Responsibly applying the Internet of Things to create healthy workplaces

Internet of Things (IoT) technologies can make workplaces healthier, but are not without ethical, legal, and organisational hurdles. Risks are often underestimated, and specific guidance is needed.

Heavy workloads, poor posture and stress: the world of work carries its risks. Modern technologies, including wearables, smartwatches, stress tracking systems, sensors that monitor sitting posture, and lighting and motion sensors promote prevention and safety, but they also gather highly sensitive data. A research project led by Tobias Mettler from the University of Lausanne examined technical, legal and ethical issues and created a method for companies and organisations to responsibly implement IoT solutions.

The most important findings

The risks associated with IoT solutions that monitor employee health and safety are still underestimated. Sensitive issues such as potential manipulation of trust or social inequalities – like those caused by unequal access to high-priced gadgets – are often inadequately recognised, even though IoT tools can exacerbate them. The research team developed a specific method to assess the impact on data protection, which systematically identifies risks and fosters trust between stakeholders. From this, the research team derived management measures such as data minimisation, purpose limitation and access controls. This is because general principles are insufficient to translate knowledge into compliant action. Instead, context-specific and actionable recommendations are necessary.

Significance for policy and practice

The design recommendations developed in the project not only draw employers' and employees' attention to IoT opportunities and risks but also provide practical suggestions, among other things, for mitigating fears. The research project has helped close legal gaps in employee protection, including transparency requirements, purpose limitation, prohibitions on performance sanctions based on health data, and enhanced oversight.

Three main messages

  1. The use of IoT applications in occupational health and monitoring entails a variety of ethical and legal risks. These risks are interlinked, often difficult to predict and frequently underestimated, which shows how important it is to carefully consider the development and introduction of such technologies.

  2. Given the rapid advances in the field of IoT technology, traditional ethical and legal principles often do not suffice. Existing regulations cannot keep pace with technological developments, resulting in significant gaps in oversight and protection.

  3. Concrete, context-specific recommendations for action are needed to bridge the gap between ethical and legal principles and their practical application. Such practical guidelines are essential to enable organisations to translate existing knowledge into responsible and compliant action when introducing IoT technologies.

For more information on the researchers' methods and background details of the research project, please visit the NRP 77 project website:

Further research projects on the “digital transformation” under NRP 77 can be found here: