- Shivangi Mishra

Introduction

Privacy in the workplace has been a contested sphere for many years with claims against monitoring and surveillance being first made as long as half a century ago. However, the privacy and technology rights of workers or employees are often marginalized in discussions on the various facets of privacy. Lilian Edwards and others term employee surveillance as the,

“Cinderella sister of surveillance studies: neither as outright shocking to citizens as state surveillance in the post Snowden era, nor as ubiquitously discussed as consumer targeting and profiling in the “surveillance capitalism” ecology of social media, search and e-commerce platforms like Google, Facebook, Amazon.”[1]

In such a scenario, the infringement of privacy and technology rights of workers is normalised and invisibilized, and often taken for granted under the garb of ‘necessary’ for employee management.[2]

This piece is an attempt to emphatically extend a discussion of privacy and technology rights into the workplace. It also aims to explicitly confront the fundamental imbalance in bargaining power and the pervading information asymmetries between the employers and the employees. The facet of privacy harm explored is ‘surveillance’, which is not just specific to technologies of modern day but has been a concern in the employment industry for several decades.[3] Further, the discussion on employee surveillance finds an increasing relevance in the COVID era,[4] with the workforce transitioning to ‘work from home’, leading to the deployment of new monitoring technologies.

The author argues for a new set of labour standards that clearly delineate workers’ rights and employers’ responsibilities in the workplace and this must go beyond a substantive individual right to privacy and establish a procedural model of obligations upon the employer. In pursuance of this claim, the author argues for a de-normalisation of the idea of surveillance and monitoring in the workplace by viewing surveillance as a socio-technical system,[5] operating in the broader context of precarious working conditions of employees. This requires a departure from the neoliberal idea of enhanced ‘worker productivity’ and its purported link with surveillance mechanisms. It further demands the democratisation of labour and the need to break free from the utilitarian idea of privacy[6] that leads to the commodification of labour.

In furtherance of the above arguments, this piece is divided into three parts. The first part discusses the modes of surveillance employed and the consequent harms and infringements upon workers’ rights. This section enables us to understand the problems plaguing the labour rights sphere. The second part traces the landmark legislative developments across the globe and judicial responses to these harms to argue for the adoption of the proportionality standard in the rights’ infringement of employees. It further contrasts the specific provisions on employee data under the Data Protection Bill 2021 introduced in India with those under the General Data Protection Regulation (GDPR) to contest the efficacy of the Indian Bill in protecting workers’ rights. The third part makes reference to particular developments in the current Indian context, where technology is being used for employee surveillance to emphasise the urgent need for a state, civil society and judicial response. It concludes by recommending certain core practices for a new set of labour standards beyond the recognition of the substantive individual right to privacy.

Part I: Modes of Surveillance and infringement of Worker’s Rights

This part, first, delineates the modes of workplace surveillance that have been prevalent for decades and then, goes on to analyse the various harms to the employees and the looming threat to fundamental labour rights.

1. Employee Monitoring and the History of Workplace Surveillance

Edwards, Martn, and others present a very interesting analysis when they study the history of workplace surveillance across the last century.[7] Drawing upon their five-phase model of surveillance, it is argued that, over the years, surveillance as a means of monitoring the employee has been normalised in the workplace.

In the early 20th century, the physical architecture of workplaces was built like the panopticon model of Bentham and extensive monitoring was used as a means of control in the factories. The physical architecture design of employee surveillance in the latter part of the 20th century was provided impetus by the evolution of the management theory, which argued that an enhanced level of control increased the productivity and efficiency of the workforce. This accelerated the deployment of surveillance technologies to micromanage not just ‘what’ was to be done by the employee but also ‘how’ it was to be done. Consequently, a host of information on employees’ activities was curated, which led to an accumulation of databases.[8]

Soon, the internet took over and devices used by workers at the workplace could easily be tracked for emails sent and sites visited etc. Currently, we live in an age where technologies are being designed specifically to monitor employees and CCTVs are by default installed at workplaces under the pretext of ‘necessity’. Beyond tracking emails and communications, there is real-time tracking of employee behaviour which gives employers an insight into the physical, biological, psychological, and emotional characteristics of employees. In such a manner, there is a complete loss of the various facets of privacy, including bodily privacy.[9] What is even more concerning is that the vast amount of data generated and collected over the years is now being fed into machine learning algorithms that are being used for hiring, firing, and internal promotion or disciplining.[10]

The history of modes of surveillance suggests the neoliberal world’s obsession with ‘efficiency’ and ‘productivity’ that has resulted in the commodification of labour as a tool for workplace management.[11] The deeply embedded nature of employee surveillance has resulted in its normalisation. In the evolution of workplace surveillance, the heightened intrusive nature of next-generation technologies is often grounded in the faulty link between ‘productivity’ and ‘monitoring’. In this background, the next section discusses the multi-dimensional harms that arise from the pervasive use of technology for employee surveillance.

2. Multi-dimensional harms to workers

It has been well documented that the use of surveillance technologies in the workplace has resulted in discrimination against groups having protected characteristics.[12] Further, intensively intrusive technology that gathers data on the personal lives of workers results in the complete loss of privacy of workers. Further, when intrusive technology is used to monitor and micromanage routine activities of workers resulting in excessive intrusion, it may amount to the dehumanisation of labour and loss of autonomy and dignity.[13]

However, beyond discrimination, privacy and dignity concerns which are specific to individuals, current and next generation of surveillance technology guised as productivity tools will necessarily undermine the attempts of workers to organize. Worker organization groups and trade unions form the fundamental guarantee of labour rights that seek to address the inequality of power between the employer-employee. Any attack on the right of workers to organize should therefore be viewed as an impending and looming threat to labour rights and consequently, the foundation of labour law itself.

A recent report suggests that new tools and applications are being deployed to suppress worker unionisation.[14] For instance, an extract from the report discussing a tool deployed by 30% of Fortune 100 companies including Amazon suggests that “Perceptyx periodically polls workers about their work satisfaction. It then utilizes a “union vulnerability index” to compare responses against a data set of 12 million survey responses from other clients to predict the likelihood that a worker in a given firm may seek to unionize.”

Further, it has also been reported that Amazon was “using geospatial Operating Console to analyse and visualize public data on unions and the data was grouped into the following categories- ‘Whole Foods Market activism/unionization efforts’, ‘Union grant money flow patterns’, ‘presence of local unions’ etc”.[15]

The above examples are only a few instances of technology being used to suppress and oppress labour rights. It suggests how the inherent power imbalance in the employer-employee relationship is, in fact, multiplied by the use of technology and the information asymmetry that comes with it.

Part II: Global Legislative Developments and Judicial Responses

In Part I, the author discussed the modes of surveillance and the subsequent harms, violations of workers’ technology, and privacy rights. Having analysed the problems plaguing the industry, Part II of this paper seeks to uncover the landmark legislative developments and judicial responses across jurisdictions in this regard.

As long ago as 1997, the International Labour Organization (‘ILO’) released an ILO code of practice on the protection of workers’ personal data. It is, admittedly, noteworthy that even twenty-five years ago, the ILO code was forward-looking in that it not just provided workers with individual rights but also collective rights to be consulted about the introduction of any automated systems intended to process personal data or to be consulted before the introduction of any employee-monitoring mechanisms. However, unfortunately, as ‘default’ monitoring systems became the norm, these principles took a back seat and did not translate into practice.[16]

Besides the ILO, Article 8 of the European Convention on Human Rights (‘ECHR’) seeks to protect the right to privacy of individuals. ECHR has, also, adjudicated several cases on an employee’s right to privacy under this provision.

The employee’s right to privacy was first recognized by the ECHR in the 90s. In Niemietz v Germany,[17] the ECHR extended the application of Article 8 to work-related issues. This was reaffirmed by the court in Halford v UK,[18] where the court held that the notions of private life would be applicable in the workplace as well. In 2016, the Court in Barbulescu v Romania[19] laid down the extent of intrusion permissible. It mandated the States to draw up an adequate framework incorporating privacy principles in the deployment of surveillance technology at the workplace and required national courts to balance the employee’s privacy rights against the employer’s interests. While the balancing approach of the Court attached some importance to an employee’s right to privacy, it weighed it against the employer’s interests on a utilitarian scale. This approach reinforces the ‘greater productivity and efficiency through monitoring’ narrative that swallows the employee’s right to privacy at the cost of employer’s efficiency interests and therefore, must be discarded.

More recently, in 2019, the ECHR in the Lopez Ribalda and Others v Spain [20] laid down the necessity and proportionality requirement for the use of hidden CCTV cameras at the workplace. The proportionality test departs from a utilitarian approach and moves towards a justificatory standard for rights’ infringement. Today, the proportionality standard is widely recognized across jurisdictions. Particularly, in the labour rights sphere, it helps break away from the commodification of labour by dismantling the utilitarian scale and placing the justificatory burden on the employer.

