Along with the increasing number of remote work arrangements available to employees in the wake of the COVID-19 pandemic has come an exponential rise in employers’ use of employee monitoring technology. Nearly 80% of major U.S. employers use some type of technology to monitor employees’ use of the internet, phones, and/or email. More than half of those employers report using non-traditional monitoring techniques, such as logging keystrokes, taking screenshots, recording mouse movements, or activating webcams or microphones, sometimes without the employee’s knowledge, methods colloquially referenced as “Bossware.” Although monitoring employee efficiency and productivity has been a long-standing practice in employers’ physical workspaces, the development of ever new forms of surveillance technology and the deployment of such technology inside employees’ homes and/or on employees’ personal devices have given rise to new legal and practical considerations, a few of which are discussed below.
The Legal Framework
It is well-settled that private sector employees have almost no reasonable expectation of privacy with respect to their actions within the employer’s workplace or when using work equipment. Under federal law, specifically the Electronic Communications Privacy Act, (ECPA), employers generally have the right to monitor employees as they perform work. As amended, the ECPA permits employers to monitor employee activity on employer-owned devices or electronic systems. Monitoring techniques that do not capture conversation are permissible in every area of the workplace, except non-work areas such as bathrooms or breakrooms. While the federal ECPA does not require notice of, or employee consent to, such monitoring, some states (e.g., California, Illinois) require employee consent and others (e.g., Delaware, Connecticut) require notice. Under the ECPA, employers are prohibited from monitoring employees’ personal phone calls, even if made using company-owned equipment; however, the ECPA does permit employers to record employees’ work-related calls with clients or customers, provided there is consent from at least one party to the conversation. Because nearly every U.S. state has its own requirements for obtaining consent, employers will want to make sure that any monitoring or recording of employee conversations also complies with the law of the state in which the employee is employed. Florida, for example, requires two-party consent, which may be constructively obtained if all parties to the conversation have clear knowledge that the conversation is being recorded. Although the permissible scope for monitoring or surveillance of employees in the traditional workplace is extremely broad, the following recent developments, nonetheless, suggest that certain legal and practical limits may constrain employers’ use of new monitoring technologies when it comes to managing employees working remotely, particularly within their own homes.
Limitations in a Global Economy
On September 28, 2022, a Dutch court held that Chetu, Inc., a Florida-based software developer, had wrongfully terminated a telemarketer working remotely from his home in the Netherlands and that the company’s employee monitoring policies violated the employee’s rights under the European Convention of Human Rights (ECHR). The employee had been asked to participate in a daylong training program during which his webcam was to be kept on at all times. The remote employee repeatedly advised the employer in writing that he was not willing to turn on his webcam for the nine-hour program and was eventually fired for “refusal to work” and “insubordination.” In resisting the all-day webcam monitoring, the employee specifically advised his employer that he considered the all-day webcam recording requirement to be an invasion of his privacy, which made him feel uncomfortable, and that the company had other ways to monitor his activities that he did not find so invasive, specifically pointing out that the company was otherwise monitoring all activities on his laptop and that he had consented to screen sharing. In the litigation the Florida employer argued that its webcam monitoring was analogous to supervision conducted in an in-person work environment, where an employee can be physically seen at any time by anyone in the workspace. The Dutch court did not accept the analogy; instead, focusing on the fact that the webcam recording would have occurred in the employee’s private home, the Dutch court held that such surveillance constituted an invasion of privacy under Article 8 of the ECHR. The Dutch court declined to consider whether Chetu’s webcam monitoring policies violated the European Union’s (EU) General Data Protection Regulation Implementation Act (GDPR) by assuming for purposes of its deliberations that the employee would or could only be observed via webcam during working hours and that no recordings made of the employee would be stored or used for any other purpose. As a result of the court’s determination of wrongful termination, the employer was ordered to pay the employee’s back wages, unused vacation time, and court fees, as well as being enjoined from enforcing its non-compete to limit the employee’s prospects for new employment and required to pay a $50,000 fine. Chetu dissolved and deregistered its Dutch branch and does not currently list any business location within the EU.
U.S. employers who have EU affiliates, employ remote employees working from the EU, or whose contracts with EU corporations require compliance with the GDPR and/or EU human rights laws will want to review their employee monitoring policies in light of the decision in the Chetu case. Specifically, they will want to use the least intrusive monitoring option available to achieve a legitimate business need. Likewise, if videocam recordings are justifiable under the particular circumstances, the employer will want to ensure that the storage and further use of any such recordings are handled in compliance with the GDPR.
