People

The debate over workers' electronic privacy is dying right when it’s needed most

This was supposed to be the year employees finally obtained some privacy rights. Thanks to the COVID-19 crisis, they're getting the opposite.

A person getting their temperature checked

Instead of 2020 being the year of debating employee data privacy in California, it's become the year of thermal temperature scanners, software that monitors remote workers' keystrokes and wearable devices tracking employees' locations.

Photo: Getty Images

Back in January, when California's legislative session was getting underway, Jennifer Kramer and her fellow labor attorneys at the California Employment Lawyers Association had one item on their agenda: Passing legislation that protects employee privacy.

Lawmakers in California had punted on the issue when they negotiated the sweeping California Consumer Privacy Act in 2018, largely exempting employee data from being covered under the law until 2021. This was the year that businesses, labor groups, privacy advocates and the legislature were supposed to figure out what would happen after that. If they succeeded in ironing out privacy protections for workers, they would set a new standard in the country's most populous state, which is home to many of the world's most powerful companies and the heart of the tech industry.

But the COVID-19 crisis changed everything. Instead of 2020 being the year of a robust debate about employee data privacy in California — and in America — it's become the year of thermal temperature scanners in warehouses, software that monitors remote workers' every keystroke, and wearable devices tracking employees' locations.

In the rush to keep people safe and productive in an unprecedented time, Kramer said, "Employers have sort of lost their minds."

The turnabout underscores a key distinction of electronic privacy laws that have passed in the past few years: They almost universally exclude data that employers collect on their employees. That information has proven trickier to regulate than consumer data.

But workers have been left without recourse if, say, they're automatically fired as a result of an algorithm, or if their employer tracks their menstrual cycle. Now, as even more invasive employee monitoring systems weave their way into corporate life almost overnight, some fear the debate over worker privacy is dying out at the very time it's needed most.

"We're essentially turning our employers into a form of national surveillance," said Vanessa Wu, general counsel for Rippling, which makes human resources software. "We've been seeing regulators asking employers to be the front line of doing tracing for COVID-19. I find that to be very concerning because it puts a lot of responsibility on employers, who are not health professionals, and presumes a level of data-sharing that I don't think has ever been seen before."

There are, of course, plenty of good reasons why even labor and privacy advocates say employee data shouldn't be regulated in the same manner as consumer data. Consider that under the California Consumer Privacy Act, or CCPA, consumers have the right to see all the data a business of a certain size has collected on them. In a workplace, that could expose sensitive information, such as a sexual harassment complaint against the person requesting the data.

It could also become burdensome for employers, who, on top of responding to consumer requests, could be forced to respond to workers' data requests. And that could ultimately open them up to spurious litigation, said Usama Kahf, who specializes in CCPA compliance as a partner at the Irvine-based law firm Fisher Phillips.

"The concept of giving employees the right to access, free of charge, a copy of all personal information collected about them by their employer is, just, to put it in legal terms, crazy," Kahf said.

For that reason and a slew of others, business groups fought hard to ensure that employee data would be exempted from CCPA altogether. And they might have gotten their way had labor groups like the California Employment Lawyers Association and civil liberties organizations like the ACLU and the Electronic Frontier Foundation not fought back. According to Emory Roane, policy counsel with the group Privacy Rights Clearinghouse, the two sides eventually agreed to the one-year exemption, for fear of rushing through "a weak standard."

"It's unfortunate that it wasn't hammered out," Roane said. "No one could have seen this [pandemic] coming, but this is exactly the kind of situation where it would be great to have stronger protections for employee data."

Even with the exemption, employees do have some limited rights under CCPA. Employers must disclose information they're collecting on workers in California, and if a company has a data breach that exposes employee data, those employees all have the right to sue.

"If an employer wants to turn on the panopticon software, they're going to at least have to turn on the notice," Roane said. But he argues that simply securing data, and notifying employees data is being collected, "falls far short" of the protections privacy groups want, particularly now.