1. Data Privacy Laws: GDPR and the Indian Data Protection Bill

The technology, privacy, and data protection rights of employees in the EU are largely governed by the General Data Protection Regulation (‘GDPR’).[21] In India, the privacy law framework is at a rather inchoate stage. The substantive individual right to privacy has been recognized as a fundamental right as late as 2017 in the Puttaswamy (I) judgement.[22] Following which, data protection bills have been presented before the Parliament, however, it has been close to five years and we still do not have an enacted law in place. Given, that the Data Protection Bill 2021[23] (‘Indian Bill’) is being considered before the Joint Parliamentary Committee, it may be relevant to look at some of the provisions concerning employee privacy.

It is argued that Chapter III of the Indian Bill dilutes the personal data protection accorded to the employees as data principals under Chapter II of the Indian Bill. Chapter II of the Indian Bill requires the data fiduciary (here, the employer) to take free, informed, specific, and clear consent from the data principal (here, the employee) before processing the personal data. However, section 13 under Chapter III provides grounds on which sensitive personal data can be processed without consent.[24]

It is important to contrast this provision with the GDPR to demonstrate how it dilutes the data protection rights of the employees. Under GDPR, employers are entitled to monitor employee activity if they have a lawful basis[25] for doing so and the purpose of their monitoring is clearly communicated to employees in advance. Due to the power dynamics, consent is no longer a valid basis so businesses invoke the legitimate interest of the employer (data fiduciary) ground that allows them to monitor employees. The GDPR notes that there are many legitimate business reasons why employers monitor employees using CCTV cameras. The Indian Bill, on the contrary, does not provide for a legitimate interest exception for the processing of data without explicit consent. Sections 13 and 14 of the Indian Bill allow the processing of personal data without consent if it is ‘necessary’ for the ‘purposes of employment’ or is for a ‘reasonable purpose’ in the interests of the data fiduciary. One of the reasonable purposes listed is the prevention and detection of any unlawful activity including fraud.[26]

If what constitutes lawful bases as legitimate interest under the GDPR is contrasted with the ‘reasonable purposes’ in the interest of the data fiduciary exemption under the Indian Bill, it can be concluded that under these provisions of the Indian Bill, CCTV surveillance may be justified without explicit consent. The consequence in the Indian regime is that despite a privacy framework, we circle back to monitoring mechanisms being a ‘default’ in the workplace with no justificatory burden on the employer. Under the GDPR, however, should an employee object to the use of CCTV cameras in a particular area, the new GDPR test will place the burden on the employer to demonstrate that it has “compelling legitimate grounds” for processing that overrides the employees’ rights, or the processing is for the establishment, exercise or defence of legal claims.[27]

Further, under the Indian Bill, biometric details for the purpose of attendance can be processed even without consent and thus, even the bodily privacy rights of workers stand to be violated. What is peculiar is that an engagement in an activity for the ‘assessment of the performance of the employee’, is also permissible without consent. Such a legislative drafting negates the substantive right to privacy as it poses privacy and promotion as a binary or trade-off, reinforcing the normalization of monitoring devices in the workplace.[28]

Laws and regulations form the cornerstone of governing workplace technologies. However, the regulatory vacuum or lacuna in this sphere, especially in the context of the Data Protection Bill 2021, suggests that labour rights continue to be diluted in the face of an evolving workplace.

The problem of the absence of proper laws, rules and regulations can be starkly observed in today’s world where we are moving from the ‘typical’ workplace to work from home, and towards a digital economy with platform workers and other kinds of informal labour. We have not yet hit the rock bottom but labour standards are only going to worsen unless we begin to view surveillance as a socio-technical system that requires regulatory intervention, without which the precarious working conditions of labour are bound to exacerbate.

Part III: Call for a New Set of Core Labour Standards

This part, first, lays out certain instances in the context of India, especially during the Covid-era, which point towards the urgent need for proper rules and regulations. Finally, it draws from learnings around the world to make certain recommendations for a new set of labour standards.

Various municipal corporations and departments under the state governments have attempted to implement tracking measures for their employees. A popular instance of this was observed during the beginning of the pandemic when the installation of the Aarogya Setu App was mandated for employees.[29] Further, in October 2020, sanitation workers in Chandigarh were tracked by their supervisors through GPS-enabled smartwatches.[30] In another instance, ASHA workers under the National Digital Health Mission were required to install an App that could track their daily targets.[31] In yet another instance, teachers[32] and employees[33] of the Delhi Municipal Corporation were mandated to install an App for the purpose of attendance.