Homegrown Limitations: The California Workplace Technology Accountability Act
Although several U.S. states (e.g., New York, Connecticut, Delaware) have already enacted laws that require employers to notify employees of their monitoring activities, the California House has recently introduced a bill known as the California Workplace Accountability Act that, if enacted, would significantly restrict employers’ use of employee tracking technologies in the workplace. The bill generally requires that any form of electronic monitoring utilized by an employer be for an “allowable” purpose and that the employer use “the least invasive means … that could reasonably be used to accomplish the allowable purpose.” The bill would, in pertinent part:
Prohibit employers from monitoring workers off-duty, on personal devices, or in private areas
Prohibit employers from using technology that monitors workers’ facial recognition, gait, or emotions
Allow workers to view and correct any data collected about them through monitoring
While the California bill has not yet become law, it likely serves as the harbinger of regulation to come, as more and more employee monitoring occurs outside the traditional, brick-and-mortar workplace environment and as new monitoring technologies are developed. To stay well ahead of the curve, forward-looking employers may wish to take such steps as:
Providing remote employees with any equipment and devices necessary for the performance of their job duties;
Promulgating employee monitoring policies that expressly limit monitoring to the employee’s scheduled work hours; and
Limiting the modes of surveillance employed to the least intrusive means available for monitoring quality, performance, productivity, or security.
Under California’s proposed legislation, an employee might ask the same question as the Dutch employee in the Chetu case, namely, “why do you need to watch me on a webcam when you already have the capability of monitoring my keystrokes, mouse movements, emails, or the like?”
Practical Limitations: How Does This Thing Really Work?
A 2021 opt-in class action under the Fair Labor Standards Act (FLSA), Kraemer v. Crossover Market, LLC, filed by a Texas remote employee on behalf of herself and all similarly situated employees, highlights how overreliance on the capabilities of new surveillance software can lead to unanticipated and costly legal issues. The named plaintiff was employed in the position of senior vice president of finance at an hourly rate of $200. She had an MBA, and her duties included performing various accounting functions and providing accounting support to the company’s auditors. As a condition of her employment, the named plaintiff was required to download onto her computer the employer’s surveillance software, which audited her keystrokes and used her computer’s webcam to take shots of her face and computer screen at random times within 10-minute blocks of time. Plaintiff (and other similarly situated employees) were not paid for any 10-minute period of time during which the software’s “snapshot” showed a pause in keystroke activity or that the employee had stepped away from her screen. Such periods of perceived inactivity were considered non-compensable “idle time.” The plaintiff, however, alleged that various types of offline work, such as reviewing or annotating printed documents or receiving phone calls or attending Zoom conferences on her mobile phone, which were actually a regular part of her job, were not captured by her employer’s software. The plaintiff alleged that, as a result, she frequently worked 55 to 60 hours per week just to log 40 hours of compensable time. The lawsuit was settled for an undisclosed amount approximately four months after litigation commenced.
In the Kraemer case, the employer opened itself up to potential liability for unpaid overtime by making aggressive use of “advanced” methods of electronic surveillance on an hourly employee’s work activities to measure compensable time. However, the plaintiff’s complaint that the surveillance software used by her employer simply failed to capture many integral aspects of her job performance appears to have been persuasive in driving an early settlement and holds practical lessons for employers’ management of remote employees. In other words, there can be a problematic disconnect between what surveillance software is capable of measuring and the actual range of tasks an employee regularly performs in the course of carrying out their job duties, particularly where “offline” activities are involved. While unpaid overtime for hourly workers was the issue in Kraemer, the same disconnect is evident in the discontent expressed by exempt, remote “white collar” employees, who have also been the subject of increasing levels of electronic surveillance to track their productivity. Interviews conducted in connection with a recent article in the New York Times include reports of doctors being counseled regarding “score cards” that show higher levels of “inactivity” time in comparison with colleagues; social workers receiving negative marks for “idle” time for time they had actually spent offline counseling patients; managers receiving downgraded performance scores in connection with bathroom breaks; and hospice chaplains being reprimanded for failing to achieve sufficient “productivity points,” which could result from patient cancellations, patient deaths, or traveling to visit a single isolated patient (as opposed to using time to see multiple patients in a group setting such as a nursing home). The interviewed white-collar employees characterized the monitoring they were subjected to as demoralizing, humiliating, and toxic micromanagement. As a theoretical matter, an employer’s use of monitoring software to micromanage its white-collar employees might be viewed as contrary to the exercise of independent judgment and discretion that is regularly viewed as a sine que non for classifying an employee as “exempt” from the overtime provisions of the FLSA. In real, practical terms, the stress and low morale resulting from such micromanagement is reported to be one factor contributing to the current, highly mobile job market.
Employers have a legitimate business interest in monitoring employees’ attendance, performance, productivity compliance with security policies, and the like. As more and more employees work remotely, employers have sought to use increasingly sophisticated methods of digital monitoring as a substitute for the “eyes on” supervision possible at their physical place of business. In the brick-and-mortar workplace, there are few limits to an employer’s ability to monitor employees’ activities because there is virtually no expectation of privacy in an employer’s office or facility. In this new post-COVID-19 employment landscape, where employees are bringing the workplace into their own homes, issues related to individual privacy play out a bit differently, and courts (and employees) asked to weigh in on the issue are beginning to establish limits on how far the surveillance of such employees may go. Moreover, advances in monitoring technology have not always enhanced employers’ ability to evaluate their employees’ performance. For example, measuring online activity can prove a poor proxy for effectively evaluating employees whose jobs require offline thinking, reading, or offscreen engagement with clients or patients. The developing law governing the relationship between an employer and its remote employees bears watching.