see idle minutes, still check when the laptop woke up and when it went to sleep — all from their own screen, reaching into the employee's private home through a connection the employee can't see or control.

In the corridor, the employer could at least claim territorial authority — my building, my cameras, my space. In the employee's home, even that claim is gone. The only thing left is the digital reach itself: a silent line of sight from the boss's screen into someone's private space, through a device sitting on their own table, in their own home.

If the invisible boundary felt abstract in the office, it feels a lot more concrete when you realise the surveillance is reaching into someone's kitchen. The employer's legitimate interest in productivity doesn't disappear because the employee works from home — but the power imbalance the law exists to balance becomes even more stark when the only authority the employer has left is a login credential and an admin panel.

The same law applies. The same rules. Declare it, agree it, respect the choice. But the stakes feel different when the boundary being crossed isn't in a corporate corridor — it's in someone's home.

How people walk through it

I've had this conversation with at least three different business owners over the years. The request is always a version of the same thing: can you pull a report on what this person's been doing?

Every time, the frustration behind it is legitimate. They're paying a senior salary. They don't feel they're getting the value back. And the data is sitting right there in a system they own, behind an admin panel they have access to. It doesn't feel like crossing a line. It feels like checking on something that's theirs.

And every time, the reaction when I explain the problem is the same: how on earth does privacy come into this?

It comes into it because the boundary is there, even though they can't see it. The same privacy that was obvious behind the loo door, the same privacy that the law stepped in to protect in the corridor — it's here too, in the activity logs and the login times and the idle minutes. Pulling that data on a named employee, retrospectively, without their knowledge, is crossing a line the employee didn't know could be crossed.

Two rules that map the invisible boundary

You can actually locate the line quite precisely. Two rules cover almost everything.

Rule one: you have to knock first.

In the physical world, you knock before opening a closed door. In the digital world, the equivalent is: if you want to monitor staff activity, you have to tell them before you start. Not after. Not retrospectively. Not quietly on one named person.

Announce it. Document it. Give a sensible start date. Apply it across the team. Then go.

The reason this matters isn't just legal compliance — it's the same reason knocking matters. It gives the person on the other side the chance to know what's happening and decide how they feel about it. "We monitor activity across the team, here's how, here's why" is the digital equivalent of a visible, signed CCTV camera. Transparent, declared, everyone knows the deal.

Pulling data on one person without telling them is the equivalent of removing the door entirely and hoping they don't notice. It doesn't matter that it's your building — or your laptop on their kitchen table. The boundary was there for a reason.

There's a useful gut-check underneath this: if announcing what you're doing would make half your staff reconsider working for you, that tells you something important — not about the law, but about what you're actually proposing to do.

Rule two: the boundary doesn't move just because you find a new reason to cross it.

In the physical world, CCTV in the corridor for security doesn't justify CCTV inside the loo for productivity. Same cameras, same building — but the purpose changed, and the new purpose crosses the line.

In the digital world, the same principle applies. Microsoft Teams collects presence data — green dot, red dot, away, busy — as a normal part of how the platform works. Everyone sees it. Everyone uses it. It's mutual, ambient, part of the declared purpose of the tool. That's fine. That's the CCTV sign at the entrance.

But the same Teams system has an admin back end where you can pull detailed activity logs on a specific named employee — when they were online, when they went idle, how long they were away, what they were doing. Same product. Same data. Completely different act. The purpose has shifted from team coordination to investigating a named individual, and the individual was never told.

Same data, different use, different side of the line.

The technology doesn't determine whether you've crossed the boundary. The purpose does. Whether it's a free Microsoft 365 feature or a dedicated monitoring suite, the line is in the same place. The question is always: did the person know, and is this the purpose they were told about?

What the invisible boundary reveals

Here's the thing that's taken me a few of these conversations to see clearly.

The business owner reaching for activity logs is trying to answer a legitimate question: is this person doing what I'm paying them for? The frustration is real, the concern is valid, and the tool is right there in front of them — Microsoft literally built it into the admin panel. It would be strange not to reach for it.

