yesIssie LapowskyNone
×

Get access to Protocol

I’ve already subscribed

Will be used in accordance with our Privacy Policy

People

The debate over workers' electronic privacy is dying right when it’s needed most

This was supposed to be the year employees finally obtained some privacy rights. Thanks to the COVID-19 crisis, they're getting the opposite.

A person getting their temperature checked

Instead of 2020 being the year of debating employee data privacy in California, it's become the year of thermal temperature scanners, software that monitors remote workers' keystrokes and wearable devices tracking employees' locations.

Photo: Getty Images

Back in January, when California's legislative session was getting underway, Jennifer Kramer and her fellow labor attorneys at the California Employment Lawyers Association had one item on their agenda: Passing legislation that protects employee privacy.

Lawmakers in California had punted on the issue when they negotiated the sweeping California Consumer Privacy Act in 2018, largely exempting employee data from being covered under the law until 2021. This was the year that businesses, labor groups, privacy advocates and the legislature were supposed to figure out what would happen after that. If they succeeded in ironing out privacy protections for workers, they would set a new standard in the country's most populous state, which is home to many of the world's most powerful companies and the heart of the tech industry.

But the COVID-19 crisis changed everything. Instead of 2020 being the year of a robust debate about employee data privacy in California — and in America — it's become the year of thermal temperature scanners in warehouses, software that monitors remote workers' every keystroke, and wearable devices tracking employees' locations.

In the rush to keep people safe and productive in an unprecedented time, Kramer said, "Employers have sort of lost their minds."

The turnabout underscores a key distinction of electronic privacy laws that have passed in the past few years: They almost universally exclude data that employers collect on their employees. That information has proven trickier to regulate than consumer data.

But workers have been left without recourse if, say, they're automatically fired as a result of an algorithm, or if their employer tracks their menstrual cycle. Now, as even more invasive employee monitoring systems weave their way into corporate life almost overnight, some fear the debate over worker privacy is dying out at the very time it's needed most.

"We're essentially turning our employers into a form of national surveillance," said Vanessa Wu, general counsel for Rippling, which makes human resources software. "We've been seeing regulators asking employers to be the front line of doing tracing for COVID-19. I find that to be very concerning because it puts a lot of responsibility on employers, who are not health professionals, and presumes a level of data-sharing that I don't think has ever been seen before."

There are, of course, plenty of good reasons why even labor and privacy advocates say employee data shouldn't be regulated in the same manner as consumer data. Consider that under the California Consumer Privacy Act, or CCPA, consumers have the right to see all the data a business of a certain size has collected on them. In a workplace, that could expose sensitive information, such as a sexual harassment complaint against the person requesting the data.

It could also become burdensome for employers, who, on top of responding to consumer requests, could be forced to respond to workers' data requests. And that could ultimately open them up to spurious litigation, said Usama Kahf, who specializes in CCPA compliance as a partner at the Irvine-based law firm Fisher Phillips.

"The concept of giving employees the right to access, free of charge, a copy of all personal information collected about them by their employer is, just, to put it in legal terms, crazy," Kahf said.

For that reason and a slew of others, business groups fought hard to ensure that employee data would be exempted from CCPA altogether. And they might have gotten their way had labor groups like the California Employment Lawyers Association and civil liberties organizations like the ACLU and the Electronic Frontier Foundation not fought back. According to Emory Roane, policy counsel with the group Privacy Rights Clearinghouse, the two sides eventually agreed to the one-year exemption, for fear of rushing through "a weak standard."

"It's unfortunate that it wasn't hammered out," Roane said. "No one could have seen this [pandemic] coming, but this is exactly the kind of situation where it would be great to have stronger protections for employee data."

Even with the exemption, employees do have some limited rights under CCPA. Employers must disclose information they're collecting on workers in California, and if a company has a data breach that exposes employee data, those employees all have the right to sue.

"If an employer wants to turn on the panopticon software, they're going to at least have to turn on the notice," Roane said. But he argues that simply securing data, and notifying employees data is being collected, "falls far short" of the protections privacy groups want, particularly now.

Privacy and labor groups have pushed for policies that would prevent an employer from retaliating against workers who refuse to give consent to different forms of tracking. They've also advocated for concepts like data minimization to be amended into CCPA. That would require companies to limit the data they collect up front to only what's necessary to carry out consumer requests and court orders or to ensure security.

