During the pandemic, employer collection of worker data increased significantly. In almost all cases, especially in Australia, this collection is completely unregulated.
As Matthew Painter at the Future World of Work wrote, “Data is rapidly becoming the global economy’s most valuable resource, and currently, workers have no control over the mountains of data their employers collect on them.” (Emphasis added.)
The consequence is that workers lack proper protection for their data access and portability under current laws. This impacts workers’ privacy, their career mobility and job quality.
Data portability is especially important for platform/gig workers; currently predatory employers like Uber, Amazon and Doordash effectively lock-in workers to their platform or punish them for trying to leave.
A lot of data is gathered at work by employers and the tech platforms used by employers (like Microsoft, Google, Cognizant or Intuit), but data governance at workplaces and data privacy laws with governments is not a priority. This affects worker privacy, career options, and job quality.
Types of workers’ personal and health information collected by employers and tech companies includes, HR information, time and motion data, geo-location data, shift and scheduling data, personal payroll data and biometric data (such as facial recognition).
Enforcing collective data rights for workers is crucial. Current regulations mainly focus on protecting individuals, but this isn’t enough for true data control.
The Fair Work Ombudsman for example states this clearly:
Personal information held by an employer, relating to someone’s current or former employment, isn’t covered by the Australian Privacy Principles
Some jurisdictions in Australia (like the ACT) have Workplace Privacy Acts. However, these typically are about video surveillance rather than digital and data surveillance. Even where the law does regulate data surveillance of workers, it is almost entirely unenforced by the regulator.
I’ve written a lot previously about this as the major frontier for unions and collective bargaining.
With the advent of generative AI, which uses vast stores of data scraped from the Internet and other sources, taking a collective approach to employer and corporate use of data is urgent!
For example, the pandemic led to more health data collection and teleworking, increasing on-the-job data sources.
This data is collected by and used by employers (and by tech platforms), with no right for workers to check that it is accurate, often collected and stored without consent, and the worker has no right or ability to affect how that data may be used (e.g. for insurance, or possibly on-sold to other companies or vendors).
Workforce data is collected during recruitment and on the job through various means. This is also enormously problematic — not only because there is no safeguards or requirements about employers subsequently deleting the data when it is no longer required, but there is no safeguards or regulations about what the data can be subsequently used for.
Similarly, there are an increasing number of tech companies that use generative AI and other machine learning models for recruitment and HR — ostensibly to “remove bias”. But without the right to access and give genuine consent to their data being ingested into the machine learning model/AI database, this is just another example of workers’ privacy being violated.
Digital data is used by employers for remuneration, discipline and firing decisions. And where the data is wrong (e.g. due to glitches), there can serious consequences. There are weekly stories about workers being wrongly dismissed because of key-logging software on their laptops, geolocation data incorrectly detecting them in a specific location, or shift logins not working and causing workers to not be paid.
This data is valuable to employers and even more valuable to tech platforms that sell services to employers. Workers are excluded from benefiting from their own data due to lack of data rights and lack of transparency from employers and tech platforms.
Worker data is also a honeypot for hackers, and there have been a large number of data breaches of vast quantities of worker data over the past three years. With no regulations about how worker data can be securely stored or who can access it, and no penalties for reckless disregard for worker data cybersecurity, these breaches (many of which are very serious) will continue.
Former Uniglobal secretary Phil Jennings said back in 2017:
Data collection and artificial intelligence are the next frontier for the labour movement. Just as unions established wage, hour, and safety standards during the Industrial Revolution, it is urgent that we set new benchmarks for the Digital Revolution.
This is an area where unions can organise collectively, as last year’s ACTU Executive resolution recognised. Unions need to improve their data literacy to be able to proactively engage on consent, privacy, and surveillance matters. We need to push governments strongly to extend strong privacy protections to cover workers as well as “consumer”/personal data.
It is a major problem in Australia (and elsewhere) that employers can use sensitive data for their interests with few restrictions.
This power imbalance lets employers make decisions based on data, affecting wages and job security. Without unions and workers being able to access this data and be consulted on the decisions, this simply hands employers more and vast asymmetric power over workers.
Platform workers need data portability (e.g. of reputation ratings for gig workers) to switch jobs and access social protections.
Workers should control their online work history and use data portability for better job mobility.
Conceptually, imagine that workers’ data is like superannuation. Unions can create a data trust — as a legal entity with trustees — and then negotiate with groups of employers on behalf of members and workers to gain control over the data of the beneficiaries of the trust (the workers).
Current laws don’t fully address workplace challenges and needs to be updated to ensure workers’ rights are protected.
The ACTU Executive endorsed principles for worker data privacy in October 2022:
The resolution outlines key principles for the use of working people’s data by their employers;
- Employers should be required to protect the data of their employees.
- Workers should have a right to access data collected about them, including the right to have that data rectified, blocked or erased.
- Workers and their unions must be consulted and agreement reached before the introduction of new systems which enable surveillance or monitoring of workers.
- Data collected should be minimised to only what is absolutely necessary.
- Policies and processes for data collection should be transparent and available to workers and their unions.
- Biometric and GPS or location data should only be collected where there is no other viable option.
- These rights should be implemented and enforceable via collective bargaining.
These are absolutely the starting point for the union movement in Australia. Union peaks in other countries and regions (e.g. the EU) and global union federations (e.g. UniGlobal and PSI) have also done important work advancing movement policy on worker data and algorithmic decision-making.
Regulations and oversight are needed for workplace data. Specifically and vitally, unions must have the right to collectively negotiate how workers’ data is collected, stored, used and disposed.
- Read more: Improving Workers’ Data Rights (ILO, Bureau for Workers’ Activities)
Note: it goes without saying, the views here are my own and not those of my employer.
Featured image for this article was created using generative AI.