Beyond Bossware: The Rise of Wellbeing-Monitoring in the Workplace

April 16, 2026

Beyond Bossware: The Rise of ‘Wellbeing-Monitoring’ in the Workplace

Ius Laboris + Follow Contact LinkedIn Facebook X ;) Embed

[authors: Jezamine Fewins, Joanne Chan]*

Employers are increasingly using wellbeing‑monitoring tools to track the digital activity of employees, particularly in the financial services sector. This rise in so-called “bossware” raises concerns around workplace data privacy and employee trust. Below, our experts examine what employers need to weigh if they plan to introduce such monitoring tools in Hong Kong.

A leading global investment bank has begun piloting a system that compares junior bankers’ self-reported working hours with computer-generated estimates. The estimates are based on their digital activity. The system uses indicators such as desktop keystrokes, video calls, and scheduled meetings to build an estimated weekly activity footprint. The bank describes the initiative as a wellbeing-measure that promotes transparency and encourages open conversations around overwork, rather than to penalise staff. The bank maintains it will not use the tool for performance evaluation.

This pilot is part of a wider trend in the financial services sector. More employers are adopting monitoring technology, often described as “bossware”, to track workloads and address long standing concerns about excessive hours, burnout and the pressures associated with remote work. The industry has already introduced measures such as capping working hours and restricting weekend work to ease its culture of gruelling schedules. Even so, employee surveillance, even when framed as supportive, raises concerns about privacy, workplace trust and the risk of a “Big Brother” environment. Some critics remain sceptical, arguing that the initiative is likely to increase pressure on workers rather than alleviate it.

Data privacy and employee monitoring in Hong Kong

If the bank wanted to roll out these measures in Hong Kong, they would need to be considered in conjunction with the Personal Data (Privacy) Ordinance (“ PDPO ”). The PDPO, Hong Kong’s main data protection legislation, does not prohibit workplace monitoring outright. However, any monitoring that involves collecting personal data must comply with the legislation.

Data Protection Principle 1 requires employers to ensure that:

• the personal data is only collected for a lawful purpose directly related to a function or activity of the data user; and
• the collection of personal data is adequate but not excessive. Employers must also inform employees, on or before collecting their data, the purpose for which the data will be used.

The Office of the Privacy Commissioner for Personal Data in Hong Kong has recommended that employers undertake the “3As” assessment process, which refers to:

• Assessment – assessing the risks and benefits of employee monitoring, having regard to the purposes that relate to the employer’s business functions or activities;
• Alternatives – considering other options that may be equally cost-effective and practical, yet less privacy-intrusive; and
• Accountability – implementing privacy-compliant data management practices for handling personal data obtained from employee monitoring. When examining the bank’s pilot programme through this lens, the monitoring raises several privacy concerns.

Assessment: The pilot aims to identify overwork, but the monitoring may still capture personal activity on work devices. For example, sending a personal email to a family member during their lunch break. Employees may find this to be intrusive. Even with assurances the bank will not use the data for performance evaluation or enforcement purposes, there is a risk that managers may rely on it informally. This could undermine trust and cause unintended harm to employees.

Alternatives: The bank’s well-being goals could arguably be achieved through less intrusive means. This may include regular supervisor check-ins where employees are given the opportunity to speak with their supervisors directly and voice any concerns about their workload. This would enhance communication and help build trust between the bank and the employee. Other alternatives include having a “workload dashboard” which sets out work allocations for projects, deadlines, and staffing data. It might also include optional “digital wellbeing summaries” akin to screen-time tools on smartphones. If the bank has not properly considered these options, it may struggle to justify its monitoring approach in Hong Kong.

Accountability: Employers must create clear policies to explain what data they collect, how it will be used, and who can access it. They should also keep data only for as long as needed and delete it once the wellbeing purpose is met. Finally, they should strictly limit access to monitoring data to HR or senior management. Internal controls must prevent use of the data for performance evaluation or anything other than the stated purpose. Regular reviews should ensure the tool remains necessary and proportionate.

Implications for employers considering employee monitoring

Employers introducing similar monitoring tools in Hong Kong would face significant compliance obligations under the PDPO. They would need to conduct privacy impact assessments, update internal policies, revise privacy notices and ensure any third-party providers meet regulatory standards. Because these systems generate sensitive behavioural data, organisations must also implement strong security controls such as access restrictions, encryption and defined retention schedules. Any breach involving such detailed information could lead to serious legal and reputational consequences.

Beyond legal compliance, employers must consider the impact on workplace culture and employee trust. Even when framed as supportive, monitoring tools often create anxiety and can erode psychological safety, particularly in high pressure sectors. Experience in other financial institutions shows that such tracking has caused tension and concern among junior staff, who may fear indirect performance assessment or increased scrutiny. Monitoring can also unintentionally encourage presenteeism or employees to “look busy” rather than focus on meaningful productivity. Without genuine changes to workload management and leadership practices, these tools risk worsening the very wellbeing issues they claim to address.

Takeaway for employers

If a Hong Kong employer were to pilot monitoring technology, they would face significant PDPO compliance obligations, including transparency, proportionality and purpose-limitation requirements. The legal risks are substantial, but the cultural and trust related risks may be even greater.

In Hong Kong, as elsewhere, employers seeking to improve wellbeing may achieve more through meaningful workload management, supportive leadership and cultural change than through algorithmic oversight.

*Lewis Silkin

;) ;) Report

Latest Posts

• Beyond Bossware: The Rise of ‘Wellbeing-Monitoring’ in the Workplace
• Greece Minimum Wage Rises in April 2026: Who Benefits and What Changes
• Sweden Seeks Renegotiation of the Pay Transparency Directive: Is the Tide Turning Against Brussels?
• Short-Time Work in Times of Geopolitical Crisis
• Changes Afoot for Employer-Sponsored Visas in Australia See more »

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.
Attorney Advertising.

©
Ius Laboris

Written by:

Ius Laboris Contact + Follow more less

PUBLISH YOUR CONTENT ON JD SUPRA

• ✔ Increased readership
• ✔ Actionable analytics
• ✔ Ongoing writing guidance Join more than 70,000 authors publishing their insights on JD Supra

Start Publishing »

Published In:

Data Privacy + Follow Data Protection + Follow Data Security + Follow Employee Monitoring + Follow Employee Privacy Rights + Follow Employer Responsibilities + Follow Financial Services Industry + Follow Hong Kong + Follow Personal Data + Follow Regulatory Requirements + Follow Remote Working + Follow Risk Management + Follow Finance & Banking + Follow Labor & Employment + Follow Privacy + Follow more less

Ius Laboris on:

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra: Sign Up Log in ** By using the service, you signify your acceptance of JD Supra's Privacy Policy.* - hide - hide