Even a superficial analysis of the trends of deployment of these intrusive technologies in the above instances, suggests that when surveillance is viewed in a broader context of workers working in precarious conditions characterized by low wages, short-term employment contracts, low autonomy, and negligible bargaining power, it denudes the existence of labour rights and labour laws altogether. At least this concern must push us to devise a new set of labour law standards. As has been argued in a recent report, these standards must not only be established in public policy but also collective bargaining agreements in workplaces.[34]

In recent times, workers in both, the unionized as well as non-unionized sectors are pushing back on tech products and the tech industry.[35] Such movements must continue during the emergence of new labour standards as they act as reminders of the collective strength of workers. The 21st century must see a new set of basic standards for labour rights that entail, illustratively, – rights of workers with respect to their personal data, obligations on employers and accountability for the harms caused by systems deployed by them, regulation of algorithmic and monitoring mechanisms deployed, and the substantive right to organize around technology.[36] Another important recommendation would be the duty to bargain over the deployment of artificial intelligence and employee surveillance in a unionized workplace – for instance, installation of GPS trackers/CCTVs amounts to change in working conditions and thus, it must be the duty of the employer to bargain with the union prior to its implementation.[37]

The above recommendations are purely illustrative and not exhaustive, and the list could go on. But we must begin somewhere, and we must begin soon! The labour rights sphere in the era of technology must extend beyond the recognition of the substantive right to an individual’s privacy and impose a procedural model for enforcement of the rights and obligations of the employee and the employer, respectively. Labour law loses its relevance if it fails to address the power imbalance and information asymmetries that exist between an employer and an employee. Further, in the wake of technological development, which widens that gap, it is even more relevant for us to continue to devise better labour standards. The use of technology amplifies the existing plight of the employees.

Individual battles for employees’ privacy rights are often viewed as innocuous. Precisely why the language of surveillance as a socio-technical system holds the utmost value! It is only when we view the complete picture of the smaller individual and collective labour rights within the ‘Big Boss turning Big Brother’ world, we get a sense of the imminent danger to an entire industry of workers and employees.

