By: Vrinda Nargas and Namrata Jeph
(This post is the first of a two part series on the topic – ‘A Watchful Eye at Work: Evolving Workplaces and Emerging Employee Privacy Concerns’)
INTRODUCTION
With time, the workplace set-up is evolving, marked by rapid technological advancements which have outpaced the traditional privacy concerns. This article aims to analyse privacy concerns in ‘employment relationships’ where the primary actors are the employee, employer, and to a certain extent the state in its role as a regulator and adjudicator.[1] Owing to the intrinsic value of privacy, its analysis in the context of fast-changing workspaces is necessary. However, privacy in this discussion is pertinent to be weighted more in contextual terms than abstract formulations.
Monitoring of employee behaviour can be done for various reasons; legitimate business interest associated with productivity of the employees, legal liability concerns for actions of the employees, evaluating employees’ performance and efficiency, for the security of company data, protection of trade secrets, securing a healthy work environment by preventing racial or other forms of abuse, and because of interest in guarding the health and welfare of employees.[2] It can also serve as a tool for better decision-making. When employers and organizations have collected the data about their employees’ performance, data analytics can provide substantial insight into workplace systems and employee behavior, which in turn can be used for decisions regarding hiring, promotion-demotion, firing, changes in management, and making changes in work processes.
Employee monitoring is not a recent trend, it has long been carried out by employers for the previously stated concerns. However, it is the degree of intrusion that these monitoring techniques cause, which is relevant. Post-COVID-19, employers are looking to deploy digital technologies to track employee performance and to stimulate employer control in a conventional workplace. For instance, various workplaces have employed sophisticated software-based surveillance devices to measure things such as employee temperature, movement, the performance of bodily vitals, and social contacts with the objective of preventive care against the spread of COVID-19. While employer concern in preventing the spread of the disease is a valid concern, putting sensitive medical data in the hands of employers can have dangerous implications.
It is accepted that employers may have a legitimate interest in monitoring their employees, yet, it is often the case that such measures are implemented without providing adequate notice to or obtaining consent from employees who will be impacted, or such surveillance may not be proportionate to the objectives sought to be achieved. Therefore, upon closer scrutiny, work surveillance can signal a lack of trust between the employer and the employee, a lack of understanding of its pervasive nature and wide-reaching implications, and a failure to account for employees as important stakeholders.
The digitization of workspace in the context of the COVID-19 pandemic forced employees to take their offices home, make kitchen cabinets or dining tables the new offices to get work done, and reduce their workspace to online platforms like Zoom/WebEx, etc. This set-up has tremendously blurred the line between home and office. In these times, employees might find themselves in a situation where they can virtually never log out or switch off from the work. Before the outbreak of the COVID-19 pandemic, the segregation of workplace and home life was at least a theoretical possibility, however, post the pandemic, work from home has become the new normal for most enterprises, and this segregation is no longer possible with the home virtually transforming in the workplace. As a result of the increased reliance on digital solutions to address the issues posed by the pandemic, privacy, and digital security concerns have gained additional urgency. Privacy intrusion has multi-faceted implications and it is an ethical concern for both employees and employers in a workplace.
In this article, we shall first elaborate upon the forms and methods in which digital technology is being used to carry out remote employee surveillance and how it impacts multiple dimensions of workplace privacy such as informational privacy and autonomy privacy, followed by an analysis of the challenges posed with digital workplace privacy concerns. We delve into the various concerns that have arisen, in the backdrop of COVID-19 and remote work. Finally, we analyse the shortcomings of the legal regime governing data protection and employee privacy and conclude with our suggestions.
INTRUSIVE MONITORING TECHNOLOGIES AND ASSOCIATED PRIVACY CHALLENGES
The concept of privacy is based on the belief that all information about a person is fundamentally his own, and that he has the right to communicate or preserve it as he sees fit. The three fundamental characteristics of informational privacy, according to the Supreme Court of Canada in the case of R v. Spencer, are secrecy, control, and anonymity. Controlling the acquisition, storage, use, distribution, and dispersal of employees’ data is what information privacy includes. The most significant hazards connected with supplying information (or access) are feelings of invasion of privacy and the potential loss of control over one’s data.[3]
In Justice K.S. Puttaswamy v. Union of India, the Supreme Court observed how activities of individuals on the internet leave electronic tracks without their knowledge. The Court went on to say that these electronic recordings include powerful sources of information that reveal the type of person the user is and her interests. The Court stated that while these information silos may appear insignificant on their own when taken together, they reveal the personality’s nature: eating habits, language, health, interests, sexual preferences, friendships, attire, and political allegiance. When gathered, information paints a picture of the being: what matters and what doesn’t, what should be shown, and what should be kept hidden.
