Worker Privacy

Background

Workers are exposed to many types of privacy-invasive monitoring while earning a living. While employers may have an interest in some degree of monitoring to address security risks, prevent harassment, and ensure the acceptable performance of employees, surveillance can also diminish employee morale, dignity, and autonomy and increase stress. Reliance on unproven and invasive technologies also increases the risk of physical, psychological, and emotional harm, as these tools can push employees to strive to meet unsafe metrics and create an overly stressful and dehumanizing work environment.

Many workers are not protected with due process guarantees against arbitrary discharge. Absent state law or contract, employers can often dismiss an employee for any reason, or no reason, even if the decision to terminate is based on false information. This is called employment at will. More and more employers are also relying on automated decision systems (ADSs) to make or assist in making decisions about who to hire, fire, promote, or discipline as well as to allocate hours and determine salaries. Unfortunately, these ADSs have well-documented histories of inaccuracy and bias.

With the increased adoption of monitoring tools and surveillance technology in the workplace, it is important now more than ever for employees to have comprehensive privacy protections and rights, including basic due process protections, such as notice of violations and the opportunity to appeal. It is also vital that workers are protected from harms stemming from the use of ADSs in the workplace through increased transparency and accountability about the systems and specific rights if an ADS is used in making a decision about them.

Bossware

Bossware is a term used to describe employers’ use of technology, including surveillance tools, software, and other electronic tools that may be placed on employees’ devices to track and monitor employees. Some examples include closed-circuit video monitoring, Internet monitoring and filtering, email monitoring, instant message monitoring, automatic time tracking, phone monitoring, location monitoring, personality and psychological testing, and keystroke logging. Some bossware sends employees’ location information, screenshots of their devices, or emails directly to the employer. There are even bossware services that allow employers to remotely activate employees’ webcams and microphones without their knowledge. Bossware often subjects employees to serious privacy invasions, and employees have little to no choice as to whether they are surveilled if they want to continue their employment.

Amazon, infamous for engaging in intensive employee surveillance, installed machine learning-powered surveillance cameras in its delivery vehicles. These cameras, which are always on, purportedly monitor employees and provide feedback as they make deliveries. The cameras use AI to monitor employees’ location, movement, and biometric information. Amazon reportedly forced employees to sign a biometric information consent form or risk losing their jobs. Amazon’s overbroad surveillance is just one example of bossware use that causes privacy violations.

Public Sector Worker Privacy

When the government is the employer, workers cannot be stripped of their privacy rights in the same way as those in the private sector. For example, a government employee’s constitutional rights typically extend to their workplaces, including their right to speak and associate freely, be free from unreasonable searches and seizures, and seek redress when these rights are violated. Also unlike private employees, majority of government employees are not employed at will—there has to be a recognized and legitimate reason (a “just cause”) for disciplining or discharging them. In short, unless it impacts their ability to serve the public, a government employee cannot be placed under persistent electronic surveillance or be fired for their beliefs or criticisms of the government.

But beginning in January 2025, the federal workforce has been under constant attack by an administration intent on destabilizing workers and privatizing the federal programs those workers keep running. Since then, the Trump administration and the so-called Department of Government Efficiency (“DOGE”) have ramped up surveillance of federal employees, forced their way into the agency responsible for managing worker information, illegally withdrawn collective bargaining agreements with unions, forced civil servants into at-will positions, and conducted illegal mass firings. Several sources report the use of AI to carry out these attacks.

In February, EPIC and a government worker—working together with counsel from Democracy Forward—filed suit against the Treasury Department, the Office of Personnel Management, and DOGE for their violations of the Privacy Act, the Internal Revenue Code, and the Fifth Amendment right to information privacy. That case is ongoing.

EPIC’s Work to Protect Employee Privacy

In addition to advocating for federal privacy legislation, EPIC has filed complaints, FOIAs, and comments and testified in support of state bills to protect the privacy and rights of workers.

EPIC and NIWR’s Worker Surveillance Project 

In February 2026, EPIC and the National Institute for Workers’ Rights (NIWR) launched a project to investigate how employers use workplace monitoring tools to disrupt or prevent worker organizing. To kick off the effort, EPIC and NIWR released a survey to connect with workers who have had firsthand experience seeing workplace surveillance negatively impacting collective action. 

Once enough responses have been collected, EPIC and NIWR will select a group of workers to interview about their experiences. The interviews will be used to create a report that documents instances of employer meddling and retaliation against workers for attempting to organize with their coworkers. Have something to share? Fill out this form.  

Advocating Against Harmful Practices in Complaints to the FTC

In November 2019, EPIC filed a complaint with the Federal Trade Commission and the DC Attorney General against HireVue alleging that the recruiting company had committed unfair and deceptive practices in violation of the FTC Act. EPIC charged that HireVue falsely denied it uses facial recognition and failed to comply with baseline standards for AI decision-making, such as the OECD AI Principles and the Universal Guidelines for AI.

HireVue represented that it conducted video-based and game-based “pre-employment” assessments of job candidates on behalf of employers. These assessments employed facial recognition technology and proprietary algorithms. HireVue stated that it collects “tens of thousands of data points” from each video interview of a job candidate, then purportedly inputs these thousands of personal data points into “predictive algorithms” that allegedly determine each job candidate’s “employability.”

HireVue did not give candidates access to their assessment scores or the training data, factors, logic, or techniques used to generate each algorithmic assessment. HireVue marketed its recruiting tools as a way to eliminate biases in the hiring process, but hiring algorithms are more likely to be biased by default. HireVue represents that it builds algorithmic models for employers based on data from top performers, a method which can perpetuate past hiring biases.

Following EPIC’s complaint, HireVue halted its use of facial recognition software.

Investigating Treatment of Federal Workers Through Freedom of Information Act Requests

EPIC has also used the Freedom of Information Act to investigate and combat the Trump administration’s attacks on the federal workforce through Freedom of Information Act requests. In EPIC v. OPM, we’re fighting for records on the covertly installed Government-Wide Email System (GWES) and OPM’s consolidation of information on federal workers. OPM avoided our request and laid off its FOIA staff to improperly dodge requests. After we filed suit, OPM agreed to begin processing records.

In May, EPIC launched a second investigation into the alleged screening of federal worker communications for signs that a worker is critical of President Trump or his administration—a blatant violation of federal workers’ privacy and constitutional rights.  Both investigations are ongoing.

Fighting for Protections in Regulation and Legislation

EPIC has worked with state lawmakers and privacy regulators across the country to ensure that privacy and ADS regulations include strong protections for workers.

In written comments, EPIC encourages regulators, including the Equal Employment Opportunity Commission and the Office of Science and Technology Policy, to combat worker surveillance or discrimination carried out by ADS or other tools. In 2024, EPIC urged international regulators to place an outright ban on the use of emotion recognition technology in the workplace. Most recently, EPIC pushed California to adopt stronger regulations on cybersecurity, risk assessments, and ADS.

EPIC has testified in several states, including California, Maryland, New Mexico, New York, Virginia, and Connecticut, urging lawmakers to put guardrails around the use of ADSs to make employment decisions affecting workers and to give workers rights if AI is used to make decisions about them. EPIC also testified at a 2023 New York Assembly hearing on the intersection of labor and AI, urging lawmakers to focus on the many unique risks workers face when emerging technologies are used unregulated in the workplace.