By Jurry Bajwa, Staff Writer
Photo Courtesy of Pexels.
The COVID-19 pandemic brought about an unprecedented transformation in our work culture, catapulting remote work into the mainstream. This monumental shift has prompted a profound reevaluation of the relationship between employers and their remote workforce, with digital surveillance emerging as a pivotal issue in the virtual workplace.[1]Tattleware and bossware are common nicknames given to surveillance software that employers may install on devices to track employees’ digital activity. [2]
Electronic workplace surveillance in the United States falls under the ambit of the Electronic Communications Privacy Act (ECPA).[3] However, there are a few exceptions to the ECPA’s ban on employers purposely listening in on employee talks. If an employer has a legitimate business necessity, it may listen in on discussions owing to the “business purpose exception.” Employers may also listen in on employees with their permission under the permission exemption, possibly monitoring personal chats with consent from employees.[4] This distinction, which enables the monitoring of both business and personal communications, is essential yet frequently overlooked.[5]
Moreover, Courts have typically ruled that employees have a diminished expectation of privacy when utilizing company-provided equipment and networks. Notably, the U.S. Supreme Court solidified this perspective in City of Ontario v. Quon, establishing that employees’ privacy expectations were curtailed when using employer-provided communication devices when the employee did not have a reasonable expectation of privacy and held that a government employee’s text message search did not violate the employee’s Fourth Amendment rights.[6]
Furthermore, it’s important to consider both perspectives when examining the issue of monitoring employee productivity. Employers do have a legitimate interest in tracking their employees’ work output, but this must be balanced with safeguards for employees’ rights and privacy.[7] Emory Roane, who serves as counsel for Privacy Rights Clearing House, has highlighted the limited extent of privacy protections for employees, stating, “In general, employees have very, very, very light protections, if any.”[8] This underscores the necessity of finding a middle ground between effective monitoring and protecting against excessive surveillance.[9]
In a broad context, employers possess the capability to oversee multiple aspects of their employees’ work-related activities. This encompasses monitoring emails, gauging concentration and productivity, scrutinizing browser usage, and supervising the utilization of workplace collaboration tools.[10] Monitoring software such as Teramind, Hubstaff, and InterGuard offers the ability to gather data on actions like clicks, browser history, and the content of emails, including subject lines and attachments.[11] Moreover, platforms like Slack can provide reports on various activities, including login records.[12] Remote monitoring software extends its functionality to include the recording of video conferences. For instance, tools like Teramind have the capacity to capture both audio and video content from platforms such as Zoom, Webex, and Microsoft Teams.[13]
Additionally, the California Consumer Privacy Act (CCPA) and similar privacy laws in other states that have been based on the CCPA are set to regulate the collection and use of personal information, including that of employees.[14]These laws are in addition to the GDPR. Notably, California’s exemptions for personal information connected to business-to-business transactions and personal information related to employment have expired as of December 31, 2022, as stated in Civil Code Section 1798.145(m)-(n).[15] This change denotes that employees are now included in the scope of the privacy statute. Individuals’ rights, such as the right to access information and the right to have data deleted, pertaining to information gathered by organizations, are among the fundamental principles of the CCPA.
Similarly, New York has passed SB S2628 in a similar vein to regulate the oversight of the monitoring of employee internet usage and communications, including phone calls, text messages, and emails.[16] Regardless of size or corporate structure, this legislation is applicable to all private employers within the state. Employees must receive the proper notice, either in writing or electronically, that all phone calls, emails, and online activities may be recorded at any time using legally acceptable methods.[17]
As a final point, it’s critical to understand that the legal system must keep up with the significant changes brought on by the pandemic. More complicated and nuanced questions have emerged from what were once straightforward problems and settled cases under the ECPA (Electronic Communications Privacy Act). Issues that pose new challenges include remote work done on personal devices, roles that heavily rely on social media, and unconventional digital workspaces. Finding a balance between different interests and deciding what interests to protect become crucial in this evolving environment, particularly concerning matters of labor and employment and privacy law.
[1] https://www.today.com/news/news/can-companies-track-workers-from-home-what-to-know-rcna17316
[2] Id.
[3] https://www.shrm.org/resourcesandtools/tools-and-samples/toolkits/pages/workplaceprivacy.aspx
[4] Id.
[5] Id.
[6] https://plus.lexis.com/document/?pdmfid=1530671&crid=96e924e2-128b-4838-8558-f2d9f8f1e4d0&pddocfullpath=%2fshared%2fdocument%2fcases%2furn%3acontentItem%3a7YR6-0DX0-YB0V-90DM-00000-00&pdcontentcomponentid=6443&pdteaserkey=&pdislpamode=false&pdworkfolderlocatorid=NOT_SAVED_IN_WORKFOLDER&ecomp=n74k&earg=sr0&prid=f2b35082-5342-4075-802d-f9a178a9ac39&aci=lp&cbc=0&lnsi=6184fd78-1171-40a8-b9d5-d07d189707fe&rmflag=0&sit=null
[7] https://www.washingtonpost.com/technology/2021/08/20/work-from-home-computer-monitoring/
[8] Id.
[9] Id.
[10] Id.
[11] Id.
[12] Id.
[13] https://www.washingtonpost.com/technology/2021/08/20/work-from-home-computer-monitoring/
[14] https://www.csoonline.com/article/565923/california-consumer-privacy-act-what-you-need-to-know-to-be-compliant.html
[15] https://oag.ca.gov/privacy/ccpa
[16] https://www.hklaw.com/en/insights/publications/2022/05/new-york-law-requires-notice-of-employees-electronic-monitoring
[17] Id.