Privacy and labor groups have pushed for policies that would prevent an employer from retaliating against workers who refuse to give consent to different forms of tracking. They've also advocated for concepts like data minimization to be amended into CCPA. That would require companies to limit the data they collect up front to only what's necessary to carry out consumer requests and court orders or to ensure security.

In February, a coalition of privacy groups threw support behind a bill that would have required data minimization for both consumer and employee data. But the California Assembly declined to hear the bill this year. "Allegedly, it wasn't related enough to COVID-19," said Samantha Corbin, a lobbyist for the privacy coalition.

In a statement to Protocol, California Assemblyman Ed Chau, who leads the Committee on Privacy and Consumer Protection, said he is "closely monitoring government and employer practices" with regard to COVID-19 and stands "ready to work" on crisis-related legislation. "While the current pandemic has resulted in complications to the legislative process," Chau said, "there is still some time to work on the employee data exemption from last year where stakeholders are willing to do so."

Yet many of those stakeholders, including labor unions and employment lawyers like Kramer, have had to shift their own focus to basic worker protections like unemployment insurance and paid leave. With millions of Californians out of work and millions more working at considerable risk to their health, Kramer said she and her colleagues have been in "triage" mode. "There's been a big shift in our priorities and what we can tackle," Kramer said.

Complicating matters further is a ballot initiative called the California Privacy Rights Act, or CPRA, that may be headed to a vote this November. The measure is sponsored by Alastair Mactaggart, the real estate mogul who authored a similar ballot measure in 2018 that became the basis of CCPA. This new initiative would rewrite CCPA and extend the employee data exemption for three years.

Even before the pandemic hit the United States, the possibility that the measure might pass in November had thrown a wrench into negotiations over CCPA. Mactaggart didn't respond to Protocol's request for comment. "I think there's a lot of businesses quietly sitting on their hands and hoping [voters] sign off on that initiative that will give them another three years," Corbin said.

The labor and privacy advocates who spoke to Protocol said that if CPRA somehow doesn't make it to the ballot (Mactaggart pulled his 2018 ballot initiative at the last minute), they expect the legislature to pass another extension under the wire. Otherwise, come January 2021, employees would have the same data rights as consumers do in California, a shift that voices on both sides of the issue agree could have disastrous consequences.

The advocates are not arguing that workplaces should be barred from putting in place measures to protect worker safety. Quite the opposite: They welcome safety measures, as long as there are limits in place to prevent, say, the use of location tracking technology to monitor union organizing.

Even in the state with the country's most expansive privacy law, none of those limits exists. Not only that, but the window for discussing those safeguards has, at least temporarily, closed.

For now, Kramer said, workers in California can at least take solace in the fact that the state's constitution guarantees them the right to privacy. How that right applies to the workplace during a public health emergency, though, remains unclear.

"The question," Kramer said, "is how creepy is the employer being?"

Workplace

Indeed is hiring 4,000 workers despite industry layoffs

Indeed’s new CPO, Priscilla Koranteng, spoke to Protocol about her first 100 days in the role and the changing nature of HR.

"[Y]ou are serving the people. And everything that's happening around us in the world is … impacting their professional lives."

Image: Protocol

Priscilla Koranteng's plans are ambitious. Koranteng, who was appointed chief people officer of Indeed in June, has already enhanced the company’s abortion travel policies and reinforced its goal to hire 4,000 people in 2022.

She’s joined the HR tech company in a time when many other tech companies are enacting layoffs and cutbacks, but said she sees this precarious time as an opportunity for growth companies to really get ahead. Koranteng, who comes from an HR and diversity VP role at Kellogg, is working on embedding her hybrid set of expertise in her new role at Indeed.

Keep Reading Show less
Amber Burton

Amber Burton (@amberbburton) is a reporter at Protocol. Previously, she covered personal finance and diversity in business at The Wall Street Journal. She earned an M.S. in Strategic Communications from Columbia University and B.A. in English and Journalism from Wake Forest University. She lives in North Carolina.

