This story is part of The Privacy Divide, a series that explores the fault lines and disparities–economic, cultural, philosophical–that have developed around digital privacy and its impact on society.
Considering all the ways that companies are using technology to keep tabs on their employees, it makes perfect sense that some believe Big Business is fast becoming—and, indeed, may already have become—Big Brother.
Last year, the research firm Gartner found that more than 50% of the 239 large corporations it surveyed are using “nontraditional” monitoring techniques, including scrutinizing who is meeting with whom; analyzing the text of emails and social-media messages; scouring automated telephone transcripts; gleaning genetic data; and taking other such steps. That’s up from just 30% in 2015. And Gartner expects those ranks to reach 80% by next year.
“Technological advancements in several fields—big data analytics, communications capture, mobile device design, DNA testing, and biometrics—have dramatically expanded capacities for worker surveillance both on and off the job,” Cornell’s Ifeoma Ajunwa and New York University’s Kate Crawford and Jason Schultz warn in a 2016 law review article.
“The American worker,” they add, “must now contend with an all-seeing Argus Panoptes . . . that allows for the trawling of employee data from the Internet and the employer collection of productivity data and health data.”
Yet as scary as all of this sounds, invoking a figure from Greek mythology—Argus Panoptes was a hundred-eyed giant ultimately slain by Hermes—is actually quite apt. That’s because, while the specter of employers widely abusing workers’ privacy looms large, it doesn’t seem to be much of a real issue in most offices, factories, and shops across the country.
“Concern is very broad but not very deep,” says Lewis Maltby, the president of the National Workrights Institute and a longtime advocate for protecting the civil liberties of employees.
When he hears from workers, he notes, it’s typically not because management is poking around into private matters; it’s because their personal information was erased without any warning when they left their job and their employer reclaimed a company-owned cellphone. “That’s the most common complaint,” Maltby says.
One possible explanation for such apathy, Maltby suggests, is that many workers may not comprehend the full extent to which their employer is probing into their activities. And those that are aware may well realize that, generally speaking, there are stark limits to how much they can push back legally.
“If the employer has a reasonable purpose for the monitoring program, it’s over,” Maltby says. “The camera in the women’s bathroom doesn’t make it. But if a company reads employees’ email because it’s concerned about sexual harassment, they can argue there’s a legitimate purpose. It passes the test.”
Ajunwa, Crawford, and Schultz cite another factor, too: Whereas employers were once heavy-handed in their tactics—think of the way General Motors hired Pinkertons in the 1930s to conduct an espionage campaign against labor activists—they’ve now persuaded employees that sharing personal information is in their own interest.
“Surveillance in the workplace,” the three scholars say, “has mostly moved away from an authoritarian regime” to one that “evinces an ostensibly participatory character.”
An accepting workforce
Whatever the reason that more workers don’t protest the fact that most every movement and utterance on the job is subject to examination, V. John Ella, an employment and business attorney in Minneapolis, has definitely noticed it. “It’s almost as if the American workforce is accepting of this,” says Ella, who has written about workplace privacy for the American Bar Association.
Five years ago, Ella assumed that there would soon be “a big mushroom cloud of litigation” because of electronic intrusion into workers’ lives. But, from all that he and other lawyers can tell, it hasn’t materialized.
“It appears,” says Ella, “that people have become desensitized”—especially millennial workers, who grew up in something of a digital fishbowl. They now make up a larger share of the U.S. labor market than do those from any other generation.
Of course, not every company is viewed the same by its workers. Jim Harter, chief scientist for Gallup’s international workplace management and well-being practices, says employers that consistently treat their people with respect “have more leeway” to introduce new data-gathering methods. At companies where workers lack faith in management to do the right thing, however, such moves are sure be greeted more warily.
“It really starts and ends with culture,” Harter says.
Consider YouEarnedIt, which offers an employee recognition and engagement platform. It often asks workers at its client companies to disclose their home address in order to send them rewards. It also asks for their birthday (minus the year).
“In the abstract, that feels like a lot of personal information,” says Elizabeth Loucheur, YouEarnedIt’s vice president of customer success, “but we get very few requests to be removed from the system.” In all, while more than 500,000 employees across a wide range of companies are plugged in to YouEarnedIt, fewer than 100 have totally opted out.
Strikingly, worker acquiescence—if not outright approval—looks to be increasing even as the reach of technology is growing.
Several years ago, Gartner found that only 10% of employees said they were comfortable with their company “tracking personal data” about them. By last year, that had jumped to 30%. And when companies are clear about why they’re pursuing this information, that climbs to about 50%.
“You can’t say employees like it or don’t,” explains Brian Kropp, group vice president of Gartner’s HR practice. “It’s a split.”
Another element softening workers’ attitudes, some surmise, is that newfangled means of observing them don’t come in a vacuum. “HR has all sorts of very delicate information—your salary, your medical condition—and most people already trust that,” says MIT’s Alex “Sandy” Pentland, a pioneer in using sociometric data to help companies better understand how their employees interact. “This is one more thing.”
