The Disclosure Gap in Industrial AI Video Deployments
Industrial facilities have used CCTV surveillance cameras for decades. Workers in those facilities generally understand — at a broad level — that cameras are present and that footage is retained for security review. What many facilities have not done is work through how that baseline understanding changes when the cameras become analytically active: when they are no longer passive recorders but continuous observers that generate structured data about worker behavior, zone occupancy, and compliance status.
The legal and ethical distinction between recording workers and analyzing workers is not merely semantic. Under the EU General Data Protection Regulation (GDPR), video footage that is processed by automated systems to evaluate worker conduct or monitor compliance constitutes processing of personal data for the purposes of employment monitoring — a regulated category that requires a specific lawful basis, explicit worker notification, and in some cases formal impact assessments. Under the California Consumer Privacy Act (CCPA) as amended by the CPRA, workers in California-based facilities have rights regarding the collection and use of their personal information that extend to video-derived behavioral data. Under the Illinois Biometric Information Privacy Act (BIPA), automated systems that process facial geometry or other biometric identifiers require written consent before data collection begins.
None of these frameworks prohibit AI video monitoring in industrial facilities. But they do establish obligations that a plant manager cannot treat as an afterthought when deploying such a system.
GDPR: What UK and EU Facilities Must Address
For facilities operating under GDPR jurisdiction — including UK operations under UK GDPR post-Brexit — the deployment of automated video analysis for worker monitoring requires working through several specific obligations.
Lawful basis. The most defensible basis for employment monitoring under GDPR is legitimate interests (Article 6(1)(f)), provided the monitoring is proportionate to the purpose and workers' rights and freedoms do not override the controller's interests. For safety compliance monitoring — PPE detection, pedestrian-vehicle separation — the safety purpose typically supports a legitimate interests basis. For productivity or performance monitoring, the proportionality question is more sensitive and a Data Protection Impact Assessment (DPIA) under Article 35 is strongly advisable rather than optional.
Worker notification. GDPR requires that data subjects — workers, in this context — be informed of the processing through a privacy notice that specifies what data is being collected, for what purpose, under what lawful basis, and how long it is retained. Existing CCTV signage that states "This area is monitored by CCTV" is insufficient for automated analytical processing. The notification must describe the AI analysis specifically.
Data minimization and retention. GDPR's data minimization principle requires that only data necessary for the stated purpose is collected and retained. For a PPE compliance monitoring deployment, this means the system should be configured to generate compliance event logs and annotated clips of violations, not to retain continuous unfiltered footage beyond the period operationally required. The retention period for detected events should be defined and documented before deployment, not after.
DPIA requirement. Processing of video footage by automated systems that evaluate worker conduct is likely to trigger the Article 35 DPIA obligation in most GDPR jurisdictions. A DPIA does not prevent the deployment; it requires a structured assessment of the risks and the mitigations in place, documented and reviewed before processing begins. Facilities that skip this step and are later subject to a supervisory authority investigation will have a harder compliance defense than those with a completed DPIA on file.
US Facilities: A State-by-State Patchwork
The United States does not have a single federal privacy framework equivalent to GDPR. For US facilities deploying AI video analysis, the applicable obligations depend on the state in which the facility operates.
Illinois (BIPA). The Illinois Biometric Information Privacy Act (740 ILCS 14) requires informed written consent before any collection of biometric identifiers, including facial geometry derived from video analysis. BIPA has produced substantial litigation, including class actions with per-violation statutory damages. Any AI video system deployed at an Illinois facility that processes facial features — even incidentally, as part of PPE detection that requires face-region analysis — requires a documented consent process. This is not optional and is not satisfied by a general employment agreement disclosure.
California (CCPA/CPRA). California workers have the right to know what personal information is collected about them by their employer, including video-derived behavioral data. The CPRA's employee data provisions require that California employers provide workers with a Notice at Collection at or before the point of collection. For a new AI video deployment, this notice should be provided before the system goes live, not at the next annual policy update cycle.
Other states. Washington, Texas, and several other states have biometric privacy statutes with varying scope and enforcement mechanisms. The operational implication for a multi-state manufacturer is that each facility's compliance obligations should be assessed against that state's current law, not assumed to follow a single federal standard that does not exist.
Unionized Workforces: Collective Bargaining Obligations
For facilities with unionized workers, the introduction of AI video monitoring is almost certainly a mandatory subject of bargaining under the National Labor Relations Act — a change in working conditions that requires the employer to notify the union and bargain in good faith before implementation, not after. Failing to engage the union before deployment is a common operational misstep that delays projects and creates labor relations exposure that is entirely avoidable.
The practical approach is to brief union representatives on the purpose of the deployment, the specific data that will be generated, how it will be used (and explicitly, how it will not be used — for example, that it will not be used for individual performance evaluation or progressive discipline), and what retention and access controls are in place. Facilities that have had this conversation transparently tend to find that union representatives are more concerned about how the data will be used than about the monitoring itself. Agreeing to explicit limitations on use — codified in a memorandum of agreement if the union requests it — resolves most substantive objections.
We are not saying that unions will uniformly oppose AI video monitoring. Many safety representatives actively support monitoring systems that generate objective data about safety deviations, because that data supports safety grievances and corrective action requests as well as employer compliance programs. The concern is typically about the potential for monitoring data to be weaponized against individual workers — and those concerns are legitimate enough to deserve a direct, explicit answer rather than a general assurance.
Privacy by Design: What It Means in Practice
Privacy by design is a principle, codified in GDPR Article 25, that requires data protection measures to be built into systems from the start rather than added retrospectively. For AI video deployments in industrial settings, this translates into several specific configuration decisions that should be made at deployment, not revisited after a privacy complaint.
First, consider whether the system can be configured to detect PPE and zone compliance without retaining identifying facial data. A system that detects "a worker without a hard hat is present in Zone 3" and generates an anonymized alert without storing the worker's facial geometry satisfies the monitoring purpose while minimizing the personal data processed. This is not always technically achievable, but it should be the first-choice configuration for facilities where BIPA or biometric consent obligations apply.
Second, define access controls for detected event clips explicitly. Not every manager in the facility needs access to annotated video clips of compliance violations. Access should be role-limited to the supervisory and safety staff whose job function requires it, with an audit log of who accessed which events and when.
Third, set retention periods in the system configuration rather than relying on storage capacity as the practical limit. A 30-day retention period for raw footage and a 90-day retention period for flagged event clips is a defensible and reasonable starting point for most facilities. Longer retention should require documented justification.
A Note on Industrial vs. Commercial AI Video
Much of the public discussion about AI video monitoring in workplaces has focused on commercial settings — retail stores, call centers, office environments — where the monitoring purpose is often productivity measurement and the power dynamics between employer and worker are sometimes explicitly adversarial. Industrial facilities deploying AI video for safety compliance and operational observability are in a substantively different category, and the compliance and communication approach should reflect that difference.
Safety monitoring that helps a facility identify and correct hazardous conditions before someone is injured is a different proposition than monitoring that generates individual performance scores used in compensation decisions. The legal obligations are the same — disclosure, proportionality, data minimization — but the conversation with workers about why the system is being deployed, and what it will and won't be used for, has a fundamentally different character when the answer to "why are you doing this?" is "because we want to stop people from getting hurt" rather than "because we want to measure your productivity."
Being explicit about that purpose — in writing, before deployment, in a format that workers and union representatives can review — is both a legal disclosure obligation and the foundation of a deployment that will actually be accepted on the floor rather than resented and worked around.