[1] Lilian Edwards, Laura Martin & Tristan Henderson, ‘Employee Surveillance: The Road to Surveillance is Paved with Good Intentions’ (SSRN, 31 August 2018) <https://ssrn.com/abstract=3234382> accessed 22 June 2022. [2] Joanna Bronowicka & others, ‘Game that you can’t win? Workplaces Surveillance in Germany and Poland’ (Project: Workplace Surveillance in Germany and Poland, March 2020) <10.11584/opus4-494> accessed 22 June 2022. [3] Mason Godden, ‘Contesting Big Brother: Legal Mobilization against Workplace Surveillance in the Puretex Knitting Company Strike, 1978-1979’ (2020) 86 Labour/ Le Travail 71. [4] Qingqin Zhang, ‘Workplace Surveillance and protection of worker’ privacy in Covid19’ (Queen Mary Postgraduate Law Conference, London, 2021). [5] Bronowicka (n 3). [6] Michael Ford, ‘Two Conceptions of Worker Privacy’ (2002) 31(2) Industrial Law Journal 135. [7] Edwards (n 2). [8] David S. Landes, The Unbound Prometheus (2nd edn, Cambridge University Press 2003). [9] Neil M. Richards, ‘The Dangers of Surveillance’ (2013) 126 Harvard Law Review 1934. [10] Katherine C. Kellogg, Melissa A. Valentine & Angele Christin, ‘Algorithms at Work: The New Contested Terrain of Control’ (2020) 14(1) Academy of Management Annals 366. [11] Bama Athreya, ‘Slaves to Technology: Worker Control in the surveillance economy’ (2020) 15 Anti-trafficking Review: Special Issue – Everyday Abuse in the Global Economy 82. [12] Solon Barocas & Andrew D. Selbst, ‘Big Data’s Disparate Impact’ (2016) 104 California Law Review 671. [13] Annette Bernhardt, Reem Suleiman & Lisa Kresge, ‘Data and Algorithms at Work: The Case for Worker Technology Rights’ (UC Berkeley Labor Center, November 2021) <https://laborcenter.berkeley.edu/wp-content/uploads/2021/11/Data-and-Algorithms-at-Work.pdf> accessed 22 June 2022. [14] Wilneida Negron, ‘Little Tech is coming for workers: A framework for reclaiming and building worker power’ (Coworker, 2021) <https://home.coworker.org/wp-content/uploads/2021/11/Little-Tech-Is-Coming-for-Workers.pdf> accessed 22 June 2022. [15] ibid. [16] International Labour Office, ‘Protection of workers’ personal data: An ILO code of practice’ (Geneva, International Labour Office, 1997). [17] (1993) 16 E.H.R.R. 97. [18] (1997) 24 E.H.R.R. 523. [19] (2016) IRLR 235. [20] (2018) ECHR 14. [21] Kirstie Ball, ‘Electronic Monitoring and Surveillance in the Workplace’ (Office of the European Union, 22 September 2021) <https://publications.jrc.ec.europa.eu/repository/handle/JRC125716> accessed 22 June 2022. [22] Justice K.S.Puttaswamy (Retired). vs Union of India and Ors., (2017) 10 SCC 1. [23] The provisions on employee data in the 2021 Bill are akin to the provisions on employee data in the Personal Data Protection Bill 2019 and therefore – for convenience purposes, the references in the footnotes our to provisions and clauses in the 2019 Bill. [24] The instances in which personal data necessary for employment purposes may be processed under S. 13 of the Personal Data Protection Bill 2019 are: “(a) recruitment or termination of employment of a data principal by the data fiduciary; (b) provision of any service to, or benefit sought by, the data principal who is an employee of the data fiduciary; (c) verifying the attendance of the data principal who is an employee of the data fiduciary; or (d) any other activity relating to the assessment of the performance of the data principal who is an employee of the data fiduciary.” [25] Lawful bases of monitoring include keeping employees safe and secure by preventing crime, preventing employee misconduct, ensuring compliance with health and safety procedures, monitoring and improving productivity, and in some cases such as the financial services sector, complying with regulatory requirements. [26] Personal Data Protection Bill 2019, s14(2). [27] Fiona Sellers, ‘The GDPR’S Impact on CCTV and Workplace Surveillance’ (Privacy World, 8 February 2018) <https://www.privacyworld.blog/> accessed 22 June 2022. [28] George M. Derry III, ‘Trending Privacy for Promotion? Fourth Amendment Implications of Employers Using Wearable Sensors to Assess Worker Performance’ (2020) 16(1) Northwestern Journal of Law & Social Policy 16. [29] ‘Aarogya Setu app mandatory for govt, private sector employees’ (Mint, 2 May 2020) <https://www.livemint.com/technology/apps/aarogya-setu-app-mandatory-for-govt-private-sector-employees-11588363998234.html> accessed 22 June 2022. [30] Express News Service, ‘Sanitation workers protest outside MC building, say can’t wear GPS watches’ (The Indian Express, 24 October 2020) <https://indianexpress.com/article/cities/chandigarh/sanitation-workers-protest-mc-building-cant-wear-gps-watches-6862481/> accessed 22 June 2022. [31] Siddharth Tiwari, ‘Privacy Concerns: Asha workers to shun track app’ (Times of India, 13 June 2021) <https://timesofindia.indiatimes.com/city/gurgaon/privacy-concerns-asha-workers-to-shun-track-app/articleshow/83470224.cms> accessed 22 June 2022. [32] Anushka Jain, ‘Delhi’s Teachers Protest, move court as municipal corporations push app-based attendance marking without a privacy policy, Data Minimisation’ (Medianama, 27 August 2021) <https://www.medianama.com/2021/08/223-delhi-teachers-protest-municipal-corporations-app/> accessed 22 June 2022. [33] Anushka Jain, ‘Attendance marking by app made mandatory for employees of East Delhi Municipal Corporation’ (Medianama, 16 November 2021) <https://www.medianama.com/2021/11/223-attendance-app-edmc-employees-privacy/> accessed 22 June 2022. [34] Bernhardt (n 14). [35] Some instances include: Labour groups such as Teamsters and alt labor groups such as United for Respect and the Athena Coalition have been organizing Amazon workers around the U.S; Another instance is - Organizers from the Google Walk Out to other walkouts in the tech industry, the Kickstarter union + unionization, the Alphabet Workers Union have helped shape the tech workers’ movement. Further, Rail, Tram, and Bus Union (RTBU) in Australia is fighting a proposal from the Office of the National Rail Safety Regulator (ONRSR) to mandate the use of in-cab and visual recording devices in all Australian trains and trams; see Negron (n 15). [36] Bernhardt (n 14). [37] Richard A. Bales & Katherine V.W. Stone, ‘The Invisible Web at Work: Artificial Intelligence and Electronic Surveillance in the Workplace’ (2020) 41(1) Berkeley Journal of Employment and Labor Law 1.