Keeping pace: Technology in the workplace

Technology has been advancing rapidly in recent years, including a proliferation of the use of AI. Not unexpectedly, businesses are embracing these advancements, and finding ways to harness them to bring greater efficiencies, improvements and cost savings to their operations

This harnessing of technology is impacting the workplace and how people work, including with respect to privacy, surveillance and work health and safety matters.

This article considers some legislative reforms aimed at addressing some of these impacts.

Digital Work Systems

In February 2026, the New South Wales Parliament passed the Work Health and Safety Amendment (Digital Work Systems) Act 2026 No.5 (NSW). The Act amends the Work Health and Safety Act 2011 (NSW), by introducing express duties on persons conducting businesses or undertakings (Organisations) relating to the use of “digital work systems”.

A “digital work system” is broadly defined as “an algorithm, artificial intelligence, automation or online platform” and can include technology used for scheduling work or for monitoring productivity.

Among other amendments, the Act introduces the following:

• an expansion of the primary duty of care on Organisations to ensure, so far as reasonably practicable, that their workers’ health and safety is not put at risk from the use of “digital work systems”; and
• an additional duty on Organisations to ensure, so far as reasonably practicable, that the health and safety of their workers is not put at risk by the “allocation of work” by any “digital work system”.

When using a “digital work system” to allocate work, Organisations must consider whether that system creates or will result in a risk of:

• excessive or unreasonable:
  • workloads;
  • use of metrics to assess and track performance; or
  • monitoring/surveillance of workers; or
• unlawful discriminatory practices or decision-making.

To discharge this duty, employers should undertake risk assessments before introducing or continuing the use of a “digital work system”, and then implement appropriate steps to address any identified risks.

The Act also gives WHS permit holders a right to enter premises on notice and to seek the assistance of an Organisation to access and inspect these “digital work systems” if they suspect a contravention.

Most of the Act will commence on a date to be proclaimed, with the provisions relating to WHS permit holder rights to seek assistance to take effect only after relevant guidelines have been published by SafeWork NSW.

Workplace surveillance

Workplace surveillance laws across the country are somewhat patchy.  Only New South Wales (Workplace Surveillance Act 2005 (NSW) (NSW Act)) and the Australian Capital Territory (Workplace Privacy Act 2011 (ACT) (ACT Act)) have specific workplace surveillance legislation and those Acts have been in place for years.  Workplace surveillance laws are, therefore, ripe for change.

In response to increasing concerns about privacy, the Victorian Government commissioned an inquiry into workplace surveillance and, in May 2025, the inquiry report was tabled before the Victorian Parliament.

The key findings included that workplace surveillance was increasing across Victoria, often without employee knowledge or consent, and that intrusive monitoring often created a toxic workplace culture that reduced morale and increased health and safety risks. While 18 recommendations for reform were made, 15 of them have now received government support.

The supported recommendations, if legislated, will result in Victoria having the most extensive workplace surveillance laws in the country, including because those laws are likely to require:

• risk assessments to prove that workplace surveillance is reasonable, necessary and proportionate;
• employers to promulgate a workplace surveillance policy, if they wish to conduct workplace surveillance of any kind;
• employers to appoint a person with delegated authority to review any automated decisions made using workplace surveillance data that could significantly affect worker rights, interests or employment status;
• privacy protections, including that employers must inform employees who will be collecting workplace surveillance data, how it will be secured and stored, how long it will be kept, how it will be disposed of, and who can use that data and for what purpose; and
• limiting the collection by employers of employee biometric data to circumstances where there is legitimate purpose that cannot be achieved through less invasive means. This may have implications for the use of biometric scanning for workplace access, for example.

Privacy Act

Privacy is often a concern where new technologies are introduced.   This was recognised by reforms to the Privacy Act 1988 (Cth), brought about by the Privacy Act and Other Legislation Amendment Bill 2024 (Cth).

Those reforms introduced some technology focussed changes, notably:

• a requirement that, from 10 December 2026, privacy policies be updated to include specific information where an organisation uses a computer program to make a decision that could reasonably be expected to significantly affect the rights or interests of an individual where personal information of that individual is used by the computer program when making that decision (For more information, see our related article: Automated Decision-Making: Current privacy obligations and what’s in the pipeline for 2026); and
• clarification that, when taking reasonable steps to secure personal information, organisations must also take technical and organisational measures to protect that information from misuse, interference, loss and unauthorised access, modification or disclosure – such as encrypting data, securing access to systems and training staff on data protection.

And while not technology focussed, per se, the introduction of the statutory tort for serious invasions of privacy as part of those reforms has potential implications for the use of technology at work, including workplace surveillance.  Subject to some exceptions and defences, that tort gives individuals (such as employees) a path to seek redress in court where there has been a serious, and intentional or reckless, invasion of their privacy in the form of misuse of information or intrusion on their seclusion.  To substantiate this tort, a number of elements must be made out, including that a person in the position of the individual must have had a reasonable expectation of privacy in the circumstances.  Demonstrating that reasonable expectation where the alleged privacy invasion arose from surveillance by their employer at work may be harder for an employee if at the relevant time clear, promulgated and lawful policies were in place which permitted the surveillance in question.

Next steps?

Employers need to stay up to date with these and future reforms and ensure that they have in place appropriate systems, practices and policies to comply with them.

Key areas for compliance include:

• conducting risk assessments to ensure, so far as reasonably practicable, that any “digital work systems” (including those allocating work) do not put at risk worker health and safety in NSW;
• updating privacy policies before 10 December 2026 to address the use of automated decision making; and
• reviewing or introducing workplace surveillance policies, and updating them as necessary for those businesses with Victorian operations if workplace surveillance laws are introduced in that State.

Please do not hesitate to reach out to a member of our Employment Safety & Migration team should you need any assistance with any of these matters.

The information contained in this article is general in nature and cannot be relied on as legal advice nor does it create an engagement. Please contact one of our lawyers listed above for advice about your specific situation.