Every day, millions of us press the “order” button on our favorite coffee store's mobile application: Our chosen brew will be on the counter when we arrive. It’s a personalized, seamless experience that we have all come to expect. What we don’t know is what’s happening behind the scenes. The mobile application is sourcing data from a database that stores information about each customer and what their favorite coffee drinks are. It is also leveraging event-streaming data in real time to ensure the ingredients for your personal coffee are in supply at your local store.

Applications like this power our daily lives, and if they can’t access massive amounts of data stored in a database as well as stream data “in motion” instantaneously, you — and millions of customers — won’t have these in-the-moment experiences.

Keep Reading Show less
Jennifer Goforth Gregory
Jennifer Goforth Gregory has worked in the B2B technology industry for over 20 years. As a freelance writer she writes for top technology brands, including IBM, HPE, Adobe, AT&T, Verizon, Epson, Oracle, Intel and Square. She specializes in a wide range of technology, such as AI, IoT, cloud, cybersecurity, and CX. Jennifer also wrote a bestselling book The Freelance Content Marketing Writer to help other writers launch a high earning freelance business.
Climate

New Jersey could become an ocean energy hub

A first-in-the-nation bill would support wave and tidal energy as a way to meet the Garden State's climate goals.

Technological challenges mean wave and tidal power remain generally more expensive than their other renewable counterparts. But government support could help spur more innovation that brings down cost.

Photo: Jeremy Bishop via Unsplash

Move over, solar and wind. There’s a new kid on the renewable energy block: waves and tides.

Harnessing the ocean’s power is still in its early stages, but the industry is poised for a big legislative boost, with the potential for real investment down the line.

Keep Reading Show less
Lisa Martine Jenkins

Lisa Martine Jenkins is a senior reporter at Protocol covering climate. Lisa previously wrote for Morning Consult, Chemical Watch and the Associated Press. Lisa is currently based in Brooklyn, and is originally from the Bay Area. Find her on Twitter ( @l_m_j_) or reach out via email (ljenkins@protocol.com).

Entertainment

Watch 'Stranger Things,' play Neon White and more weekend recs

Don’t know what to do this weekend? We’ve got you covered.

Here are our picks for your long weekend.

Image: Annapurna Interactive; Wizard of the Coast; Netflix

Kick off your long weekend with an extra-long two-part “Stranger Things” finale; a deep dive into the deckbuilding games like Magic: The Gathering; and Neon White, which mashes up several genres, including a dating sim.

Keep Reading Show less
Nick Statt

Nick Statt is Protocol's video game reporter. Prior to joining Protocol, he was news editor at The Verge covering the gaming industry, mobile apps and antitrust out of San Francisco, in addition to managing coverage of Silicon Valley tech giants and startups. He now resides in Rochester, New York, home of the garbage plate and, completely coincidentally, the World Video Game Hall of Fame. He can be reached at nstatt@protocol.com.

Fintech

Debt fueled crypto mining’s boom — and now, its bust

Leverage helped mining operations expand as they borrowed against their hardware or the crypto it generated.

Dropping crypto prices have upended the economics of mining.

Photo: Lars Hagberg/AFP via Getty Images

As bitcoin boomed, crypto mining seemed almost like printing money. But in reality, miners have always had to juggle the cost of hardware, electricity and operations against the tokens their work yielded. Often miners held onto their crypto, betting it would appreciate, or borrowed against it to buy more mining rigs. Now all those bills are coming due: The industry has accumulated as much as $4 billion in debt, according to some estimates.

The crypto boom encouraged excess. “The approach was get rich quick, build it big, build it fast, use leverage. Do it now,” said Andrew Webber, founder and CEO at crypto mining service provider Digital Power Optimization.

Keep Reading Show less
Tomio Geron

Tomio Geron ( @tomiogeron) is a San Francisco-based reporter covering fintech. He was previously a reporter and editor at The Wall Street Journal, covering venture capital and startups. Before that, he worked as a staff writer at Forbes, covering social media and venture capital, and also edited the Midas List of top tech investors. He has also worked at newspapers covering crime, courts, health and other topics. He can be reached at tgeron@protocol.com or tgeron@protonmail.com.

Latest Stories
Bulletins