In her new book, The Age of Surveillance Capitalism, Harvard Business School’s Shoshana Zuboff makes a similar point—though she frames it in far more menacing terms. “The workplace,” she asserts, is “the gold standard of habituation contexts, where invasive technologies are normalized among captive populations of employees.”
Orwell at the office
Certainly, some companies do things that can feel downright Orwellian. The Daily Telegraph, the British newspaper, a few years ago installed a system of heat and motion sensors—dubbed OccupEye—to determine who was at their desk and who wasn’t. The company said it was all part of an effort to boost energy efficiency in the building, but it backed off after an uproar by the staff and their union representatives.
In a bid to root out employees who might be committing wrongdoing, JPMorgan reportedly used sophisticated software from Palantir Technologies to sift through email records, financial documents, and so on—only to have a full-fledged spying scandal erupt. (A spokeswoman for the bank says the company no longer engages in such practices.)
Amazon created a stir last year after it won a patent for a wristband that would allow for “ultrasonic tracking of a worker’s hands . . . to monitor performance of assigned tasks.” (The company says that it has no plans to use the gizmo, and if it ever did it would be to improve safety and ergonomics by alleviating employees from having to clutch handheld scanners—not to sniff out who’s taking a breather or a bathroom break.)
The article by Ajunwa, Crawford, and Schultz highlights other alarming cases, as well: the woman who was fired after she deleted from her phone an employee tracking app that documented her whereabouts even when she was off duty; the company that coerced its workers to produce DNA samples in an attempt to ferret out who had been leaving feces around the property; the office manager who accessed a worker’s psychiatric records.
Still, for all the headlines that such incidents generate, the vast majority of companies—particularly big corporations—tread very carefully when it comes to safeguarding privacy. When things blow up, it’s “the great, great exception,” says Kurt Heikkinen, the CEO of Montage, which helps about 100 of the Fortune 500 with their recruiting and hiring through the deployment of artificial intelligence and other technologies.
It can take many months, Heikkinen points out, for Montage to meet all of the security and privacy requirements that a client has in place.
YouEarnedIt has had a similar experience. “Companies are very conscientious” about keeping private information safe, Loucheur says, emphasizing that her team is able to win business only after it demonstrates that it keeps individual data encrypted and abides by various industry controls.
At Humanyze, a people analytics provider cofounded by MIT’s Pentland and some of his former doctoral students, CEO Ben Waber also finds that most clients are cautious. “The vast majority of companies we work with will proactively bring this up: ‘Hey, this sounds kind of creepy. Do you retain individual-level data?'” he says.
The answer: Nope.
Humanyze explores the time stamps of emails, the length of face-to-face conversations, and how communication flows within an organization, but no personally identifiable or confidential information is compiled. Integers, rather than employee names, are used. Data is encrypted and purged 90 days after a project is complete. Meanwhile, Humanyze software combs through all of this metadata is to uncover patterns about how well different teams work with each other—or don’t.
Anonymized and aggregated
Pentland says that this formula—”guaranteeing that everything is anonymized and aggregated” to groups of workers—should become a privacy benchmark.
The trouble is that while many companies take such measures, there are still plenty that don’t do anything of the sort, leaving employees vulnerable to having their privacy infringed upon. “I think it’s all over the map,” Pentland says.
Smaller organizations tend to be most lax. “There is a correlation between the size of the company and the urgency around security and privacy,” says Loucheur.
Maltby says that at least 25% of companies don’t even have a policy telling their IT staff not to snoop on their fellow workers. And few, if any, conduct privacy audits to reveal if there is a problem.
“How hard would that be?” Maltby asks. “Checking once a year wouldn’t be a great imposition.”
The single area that worries watchdogs the most is, perhaps, wellness. A majority of large companies and a significant percentage of smaller ones have programs today that, in the name of encouraging their workers to be in good physical and mental shape, seek out personal health information. This can include questions about whether workers are anxious or depressed, drink alcohol or use drugs, or take medication.
The Americans with Disabilities Act and the Genetic Information Nondiscrimination Act are supposed to ensure that an employee’s sensitive details are held close. Yet there are gaps in these laws, experts say, and companies may not always adhere strictly to the regulations that are on the books.
“If employers have wellness programs, they’re supposed to tell you what it is they’re going to ask, exactly how the information is to be used, and who can have it,” says Karen Pollitz, a senior fellow at the Kaiser Family Foundation, a healthcare research organization. “But no one knows if they are following these rules right now.”
The bottom line is that while workers may, by and large, be blasé about privacy on the job, dangers abound—and that has led to calls for a federal law that would be geared to protecting the privacy of employees specifically (as opposed to a more sweeping statute like Europe’s General Data Protection Regulation).
An Employee Privacy Protection Act would recognize “data autonomy as an essential human right” and thereby shift the information that employers take in “from the domain and context of the ‘workplace’ to one of personhood,” Ajunwa, Crawford, and Schultz maintain.
Waber, the Humanyze CEO, agrees. “We should have proactive regulations rather than waiting for something really bad to happen,” he says. “This whole industry is in its infancy—the way Facebook was with its data 10 years ago.”
If that analogy doesn’t shake workers from their complacency, maybe nothing will.