In February, a coalition of privacy groups threw support behind a bill that would have required data minimization for both consumer and employee data. But the California Assembly declined to hear the bill this year. "Allegedly, it wasn't related enough to COVID-19," said Samantha Corbin, a lobbyist for the privacy coalition.

In a statement to Protocol, California Assemblyman Ed Chau, who leads the Committee on Privacy and Consumer Protection, said he is "closely monitoring government and employer practices" with regard to COVID-19 and stands "ready to work" on crisis-related legislation. "While the current pandemic has resulted in complications to the legislative process," Chau said, "there is still some time to work on the employee data exemption from last year where stakeholders are willing to do so."

Yet many of those stakeholders, including labor unions and employment lawyers like Kramer, have had to shift their own focus to basic worker protections like unemployment insurance and paid leave. With millions of Californians out of work and millions more working at considerable risk to their health, Kramer said she and her colleagues have been in "triage" mode. "There's been a big shift in our priorities and what we can tackle," Kramer said.

Complicating matters further is a ballot initiative called the California Privacy Rights Act, or CPRA, that may be headed to a vote this November. The measure is sponsored by Alastair Mactaggart, the real estate mogul who authored a similar ballot measure in 2018 that became the basis of CCPA. This new initiative would rewrite CCPA and extend the employee data exemption for three years.

Even before the pandemic hit the United States, the possibility that the measure might pass in November had thrown a wrench into negotiations over CCPA. Mactaggart didn't respond to Protocol's request for comment. "I think there's a lot of businesses quietly sitting on their hands and hoping [voters] sign off on that initiative that will give them another three years," Corbin said.

The labor and privacy advocates who spoke to Protocol said that if CPRA somehow doesn't make it to the ballot (Mactaggart pulled his 2018 ballot initiative at the last minute), they expect the legislature to pass another extension under the wire. Otherwise, come January 2021, employees would have the same data rights as consumers do in California, a shift that voices on both sides of the issue agree could have disastrous consequences.

The advocates are not arguing that workplaces should be barred from putting in place measures to protect worker safety. Quite the opposite: They welcome safety measures, as long as there are limits in place to prevent, say, the use of location tracking technology to monitor union organizing.

Even in the state with the country's most expansive privacy law, none of those limits exists. Not only that, but the window for discussing those safeguards has, at least temporarily, closed.

For now, Kramer said, workers in California can at least take solace in the fact that the state's constitution guarantees them the right to privacy. How that right applies to the workplace during a public health emergency, though, remains unclear.

"The question," Kramer said, "is how creepy is the employer being?"

People

Expensify CEO David Barrett: ‘Most CEOs are not bad people, they're just cowards’

"Remember that one time when we almost had civil war? What did you do about it?"

Expensify CEO David Barrett has thoughts on what it means for tech CEOs to claim they act apolitically.

Photo: Expensify

The Trump presidency ends tomorrow. It's a political change in which Expensify founder and CEO David Barrett played a brief, but explosive role.

Barrett became famous last fall — or infamous, depending on whom you ask — for sending an email to the fintech startup's clients, urging them to reject Trump and support President-elect Joe Biden.

Keep Reading Show less
Benjamin Pimentel

Benjamin Pimentel ( @benpimentel) covers fintech from San Francisco. He has reported on many of the biggest tech stories over the past 20 years for the San Francisco Chronicle, Dow Jones MarketWatch and Business Insider, from the dot-com crash, the rise of cloud computing, social networking and AI to the impact of the Great Recession and the COVID crisis on Silicon Valley and beyond. He can be reached at bpimentel@protocol.com or via Signal at (510)731-8429.

People

Amazon’s head of Alexa Trust on how Big Tech should talk about data

Anne Toth, Amazon's director of Alexa Trust, explains what it takes to get people to feel comfortable using your product — and why that is work worth doing.

Anne Toth, Amazon's director of Alexa Trust, has been working on tech privacy for decades.

Photo: Amazon

Anne Toth has had a long career in the tech industry, thinking about privacy and security at companies like Yahoo, Google and Slack, working with the World Economic Forum and advising companies around Silicon Valley.

Last August she took on a new job as the director of Alexa Trust, leading a big team tackling a big question: How do you make people feel good using a product like Alexa, which is designed to be deeply ingrained in their lives? "Alexa in your home is probably the closest sort of consumer experience or manifestation of AI in your life," she said. That comes with data questions, privacy questions, ethical questions and lots more.