But the boundary is there regardless of how good the tool is. Even if someone invented a system that perfectly measured genuine productivity — an infallible algorithm that knew exactly who was working and who wasn't — obtaining that data covertly on a named individual, without their knowledge, would still cross the same line. The violation isn't in the quality of the data. It's in the method of collection. A flawless surveillance tool is still surveillance, and crossing the boundary to use it still destroys the trust a business needs to function.

That's the principle. And then there's the irony.

The tool they're actually reaching for isn't even giving them good data. Activity logs measure input, not output. They track keystrokes, mouse movements, idle time, login sessions. A high performer could solve a critical problem in twenty minutes, then step away from the screen for the rest of the afternoon — and the log would show them as idle. A low performer could sit there wiggling their mouse for eight straight hours to keep their status green — and the log would show them as the model employee.

The surveillance tool actually punishes the people doing good work and rewards the people gaming the system. So not only does covert monitoring cross a privacy boundary that exists regardless of how accurate the data is — it doesn't even deliver accurate data. The owner is sacrificing their team's trust and not getting useful intelligence in return.

The boundary the law puts in place isn't blocking the owner from getting the answer they need. It's blocking them from getting the wrong answer and acting on it with confidence. The law is doing them a favour — closing off a tool that doesn't work, and pointing them toward the one that does.

My own industry isn't immune

I'll be honest. In the managed IT services world, time is everything. Billable hours, utilisation rates, time-to-resolution. Every MSP I know has had the half-joking conversation about whether cigarette breaks and toilet time should come off the clock. The joke lands because the impulse underneath it is real: if we could just measure everything precisely enough, we'd finally know whether people are working hard enough.

But measurement doesn't answer the question it's trying to avoid. Have I built the kind of team and culture where people want to do good work? If yes, you don't need the measurements. If no, the measurements won't fix it.

That's true inside my business, and it's true inside my clients' businesses. Technology can support good management. It cannot replace it. And when it's asked to replace it, you end up on the wrong side of the boundary — maybe not literally, but the principle is the same.

The stronger move

Here's what I've learned from the owners who've come through these conversations and actually resolved the underlying problem.

The ones who got results didn't do it through monitoring. They did it through clarity. Documented expectations — specific, written, measurable — that made performance visible through output rather than surveillance. Structured one-to-ones with documented outcomes, so the record builds itself over time. Distribution of access and process control, so the business isn't dependent on a single person and the bottleneck that triggered the concern gets resolved structurally.

When performance still doesn't improve after expectations are clear and documented, a formal review and Performance Improvement Plan is the move that produces evidence a business can actually act on — legally sound, commercially defensible, and impossible to argue with. That's not a last resort. It's the tool that works when others don't, and reaching for it early is a sign of confident management, not heavy-handedness.

An employment solicitor or HR adviser can set this up in a single conversation — usually a few hundred pounds for a proper framework that holds up. For anything more serious — suspected breach of contract, disloyalty, working for a competitor — that conversation becomes essential, not optional. Either way, the gap between what covert monitoring risks and what proper management costs makes the choice straightforward.

A final thought

The loo door is the one place in every workplace where privacy is built into the architecture. You can see it, touch it, close it behind you. Nobody questions it.

In the digital world — and increasingly in the employee's own home — the same boundary exists. Same principle. Same reason. The only difference is that you can't see it.

The answer to the question the owner was really asking — is this person doing the job? — was never behind the admin panel. It was in the conversation they hadn't had yet.

This piece reflects how I think about these conversations as an MSP. It isn't legal advice. For anything specific to your business or an employee situation, an employment solicitor or HR adviser is the right starting point — and usually the fastest route to a resolution that actually holds up.

There's a deeper question underneath all of this — one I've been thinking about since having these conversations. In the workplace, the invisible boundary gets crossed when a boss reaches for an admin panel. But what happens when the watching isn't a choice anyone makes — when it's designed into how the tools connect to you, and using them means the camera was already on before you started? That's another conversation, and it's one I think we'll need to have soon.

Share this post