Technology vs. privacy and productivity in the smart workplace

The pandemic has accelerated the shift in how we think of and utilize office spaces. 

Technology is the key enabler for a new hybrid workplace; a workplace that supports both in-person collaboration and remote work.

Expectations amongst the workforce have shifted dramatically in recent times. A Microsoft survey revealed that 70% of workers prefer more flexible work options - employees expected to be in the office fewer than 10 days a month.

Technologies like space planning, digital wayfinding, mapping, room/desk booking, and usage optimization can make the hybrid model more workable for large companies. 

However, this new world is not without its challenges, particularly when it comes to safeguarding personal data and maintaining a productive, healthy workforce.

In this article we’ll explore:

  • Some challenges associated with the technology needed to support smart workplaces
  • The (costly) consequences of breaching data protection laws with the 10 biggest fines so far
  • The support employees need to get the most from smart workplaces
  • The measures Pointr takes to ensure personal data is never compromised

user-privacy-08 (1)

Technology challenges of the hybrid workplace

Technologies used to support the hybrid workplace often rely on sensors or WiFi to collect the data necessary to enable tech features, create more efficient work environments, and allow better cost control for workspaces. 

The same technologies that underpin this hybrid model have the potential to compromise employee privacy, thereby generating risks for both corporations and the buildings they occupy. 

Finding tech that complies with multiple privacy standards is a major pain point for the CRE (Commercial Real Estate) industry, including Fortune 100 organizations with large corporate campuses.

These standards include the European Union's General Data Protection Regulation (GDPR) which became effective in May 2018, and the California Consumer Privacy Act (CCPA) effective 1st January 2020.

And there are onerous penalties for getting it wrong.

The financial consequences of getting data privacy wrong

  • GDPR - General Data Protection Regulation 

Using tech that doesn’t comply with privacy rules and meet the required standards can result in heavy penalties. The EU General Data Protection Regulation (GDPR) is among the world’s toughest data protection laws. 

Under the GDPR, the EU’s data protection authorities can impose fines of up to €20 million (roughly $22M), or 4 percent of worldwide turnover for the preceding financial year—whichever is higher.

Since the GDPR took effect in May 2018, we’ve seen over 800 fines issued across the European Economic Area (EEA) and the UK.

Here’s a table showing the top 10 fines levied under the GDPR so far (€=USD 1.13) approx.






€756M ($854M)

Announced in the company’s July 2021 earnings report . 15 times more than the next biggest fine.

Reason: Cookie consent violation.



€50M ($56M)

Levied in 2019, finalized after an unsuccessful appeal in March 2020.

Reason: Improper provision of privacy policy, lack of user control over use of personal data.



€35M ($40M)

Monitored several hundred employees after returning to work from vacation or sick leave.

Reason: Return to work data used improperly to evaluate performance and make employment decisions. Insufficient access controls.




€27.8M ($31M)

Italian telecommunications operator fined on January 15, 2020

Reason: A series of unlawful actions mainly stemming from an over-aggressive marketing strategy.


British Airways

€22M ($25M)

Fined in October 2021 for a breach that occurred in 2018. Substantially less than the original $238M fine originally proposed by the ICO (Information Commissioner’s Office).

Reason: BA’s systems were compromised and hackers exfiltrated the log-in details, payment card information, and travelers’ names and addresses of 400,000 people.



€20.4M ($23M)

Again less than the original $123M fine originally proposed by the ICO.

Reason: 283 million guest records in the guest reservation database compromised. The hack originated in Starwood Group’s reservation system in 2014, Marriott acquired Starwood in 2016, the hack wasn’t detected until September 2018



€17M ($19M)

Imposed on Wind by the Italian Data Protection Authority on July 13, 2021

Reason: Unlawful direct marketing activities.


Vodafone Italia

€12.3M ($14M)

Imposed November 2020 in relation to a huge number of alleged GDPR violations.

Reason: Data processing issues including failing to properly secure customer data, sharing personal data with third-party call centers, and processing without a legal basis.


€10.4M ($12M)

German electronics retailer (NBB) received this significant GDPR fine on January 8, 2021.

Reason: The penalty relates to how NBB used CCTV cameras to monitor its employees and customers.



€8.5M ($10M)

Eni Gas e Luce (Eni) - an Italian gas and oil company fined by the DPA (Data Protection Authority).

Reason: Found to have made marketing phone calls without a proper legal basis.


  • CCPA - California Consumer Privacy Act

With similar objectives to the GDPR in Europe, the CCPA regulates organizations selling to California residents or managing their personal data. The law applies to  organizations regardless of where they operate from.

Every unintentional violation of the CCPA incurs a fine of $2,500 each, while intentional violations result in a fine of $7,500 each. CCPA is significantly different from GDPR in how financial damages are assessed. 

Each case varies on the nature of the violation, but it’s important to note the individual nature of the fines. For example, in the British Airways case above, there are 400,000 individual violations!

The CCPA continues to evolve and we’re just beginning to get an idea of how violations will unfold. Active cases already exist involving Amazon, Zoom, Tik Tok and others.

People need reassurance in the smart workplace

Working in a smart, hybrid workplace can be a new concept for many employees. While adapting to new technologies that help enable a more convenient and flexible workplace experience, companies should also consider providing guidance and support to ensure their employees' privacy and confidentiality are respected, whether in a co-working space or a huge corporate campus. 

  • Employee buy-in for new systems is a must. It’s critical to be clear and transparent about data usage and the anonymisation of employee data to reassure employees they’re not being snooped on.
  • If employees believe that technology doesn't respect their privacy, they might not want to use the tech. This could result in wasted investments for organizations. 
  • Training employees to ensure they’re comfortable working with new tech and the new flexibility of the hybrid workplace is key. A frustrating workplace experience can have a profound negative effect on employees. Ultimately such frustration can affect employees' morale and lower productivity as a result.

Pointr plays its part safeguarding users’ data

At Pointr we’re acutely aware of the role we have to play in safeguarding users’ data in the smart workplace. We care about data privacy.

Here are just some of the measures we take to make sure our users are protected:

  • Our software only collects anonymous data that can’t be tied to the individual. 
  • Our SDK (Software Development Kit) is designed to comply with user data privacy. This is in complete contrast to other SDK’s that mine users’ data without their consent.
  • We only collect anonymous location data and provide actionable insight for business decision-makers without compromising employees' privacy - ever.
  • We work closely with our smart workplace clients and are trusted partners.
  • Our technology is fully ISO certified.
    user-privacy-01 (1) (1)

About Pointr

Pointr is a global leader in indoor location. Pointr's Deep Location® software technology uses machine-learning techniques to create the best performing and the only scalable indoor location technology available today. Deep Location® enables location-based services such as digital mapping, and smooth indoor-outdoor wayfinding. Our technology is ISO 27001 and ISO 27017 certified and approved by Cisco DNA Spaces, Microsoft, CBRE, ISS, DHS, and many others. 

We work with major customers in healthcare, smart workplace, retail, and aviation across North America, Europe, and Asia including UCHealth, international corporations (CBRE), the U.S. Department of Homeland Security, U.S. Airports (Washington Regan and National), two major U.S. Airlines and one of the major U.S. department store retailers across 2,000 locations with millions of mobile application users.

Find out more - contact Pointr today.

Contact us

Related topics:

Author: Les Blythe