Worker’s Data Should Not be a Business Asset
An Essential Component of a Worker Surveillance Bill: Hard Limits on Workplace Data Collection, Use, and Retention
Workplace surveillance is now the default infrastructure across many modern employment systems. A recent bossware investigation I led highlights that monitoring platforms publicly cite clients including Dunkin’ Donuts, Goldfish Swim School, AnytimeFitness, ACE Hardware, and Comfort Inn.1 From productivity trackers to location monitoring to AI scoring systems that claim to predict “engagement” or “efficiency,” workers at places like these have no choice, agency, or even visibility into this data, how it is collected, who it is shared with, and how it is used to harm them – including lowering pay, job loss, and more.2
These principles are meant to be included in a worker surveillance bill to address the data abuses surfaced in our investigation. Policymakers should ban or restrict worker data3 from boosting surveillance sludge features – worker tracking features that impose excessive data collection, processing, use, and monetization on workers to perform the work but create strong incentives for abuse and misuse. Such surveillance practices can violate core values of worker dignity and autonomy by treating workers as continuously monitored data sources rather than as people entitled to privacy, agency, and fair working conditions.
How to Address Data Abuses & Surveillance Sludge
1. Ban selling or sharing worker data. Some have discussed appropriate interventions on prohibiting workplace surveillance platforms completely.4 There is no justification for allowing employers or bossware vendors to sell worker data to third parties. As workplace monitoring often collects highly granular, and sensitive information about worker behaviors and activities, policymakers and regulators should consider a ban on selling or sharing worker data.5
2. Ban collecting sensitive or highly invasive types of worker data.
Ban off-hours or background activity data collection or third-party data sourcing. Workplace monitoring tools must not collect, transmit, infer, purchase, or otherwise acquire worker-derived or worker-related data outside active work periods – or where applicable, off of the worksite. This can include data obtained through monitoring, indirectly through background activity, or via third-party sources.
Ban emotion-related or biometric inferences. Workplace monitoring tools must not make inferences about people’s emotions or biometrics, stress, fatigue, or attentiveness, for the purpose of evaluating performance, behavior, or employment decisions.
Ban continuous location tracking or data tracking. Workplace monitoring tools must not enable continuous, background, or historical tracking of workers’ location, including inferred or off-duty location data. Such data can be particularly high-risk and require significant scrutiny and justification.
Ban pretextual justifications for continuous surveillance. Tools should not rely on generalized or pretextual justifications to enable continuous, persistent, or by default and always-on monitoring of workers. Claims of security, safety, or compliance should not be used as a blanket justification for broad or continuous workplace surveillance.
3. Ban unauthorized uses of worker data.
Ban default training or stray product uses. Worker data must not by default be used for AI model training, worker job replacement, A/B testing, or any purpose beyond the immediate provision of the service, including those with extremely broad uses such as described as “business product improvement.”
Ban commercial exploitation of worker data. Worker data must also not be used for marketing, advertising, licensing, profiling inference making, or any other commercial exploitation.
Ban retaliation against workers who exercise data rights. Workers may decline or disable surveillance or monitoring features, or choose not to opt in, without any reduction in pay, access, performance evaluation, or other adverse employment consequences.
4. Ban infinite data retention. Workplace monitoring should not retain worker-related or worker-derived data indefinitely without a clearly defined timeline. Data deletion mechanisms must be enabled automatically and clearly by default.
Why Data Abuses Are a Critical Part of the Equation
The harms workers are facing today are broad: AI-driven job displacement, stress and anxiety, dangerous workplace conditions like extreme heat exposure, wage theft, and retaliation against workers for union organizing. Why focus on data abuses? Our investigation shows that all of the companies examined are collectively sharing worker data with third parties in hundreds of instances – creating real risks to working people like job loss, lowering pay and bonuses, impacting employee evaluations and job opportunities to name a few. Across these examples, data is the foundation. Data serves as the foundation for targeted advertising, training AI models, and broader commercial surveillance business models. Workplace data can be combined with consumer data to generate sensitive inferences – like an individual’s financial precarity, health status, or debt-related stress. Finally, there is commercial value in aggregating and sharing worker data. Once compiled it becomes proprietary training data for AI models, enables companies to automate workflows or reduce reliance on human labor, and further monetize workers through advertising, profiling, and analytics.
For these reasons and more, there are many efforts to tackle bossware, but our investigation demonstrates that policymakers at the federal and state level must reign in these data abuses and tackle worker data as part of these efforts. Policymakers must ensure these larger bossware efforts include combating workplace data abuses as part of the equation.
Note that there are several limitations in these principles to consider. These principles largely apply to third-party software bossware applications – and may not fully cover the issues that may arise relating to first-party data collection, sharing, and use. First-party data sharing and use concerns are still important to address. Also, accountability should extend to third-party vendors and to employers, who are responsible for using or designing the software.
Confront the Realities of Workplace Surveillance
It is important to examine the realities of workplace surveillance systems and ground policy responses in how these technologies actually operate in practice. There are well-documented lessons about the limits and failures of existing protections.
Reject the assumption that “notice-and-consent” and “opt-out” meaningfully protect workers. The core weaknesses in consumer privacy regimes – especially the fiction that notice and consent can protect privacy – also occur in the workplace.6 For many workers, using employer-required software and being subject to data collection practices is essentially a condition of employment, and in many cases, employees are asked to install monitoring tools on their personal devices to comply with requirements. Developers of workplace monitoring tools should not presume that surveillance that is otherwise unlawful can be rendered lawful by obtaining workers’ consent, given the coercive nature.
