Employers are collecting more and more information on workers using more invasive, granular, and constant methods. Although the data is used to automate decisions and optimize workflow, workers are left in the dark about how the collected data impacts them. These invasions of privacy coincide with employee misclassification and fissured workplaces, reducing the protection workers have from improper data collection. With multiple layers of employers all passing along liability and decisionmaking, it is difficult for workers to know who is collecting what information and why. This has led to some alarming results. For example:
- A California woman was allegedly fired after refusing to consent to 24-hour GPS tracking.
- An employer paid for access to his employee’s fertility information from a premium fertility tracking app.
- Information about a man’s recovery after triple bypass surgery was sent to his boss by a fitness tracker.
Workers need more transparency and more control over the use of data in the workplace to ensure there are safeguards.
The Worker Privacy Act is a draft bill developed by the Center on Privacy & Technology at Georgetown Law to prevent invasive worker data collection and increase worker control over workplace data. It does this by:
- Increasing employee input in decisions around data and surveillance. Employers should not be able to implement workplace surveillance or data collection without providing context and warning to employees. The bill requires employers to explain: (a) what data is collected, (b) how data is collected, and (c) how the data is used, before systems are used or to continue using them.
- Establishing clear prohibitions on the use of data. Certain uses of data should be outright prohibited. Employers cannot: (a) transfer data to third parties without disclosure and cybersecurity protections, (b) collect data on workers when they are not working, or (c) automatically fire employees using data or inferences.
- Expanding who is considered an employer. Employers attempt to shift responsibility onto other companies they’ve contracted with. This bill broadens the definition of employers to capture the full spectrum of those who direct the collection of and have access to employee data including (a) contractors and (b) franchisors.
- Creating a dedicated office to worker privacy. A new division in the Department of Labor will enforce the protections of the Act. It will also research surveillance in the workplace, providing empirical evidence of different practices and recommendations for future regulation.
You can find the bill here.
We would like to thank Brishen Rogers, David Weil, Ifeoma Ajunwa, Kate Crawford, and Jason Shultz for their research that, in part, inspired this bill. We would also like to thank Elly Kugler and Aiha Nguyen, who took the time to review it and provide helpful feedback.
For more information, contact Gabrielle Rejouis at the Center on Privacy & Technology at Georgetown Law at firstname.lastname@example.org.