Workplaces have always monitored workers, but new and evolving technology has allowed for increasingly more intrusive surveillance, from keystrokes to eye movements in front of a screen, from location tracking using GPS in trucks to tracking using company phones in pockets. And as the means of surveillance expands, the capacity for it to happen invisibly behind the scenes of the interfaces we use every day has also expanded. Working remotely, as many people have been doing during the pandemic, has intensified workplace interest in such tracking and people’s vulnerability to it as the boundaries between home and work are blurred.
So Ontario’s announcement, today, that the government plans to introduce new legislation later this month to “require employers to tell their workers if and how they are being monitored electronically” is a welcome one. There has been a gap in protection for workers in our privacy laws for a long time, and this will be a small first step towards filling it.
However, while adding such protections is a good thing, they must be genuine. First, it has to be noted that while transparency requirements sound worker-friendly, how they are implemented will make a difference between their being useful or devolving into a tick-box during an employee orientation. It’s one thing to be told how and why you’re being watched in a workplace, but absent any requirement for employers to limit their monitoring to that which can be meaningfully justified, it could end up being an exercise in frustration for employees (and similarly counterproductive for employers).
There’s a fine line between want and need when it comes to data collection. It’s a line we’re seeing crossed in different ways all around us. In the workplace, where employers have the power of hiring and firing, and quitting may not be an option for employees with families and mortgages, that power imbalance can be huge.
That means that what we really need to see is the entrenchment of some best practice for making decisions about any kind of workplace surveillance, such as:
- Determine that less intrusive methods can’t do the job and that there is a documented, specific, ongoing, verifiable concern.
- Engage in employee consultation regarding measures and means
- Develop policies and procedures that outline the roles and responsibilities of people involved in collecting personal information – how will the information be used for or against workers and who decides? What are the safeguards?
- Require larger companies to do privacy impact assessments for new tools to make sure it is designed to minimize impact on privacy and compliant with privacy law
- Provide training for those who work with the data
- Document the way appropriate security for the data is assured
- Conduct compliance reviews and evaluations with the transparency policy and the wider surveillance policies around the use of monitoring tools
- Ensure -access for employees to their own personal information collected by the monitoring tools
- Provide for regular audits/evaluations
Introducing transparency requirements for workplace surveillance is just a first step towards meaningful protections for workers. The second step is legislation, perhaps in Ontario’s potential new privacy law, that puts some safeguards around what kinds of surveillance, under what conditions, is reasonable at all and provides recourse to workers faced with practices they believe are overly invasive. In other words, workers don’t just need to know when they’re being watched, they need protection from the surveillance itself if or when it crosses the boundary between valid employer need and an oppressive employer data scoop.
This is legislation to watch in Ontario in the coming weeks. Stay tuned.