People

The debate over workers' electronic privacy is dying right when it’s needed most

This was supposed to be the year employees finally obtained some privacy rights. Thanks to the COVID-19 crisis, they're getting the opposite.

A person getting their temperature checked

Instead of 2020 being the year of debating employee data privacy in California, it's become the year of thermal temperature scanners, software that monitors remote workers' keystrokes and wearable devices tracking employees' locations.

Photo: Getty Images

Back in January, when California's legislative session was getting underway, Jennifer Kramer and her fellow labor attorneys at the California Employment Lawyers Association had one item on their agenda: Passing legislation that protects employee privacy.

Lawmakers in California had punted on the issue when they negotiated the sweeping California Consumer Privacy Act in 2018, largely exempting employee data from being covered under the law until 2021. This was the year that businesses, labor groups, privacy advocates and the legislature were supposed to figure out what would happen after that. If they succeeded in ironing out privacy protections for workers, they would set a new standard in the country's most populous state, which is home to many of the world's most powerful companies and the heart of the tech industry.

But the COVID-19 crisis changed everything. Instead of 2020 being the year of a robust debate about employee data privacy in California — and in America — it's become the year of thermal temperature scanners in warehouses, software that monitors remote workers' every keystroke, and wearable devices tracking employees' locations.

In the rush to keep people safe and productive in an unprecedented time, Kramer said, "Employers have sort of lost their minds."

The turnabout underscores a key distinction of electronic privacy laws that have passed in the past few years: They almost universally exclude data that employers collect on their employees. That information has proven trickier to regulate than consumer data.

But workers have been left without recourse if, say, they're automatically fired as a result of an algorithm, or if their employer tracks their menstrual cycle. Now, as even more invasive employee monitoring systems weave their way into corporate life almost overnight, some fear the debate over worker privacy is dying out at the very time it's needed most.

"We're essentially turning our employers into a form of national surveillance," said Vanessa Wu, general counsel for Rippling, which makes human resources software. "We've been seeing regulators asking employers to be the front line of doing tracing for COVID-19. I find that to be very concerning because it puts a lot of responsibility on employers, who are not health professionals, and presumes a level of data-sharing that I don't think has ever been seen before."

There are, of course, plenty of good reasons why even labor and privacy advocates say employee data shouldn't be regulated in the same manner as consumer data. Consider that under the California Consumer Privacy Act, or CCPA, consumers have the right to see all the data a business of a certain size has collected on them. In a workplace, that could expose sensitive information, such as a sexual harassment complaint against the person requesting the data.

It could also become burdensome for employers, who, on top of responding to consumer requests, could be forced to respond to workers' data requests. And that could ultimately open them up to spurious litigation, said Usama Kahf, who specializes in CCPA compliance as a partner at the Irvine-based law firm Fisher Phillips.

"The concept of giving employees the right to access, free of charge, a copy of all personal information collected about them by their employer is, just, to put it in legal terms, crazy," Kahf said.

For that reason and a slew of others, business groups fought hard to ensure that employee data would be exempted from CCPA altogether. And they might have gotten their way had labor groups like the California Employment Lawyers Association and civil liberties organizations like the ACLU and the Electronic Frontier Foundation not fought back. According to Emory Roane, policy counsel with the group Privacy Rights Clearinghouse, the two sides eventually agreed to the one-year exemption, for fear of rushing through "a weak standard."

"It's unfortunate that it wasn't hammered out," Roane said. "No one could have seen this [pandemic] coming, but this is exactly the kind of situation where it would be great to have stronger protections for employee data."

Even with the exemption, employees do have some limited rights under CCPA. Employers must disclose information they're collecting on workers in California, and if a company has a data breach that exposes employee data, those employees all have the right to sue.

"If an employer wants to turn on the panopticon software, they're going to at least have to turn on the notice," Roane said. But he argues that simply securing data, and notifying employees data is being collected, "falls far short" of the protections privacy groups want, particularly now.

Privacy and labor groups have pushed for policies that would prevent an employer from retaliating against workers who refuse to give consent to different forms of tracking. They've also advocated for concepts like data minimization to be amended into CCPA. That would require companies to limit the data they collect up front to only what's necessary to carry out consumer requests and court orders or to ensure security.

In February, a coalition of privacy groups threw support behind a bill that would have required data minimization for both consumer and employee data. But the California Assembly declined to hear the bill this year. "Allegedly, it wasn't related enough to COVID-19," said Samantha Corbin, a lobbyist for the privacy coalition.

In a statement to Protocol, California Assemblyman Ed Chau, who leads the Committee on Privacy and Consumer Protection, said he is "closely monitoring government and employer practices" with regard to COVID-19 and stands "ready to work" on crisis-related legislation. "While the current pandemic has resulted in complications to the legislative process," Chau said, "there is still some time to work on the employee data exemption from last year where stakeholders are willing to do so."