Reject any collection of worker information when people are off-the-clock. Continuous tracking can potentially capture far more than work, extending surveillance into workers’ personal lives in a way that may not have a clear, job-related justification. For example, workers have documented when their workplace monitoring app was still on and tracking their driving behavior – such as speeding or making abrupt stops – while they were off their shift.
Avoid creating exceptions (carve outs or loopholes) in laws or policies that allow companies to continue to abuse worker data under the guise of “primary” and “secondary” uses. Companies may claim they need data for purposes such as AI training, business improvement, worker safety, product “optimization” or “improvement” or testing new features – but these exceptions could be used to justify ongoing surveillance and data exploitation. Protections should also extend beyond what is often seen as “direct” identifiers like names and emails, since workers can often be re-identified through other forms of data like location data, device IDs, purchasing behavior, communications metadata, and other behavioral information.
Break down consumer-worker silos. Worker data is deeply enmeshed in data-broker markets and subject to similar risks, harms, and abuses as consumer data. Although scholarship, advocacy, and policy have traditionally treated worker privacy and consumer privacy as separate domains, our investigation shows the underlying data practices, technologies, and external dynamics are fundamentally parallel – and in many cases identical.7
These concepts highlight a simple reality: worker data has become a valuable commercial asset. The goal with any intervention should not be to make workplace surveillance more transparent or to increase burden on workers to manage their data. Meaningful worker protections require bright line rules to curb the exploitation of workers.
DFN-003
Special thanks to the collaborators on this piece: Terri Gerstein, Mayu Tobin-Miyaji, Abigail Kunkler, John Davisson, Brian Shearer, Asad Ramzanali, Ganesh Sitaraman, Seth Frotman, Erie Meyer, Robin Moore, Zach Harris, Levi Kaplan, David Choffnes, Alan Mislove, Vanderbilt Policy Accelerator, Berkeley Center for Consumer Law & Economic Justice, Northeastern’s Khoury College of Computer Sciences, and Electronic Privacy Information Center.
In addition, the products from 9 workplace monitoring platforms are used by some of the following workplaces, according to their own public sources: 1-800 GOT JUNK?, ACE Hardware, Amazon Ring, AnytimeFitness, Australia Zoo, Ben & Jerry’s, Better Business Bureau (BBB), BokDok (Surgeries Marketplace), Carrier Global, City University of NY (CUNY), ClearDesk, Comfort Inn, CVS Pharmacy, Dentistry Support, Dunkin Donuts, Earth Breeze (laundry detergent sheets), Getty Crafts (modern crafting store), Goldfish Swim School, Harvard University, Hampton by Hilton, Honest Burgers, Instacart, Groupon, Jamba Juice, Legal Nodes, Massage Envy, Medtronic, Palmetto Painting Contractors, Soundcloud, StateFarm, Ticketmaster, Uber, Verizon Wireless, Walgreens, University of Michigan, Dear Doc, Heckyl Technologies (Marine Logistics & Supply Chain), RedTeam Hacker Academy (Cybersecurity Training), Tesla Motors, Remote CoWorker, AskVelma, Pro 1 Painters (professional house painters in Alabama), Care in Touch, Dentist Find, Wendy’s, among others.
Harms can include: lowering pay and bonuses, cutting shifts, limiting promotions, and causing job loss based on flawed background reports, opaque data, or algorithmic performance evaluations; discrimination based on race, age, and ability when algorithmic tools amplify inequities or infer sensitive traits such as health or pregnancy, or share market profiles with recruiting industries without worker notification; monetizing worker data to third parties (advertisers, marketers, analytics firms) for targeted advertising; exposure of sensitive employee information and data breaches; intrusive monitoring of sensitive health information (illness, diagnoses, religious beliefs), granular online behavior, and personal devices, as well as location tracking after hours and targeting of union members; and surveillance-driven stress, anxiety, negative health and safety outcomes, lower job satisfaction, and reinforcement of hiring and workplace inequalities.
For purposes of this piece, “worker data” is generally defined as any data generated, captured, or inferred by workplace monitoring or surveillance-related platforms in the course of work-related activity. Here, “work” is understood broadly and not limited to a formal employer–employee relationship (e.g. including contractors, gig/platform workers, freelancers, or other work arrangements, etc.). This is a descriptive framing for the purposes of this analysis and is not intended to serve as a formal or legal definition.
This post focuses on the specific issue of worker data. There is extensive scholarship and advocacy around how to strengthen broad based privacy statutes at the federal, state, and local level. See: U.S. State Privacy Laws, EPIC.ORG, https://epic.org/issues/privacy-laws/state-laws.
Policymakers and regulators should consider whether an appropriate model could be premised similarly to the Fair Credit Reporting Act where both obligations and liabilities for non compliance exist not only at the third party but also with the employer themselves. In addition, policymakers should avoid undermining a prohibition on “sharing” by defining it broadly to include sharing for business purposes (e.g. “business improvement” “worker benefits,” “product optimization,” “A/B testing,” etc.). Relevant carveouts can effectively undermine the intervention and/or allow surveillance practices to continue under the guise of operational exceptions.
Notice-and-consent regimes reference company practices that rely on users agreeing to dense legalese – often in the form of privacy policies or terms of service – but fully informed consent is practically unachievable. See Lina M. Khan, Samuel A.A. Levine & Stephanie T. Nguyen, After Notice and Choice: Reinvigorating “Unfairness” to Rein In Data Abuses, 77 Stan. L. Rev. 1375 (2025).
For many of the cases we found in the investigation, the bossware companies in our sample were using the same tracking infrastructure as any other consumer-facing website. Thus, the trackers likely don't distinguish between data gathered from workers and from more general consumers.