Employers make use of nuanced technologies to track employees, such as by monitoring calls, email, messages, browsing history, and even mouse-clicks and keystrokes of the employee on their official devices, or by using software that captures screenshots of the employee’s screen at regular intervals, which can virtually help build a profile of the employee being subject to surveillance. Many tools and apps are designed to run invisibly in the background, without offering any control to the employee or the choice to opt-out, in which case the employee’s informed consent would be missing, and such surveillance would be an infringement of their privacy.
Organizations have a gamut of surveillance methods available to choose from – methods like installing closed-circuit television (CCTV) cameras and thermal cameras aimed at detecting whether people are wearing masks, maintaining social distancing, monitoring employees’ body temperatures, fingerprint scanning, monitoring and restricting website visits, tracking emails, GPS surveillance or geo-fencing, RFID badges, wearable technology, facial recognition technology, and mandatory app-installations.[4] Such practices can perhaps be explained by the fast-paced nature of work today, where employers push for approaches that involve maximum productivity and efficiency and minimal downtime. There have been other instances where employers have made employees wear a fitness tracker to monitor their daily movements, heart rate, and sleep duration. Scooping of highly-sensitive health data to such an extreme extent by the employers is adding a new dimension to the employee-employer relationship, the ramifications of which are yet to be fully understood.
Various municipal corporations across the country have adopted a ‘Human Efficiency Tracking System’ (HETS), which measures the efficiency of sanitation workers on duty through a Bluetooth and GPS-enabled smartwatch tracker. The tracker is embedded with a camera and a microphone and monitors if workers are active if they are staying in their assigned area via geo-fencing, and if found negligent in their duty, they can face ramifications such as salary cuts. The system also involves cloud-based storage of data, however, there is little clarity as to data processing and security. Another concerning factor is that authorities in charge do not regard the consent of the workers as essential. The sanitation workers have voiced concerns about the lack of privacy and voluntariness in being subject to such surveillance, and the problems are further exacerbated as workers are often not adequately informed of the extent and form of surveillance carried out by such tracking devices, and fear for their continued employment if they do not adapt to the surveillance mechanisms in place. This highlights how marginalized groups and low-wage workers can especially be at risk due to such monitoring, in terms of both information privacy and job security. This also indicates that workers have little control, autonomy, and bargaining power, and in some cases, may not even have the option to seek employment elsewhere.
Another example of intrusive employee monitoring is that of the ‘MDM Shield 360’ app, which Accredited Social Health Activists (ASHA) workers were mandatorily made to download on their phones (and were even given phones with the app pre-reinstalled in some cases). The workers protested against this measure as their location could easily be traced, it was leaving them vulnerable to scrutiny and harassment, and would also prevent any attempts at unionization to protest against such measures or raise their grievances. Therefore, employee surveillance can potentially become a barrier for employees to rightfully unionize as well.
Given the existing situation, it is reasonable to conclude that employers and organizations have yet to completely comprehend the impact of workplace monitoring on vulnerable and marginalized people. It is crucial to obtain informed consent from impacted groups and individuals and ensure that they understand the nature and purpose of surveillance when surveillance/efficiency management tools are utilized by employers.
[1] J. W. Budd and D.P. Bhave, ‘The employment relationship’, A. Wilkinson et al (eds), Handbook of Human Resource Management (2010)
[2] Jeffrey M Stanton and Kathryn R Stam, The visible employee: using workplace monitoring and surveillance to protect information assets–without compromising employee privacy or trust (Information Today 2006)
[3] EF Stone and DL Stone, ‘Privacy in organizations: Theoretical issues, research findings, and protection mechanisms’ [1990] Research in Personnel and Human Resources Management 349
[4] Tomczak DL and Behrend TS, ‘Electronic Surveillance and Privacy’ in Richard N Landers (ed), The Cambridge Handbook of Technology and Employee Behavior (Cambridge University Press 2019)
(Vrinda and Namrata are law undergraduates at National Law University Jodhpur. The author(s) may be contacted via mail at vrindanargas@gmail.com and/ or namratajeph661@gmail.com)
Cite as: Vrinda Nargas and Namrata Jeph, ‘A Watchful Eye at Work: Evolving Workplaces and Emerging Employee Privacy Concerns (Part-1)’ (The RMLNLU Law Review Blog, 20 June 2022) <https://rmlnlulawreview.com/2022/06/20/employee-privacy/> date of access
The RMLNLU Law Review Blog 