Yet many of those stakeholders, including labor unions and employment lawyers like Kramer, have had to shift their own focus to basic worker protections like unemployment insurance and paid leave. With millions of Californians out of work and millions more working at considerable risk to their health, Kramer said she and her colleagues have been in "triage" mode. "There's been a big shift in our priorities and what we can tackle," Kramer said.

Complicating matters further is a ballot initiative called the California Privacy Rights Act, or CPRA, that may be headed to a vote this November. The measure is sponsored by Alastair Mactaggart, the real estate mogul who authored a similar ballot measure in 2018 that became the basis of CCPA. This new initiative would rewrite CCPA and extend the employee data exemption for three years.

Even before the pandemic hit the United States, the possibility that the measure might pass in November had thrown a wrench into negotiations over CCPA. Mactaggart didn't respond to Protocol's request for comment. "I think there's a lot of businesses quietly sitting on their hands and hoping [voters] sign off on that initiative that will give them another three years," Corbin said.

The labor and privacy advocates who spoke to Protocol said that if CPRA somehow doesn't make it to the ballot (Mactaggart pulled his 2018 ballot initiative at the last minute), they expect the legislature to pass another extension under the wire. Otherwise, come January 2021, employees would have the same data rights as consumers do in California, a shift that voices on both sides of the issue agree could have disastrous consequences.

The advocates are not arguing that workplaces should be barred from putting in place measures to protect worker safety. Quite the opposite: They welcome safety measures, as long as there are limits in place to prevent, say, the use of location tracking technology to monitor union organizing.

Even in the state with the country's most expansive privacy law, none of those limits exists. Not only that, but the window for discussing those safeguards has, at least temporarily, closed.

For now, Kramer said, workers in California can at least take solace in the fact that the state's constitution guarantees them the right to privacy. How that right applies to the workplace during a public health emergency, though, remains unclear.

"The question," Kramer said, "is how creepy is the employer being?"

Enterprise

Why software releases should be quick but 'palatable and realistic'

Modern software developers release updates much more quickly than in the past, which is great for security and adding new capabilities. But Edith Harbaugh thinks business leaders need a little control of that schedule.

LaunchDarkly was founded in 2014 to help companies manage the software release cycle.

Photo: LaunchDarkly

Gone are the days of quarterly or monthly software update release cycles; today’s software development organizations release updates and fixes on a much more frequent basis. Edith Harbaugh just wants to give business leaders a modicum of control over the process.

The CEO of LaunchDarkly, which was founded in 2014 to help companies manage the software release cycle, is trying to reach customers who want to move fast but understand that moving fast and breaking things won’t work for them. Companies that specialize in continuous integration and continuous delivery services have thrived over the last few years as customers look for help shipping at speed, and LaunchDarkly extends those capabilities to smaller features of existing software.

Keep Reading Show less
Tom Krazit

Tom Krazit ( @tomkrazit) is Protocol's enterprise editor, covering cloud computing and enterprise technology out of the Pacific Northwest. He has written and edited stories about the technology industry for almost two decades for publications such as IDG, CNET, paidContent, and GeekWire, and served as executive editor of Gigaom and Structure.

COVID-19 accelerated what many CEOs and CTOs have struggled to do for the past decade: It forced organizations to be agile and adjust quickly to change. For all the talk about digital transformation over the past decade, when push came to shove, many organizations realized they had made far less progress than they thought.

Now with the genie of rapid change out of the bottle, we will never go back to accepting slow and steady progress from our organizations. To survive and thrive in times of disruption, you need to build a resilient, adaptable business with systems and processes that will keep you nimble for years to come. An essential part of business agility is responding to change by quickly developing new applications and adapting old ones. IT faces an unprecedented demand for new applications. According to IDC, by 2023, more than 500 million digital applications and services will be developed and deployed — the same number of apps that were developed in the last 40 years.[1]

Keep Reading Show less
Denise Broady, CMO, Appian
Denise oversees the Marketing and Communications organization where she is responsible for accelerating the marketing strategy and brand recognition across the globe. Denise has over 24+ years of experience as a change agent scaling businesses from startups, turnarounds and complex software companies. Prior to Appian, Denise worked at SAP, WorkForce Software, TopTier and Clarkston Group. She is also a two-time published author of “GRC for Dummies” and “Driven to Perform.” Denise holds a double degree in marketing and production and operations from Virginia Tech.
Workplace

Building an antiracist company: From idea to practice

Twilio’s chief diversity officer says it’s time for a new approach to DEI.

“The most impactful way to prioritize DEI and enable antiracism is to structure your company accordingly,” says Lybra Clemons, chief diversity officer at Twilio.

Photo: Twilio

Lybra Clemons is responsible for guiding and scaling inclusion strategy and diversity initiatives at Twilio.