Keep Reading Show less
David Pierce

David Pierce ( @pierce) is Protocol's editor at large. Prior to joining Protocol, he was a columnist at The Wall Street Journal, a senior writer with Wired, and deputy editor at The Verge. He owns all the phones.

Politics

In 2020, COVID-19 derailed the privacy debate

From biometric monitoring to unregulated contact tracing, the crisis opened up new privacy vulnerabilities that regulators did little to address.

Albert Fox Cahn, executive director of the Surveillance Technology Oversight Project, says the COVID-19 pandemic has become a "cash grab" for surveillance tech companies.

Photo: Lianhao Qu/Unsplash

As the coronavirus began its inexorable spread across the United States last spring, Adam Schwartz, senior staff attorney at the Electronic Frontier Foundation, worried the virus would bring with it another scourge: mass surveillance.

"A lot of really bad ideas were being advanced here in the U.S. and a lot of really bad ideas were being actually implemented in foreign countries," Schwartz said.

Keep Reading Show less
Issie Lapowsky
Issie Lapowsky (@issielapowsky) is a senior reporter at Protocol, covering the intersection of technology, politics, and national affairs. Previously, she was a senior writer at Wired, where she covered the 2016 election and the Facebook beat in its aftermath. Prior to that, Issie worked as a staff writer for Inc. magazine, writing about small business and entrepreneurship. She has also worked as an on-air contributor for CBS News and taught a graduate-level course at New York University’s Center for Publishing on how tech giants have affected publishing. Email Issie.
People

The year our personal lives took center stage at work

2020's blurring of professional and personal boundaries exacerbated disparities, humanized leaders and put personal values front and center.

In 2020, the personal and the professional became inextricable at work.

Photo: Tom Werner/Getty Images

For those of us lucky enough to keep our jobs and privileged enough to be able to work from home, our whole selves were bared at work this year. Our homes and faces were blown up for virtual inspection. Our children's demands and crises filled our working hours, and our working mothers became schoolteachers and housewives, whether they wanted to or not. Our illnesses became vital public information, and our tragedies shared. Our work lives ate into our social lives until there was no boundary between them.

In 2020, the personal and the professional became inextricable at work. Remote work might be the most sexy 2020 trend, but for the CEOs and leaders I spoke with, the de-professionalization of work could be the most important effect on a personal level. It's the one that has caused the most harm to women in the workplace and destroyed work-life balance for basically everyone. It's also what has contributed to the majority of work-from-home Americans being more satisfied with their work lives than they were before, mostly because they feel more connected to their families, they're able to set their own schedules and they're more comfortable at home, according to a Morning Consult poll. While we can't know exactly how many and who will be going back to the office just yet, as long as there is some kind of flexible work schedule, people's personal lives will be part of their work lives and vice versa.

Keep Reading Show less
Anna Kramer

Anna Kramer is a reporter at Protocol (@ anna_c_kramer), where she helps write and produce Source Code, Protocol's daily newsletter. Prior to joining the team, she covered tech and small business for the San Francisco Chronicle and privacy for Bloomberg Law. She is a recent graduate of Brown University, where she studied International Relations and Arabic and wrote her senior thesis about surveillance tools and technological development in the Middle East.

Protocol | Enterprise

How Christian Klein’s reboot of SAP’s strategy is working out

The pandemic wasn't kind to the company. But the way it's working with the major COVID-19 vaccine makers is a model for what comes next.

Christian Klein became SAP's sole CEO in April.

Photo: Picture Alliance/Getty Images

Christian Klein took over as SAP's sole CEO in April. It wasn't an ideal time to take the helm of an organization that sells expensive enterprise software.

As the spread of COVID-19 forced corporations everywhere to cut costs, one of the first places they looked was IT budgets. Specifically, companies around the world trimmed spending on back-end products, such as those offered by SAP, many of which still run via on-premise data centers.

Keep Reading Show less
Joe Williams

Joe Williams is a senior reporter at Protocol covering enterprise software, including industry giants like Salesforce, Microsoft, IBM and Oracle. He previously covered emerging technology for Business Insider. Joe can be reached at JWilliams@Protocol.com. To share information confidentially, he can also be contacted on a non-work device via Signal (+1-309-265-6120) or JPW53189@protonmail.com.

Latest Stories