Scholars argue regulators must protect workers’ rights by recognizing their collective data interests.
Twenty-one million screenshots capturing employees’ computers—some containing their emails, passwords, and other sensitive information—were leaked to the public in a recent data breach. Whether by monitoring employees’ screen activity with automatic screenshots or tracking workers’ body movements with wearable technologies, employers are increasingly practicing digital surveillance.
Worker organizations and researchers have raised questions about how digital surveillance at work affects labor-management relations and workers’ privacy, but these novel legal issues have not been explicitly addressed in federal regulations.
In a forthcoming article, Pauline T. Kim and Rachel H. Leavitt argue that existing data protection regulations are insufficient to safeguard workers’ interests. They contend that labor laws should be updated to recognize workers’ collective interest in their data.
The authors warn that employers’ data collection and resulting algorithmic management methods could harm workers. One notable example they give is how Amazon’s time tracking and algorithmic goal setting has discouraged necessary bathroom breaks and increased rates of injury. They cite the claim by Google employees that the company installed systems on their computers that tracked calendars to “weed out” union organizing and, in doing so, threatened workers’ rights under federal law.
Kim and Leavitt explain that, since these management systems are designed for use across the whole workforce, data collection from each individual worker will affect all employees. Employees, then, have a group-based interest in how their data is collected and used.
Despite that strong collective interest, workers are not covered by most data protection laws, according to Kim and Leavitt. All but one of 19 recent state laws excluded workers from data protections. The authors argue that employees are often left out because data protection is rooted in privacy law—an area that has historically had “limited reach” in workplaces.
The authors claim that, even if data protection laws were amended to apply to the workplace, the current regulatory model will not be adequate to protect employees. Kim and Leavitt argue that the laws were designed to protect consumers without significant relationships to the businesses they transact with.
Workers, on the other hand, have strong ties to their employers, as Kim and Leavitt identify. They argue that this difference matters for regulation: Firms have a better reason to access workers’ data because they are part of the production process, and workers are more vulnerable because they often depend on the firms for income and health care.
Kim and Leavitt provide specific examples of how the consumer model does not work in the workplace. They explain that consumer rights are individual, but workers should not always have the individual right to have their records deleted, because employers keep group level records and need complete personnel files. They point out that consumer privacy laws do not cover “de-identified” data, but employers could use anonymous aggregated worker data to surveil unionization efforts and limit workers’ rights.
The authors add that, like privacy laws, traditional labor and employment laws are insufficient to protect workers’ data interests. Kim and Leavitt argue that health and safety regulations focus on “recognized harms,” so they are too slow to address these new forms of injury. Civil rights laws covering employees are difficult to enforce, because workers cannot access necessary information to show or detect that an algorithmic model is discriminatory, they explain.
Kim and Leavitt state that the National Labor Relations Act (NLRA) may prevent employers from using data to restrict employees’ rights to organize and bargain for better working conditions. Still, the NLRA alone will not adequately protect these rights—the authors argue the statute is less impactful given the low unionization rate, and earlier efforts to address this issue through NLRA enforcement never came to fruition.
Kim and Leavitt argue that new laws must be enacted to protect workers’ collective interests in their data. A union representative, for example, should have access to collective data used by an employer to set wages, so the workers can address pay issues and know if their rights are being violated. Worker representatives, if granted access to this data, could push firms to justify the purpose and methods of their data collection. The authors argue that requiring worker involvement or bargaining around the employers’ data practices could reduce harm to workers.
Although the authors do not propose detailed models to address the gap they identify, they cite a requirement of German law that employers consult their workers about planned technological changes. Kim and Leavitt suggest that new state-level experimentation with industry-specific labor regulations may inspire policies that better address workplace data practices.
Kim and Leavitt explain that many tools can benefit workers with safety and productivity gains. If workers’ data rights are not prioritized, digital surveillance could damage working conditions and give employers too much power, they warn. The authors conclude that the law must protect workers’ collective data rights to encourage data practices that benefit both employers and their employees.