I’ve been in the corporate diversity, equity and inclusion space for over 15 years. In that time, I’ve seen the field evolve slowly from a “nice-to-have” function of Human Resources to a rising company-wide priority. June 2020 was different. Suddenly my and my peers’ phones started ringing off the hook and DEI leaders became the most sought-after professionals. With so many DEI roles being created and corporate willingness to invest, for a split second it looked like there might be real change on the horizon.

Keep Reading Show less
Lybra Clemons
Lybra S. Clemons is a seasoned C-suite executive with over 15 years of Human Resources, Talent and Diversity & Inclusion experience at Fortune 500 companies. She is responsible for guiding and scaling inclusion strategy and diversity initiatives across Twilio's global workforce. Prior to Twilio, Lybra was global head of Diversity & Inclusion at PayPal, where she managed and oversaw all global diversity initiatives. Lybra has held critical roles in Diversity & Inclusion with Morgan Stanley, The Brunswick Group and American Express. She serves on the board of directors of Makers and How Women Lead Silicon Valley Executive Board of Advisers, and has been recognized by Black Enterprise as one of the Top Corporate Women in Diversity.
Boost 2

Can Matt Mullenweg save the internet?

He's turning Automattic into a different kind of tech giant. But can he take on the trillion-dollar walled gardens and give the internet back to the people?

Matt Mullenweg, CEO of Automattic and founder of WordPress, poses for Protocol at his home in Houston, Texas.
Photo: Arturo Olmos for Protocol

In the early days of the pandemic, Matt Mullenweg didn't move to a compound in Hawaii, bug out to a bunker in New Zealand or head to Miami and start shilling for crypto. No, in the early days of the pandemic, Mullenweg bought an RV. He drove it all over the country, bouncing between Houston and San Francisco and Jackson Hole with plenty of stops in national parks. In between, he started doing some tinkering.

The tinkering is a part-time gig: Most of Mullenweg’s time is spent as CEO of Automattic, one of the web’s largest platforms. It’s best known as the company that runs WordPress.com, the hosted version of the blogging platform that powers about 43% of the websites on the internet. Since WordPress is open-source software, no company technically owns it, but Automattic provides tools and services and oversees most of the WordPress-powered internet. It’s also the owner of the booming ecommerce platform WooCommerce, Day One, the analytics tool Parse.ly and the podcast app Pocket Casts. Oh, and Tumblr. And Simplenote. And many others. That makes Mullenweg one of the most powerful CEOs in tech, and one of the most important voices in the debate over the future of the internet.

Keep Reading Show less
David Pierce

David Pierce ( @pierce) is Protocol's editorial director. Prior to joining Protocol, he was a columnist at The Wall Street Journal, a senior writer with Wired, and deputy editor at The Verge. He owns all the phones.

China

Why China is outselling the US in EVs 5 to 1

Electric cars made up 14.8% of Chinese car sales in 2021, compared with 4.1% in the U.S.

Passenger EV sales in China in 2021 jumped 169.1% to nearly 3.3 million from a year ago.

Photo: VCG/VCG via Getty Images

When Tesla entered China in 2014, the country’s EV market was going through a reset. The Austin, Texas-based automaker created a catfish effect — a strong competitor that compels weaker peers to up their game — in China’s EV market for the past few years. Now, Tesla’s sardine-sized Chinese competitors have grown into big fishes in the tank, gradually weakening Tesla’s own prominence in the field.

2021 was a banner year for China’s EV industry. The latest data from the China Passenger Car Association shows that total passenger EV sales in China in 2021 jumped 169.1% from a year ago to nearly 2.99 million: about half of all EVs sold globally. Out of every 100 passenger cars sold in China last year, almost 15 were so-called "new energy vehicles" (NEVs) — a mix of battery-electric vehicles and hybrids.

Keep Reading Show less
Shen Lu

Shen Lu covers China's tech industry.

SKOREA-ENTERTAINMENT-GAMING-MICROSOFT-XBOX
A visitor plays a game using Microsoft's Xbox controller at a flagship store of SK Telecom in Seoul on November 10, 2020. (Photo by Jung Yeon-je / AFP) (Photo by JUNG YEON-JE/AFP via Getty Images)

On this episode of the Source Code podcast: Nick Statt joins the show to discuss Microsoft’s $68.7 billion acquisition of Activision Blizzard, and what it means for the tech and game industries. Then, Issie Lapowsky talks about a big week in antitrust reform, and whether real progress is being made in the U.S. Finally, Hirsh Chitkara explains why AT&T, Verizon, the FAA and airlines have been fighting for months about 5G coverage.

For more on the topics in this episode:

Keep Reading Show less
David Pierce

David Pierce ( @pierce) is Protocol's editorial director. Prior to joining Protocol, he was a columnist at The Wall Street Journal, a senior writer with Wired, and deputy editor at The Verge. He owns all the phones.

Latest Stories
Bulletins