Scholars argue regulators must protect workers’ rights by recognizing their collective data interests.
Twenty-one million screenshots capturing employees’ computers—some containing their emails, passwords, and other sensitive information—were leaked to the public in a recent data breach. Whether by monitoring employees’ screen activity with automatic screenshots or tracking workers’ body movements with wearable technologies, employers are increasingly practicing digital surveillance.
Worker organizations and researchers have raised questions about how digital surveillance at work affects labor-management relations and workers’ privacy, but these novel legal issues have not been explicitly addressed in federal regulations.
In a forthcoming article, Pauline T. Kim and Rachel H. Leavitt argue that existing data protection regulations are insufficient to safeguard workers’ interests. They contend that labor laws should be updated to recognize workers’ collective interest in their data.
The authors warn that employers’ data collection and resulting algorithmic management methods could harm workers. One notable example they give is how Amazon’s time tracking and algorithmic goal setting has discouraged necessary bathroom breaks and increased rates of injury. They cite the claim by Google employees that the company installed systems on their computers that tracked calendars to “weed out” union organizing and, in doing so, threatened workers’ rights under federal law.
Kim and Leavitt explain that, since these management systems are designed for use across the whole workforce, data collection from each individual worker will affect all employees. Employees, then, have a group-based interest in how their data is collected and used.
Despite that strong collective interest, workers are not covered by most data protection laws, according to Kim and Leavitt. All but one of 19 recent state laws excluded workers from data protections. The authors argue that employees are often left out because data protection is rooted in privacy law—an area that has historically had “limited reach” in workplaces.
The authors claim that, even if data protection laws were amended to apply to the workplace, the current regulatory model will not be adequate to protect employees. Kim and Leavitt argue that the laws were designed to protect consumers without significant relationships to the businesses they transact with.
Workers, on the other hand, have strong ties to their employers, as Kim and Leavitt identify. They argue that this difference matters for regulation: Firms have a better reason to access workers’ data because they are part of the production process, and workers are more vulnerable because they often depend on the firms for income and health care.
Read More
