Data Protection

Workplace Privacy


Technology has greatly increased employers’ ability to monitor employees both at work and outside of work. Throughout the COVID-19 pandemic, telework technologies have blurred the lines between business and personal, public and private.


Workers are exposed to many types of privacy-invasive monitoring while earning a living. Employers do have an interest in monitoring in order to address security risks, sexual harassment, and to ensure the acceptable performance of employees. However, these activities may diminish employee morale and dignity, and increase worker stress.

Many workers are not protected with due process guarantees against arbitrary discharge. Absent state law or contract, employers can often dismiss an employee for any reason, or no reason, even if the decision to terminate is based on false information.

At the same time, increased employee monitoring powers raise the risk that false or biased inferences can be drawn about employee contact. An employee network-monitoring appliance can detect access to the inappropriate site, but not the intent of the employee. With these new monitoring tools and potential to draw false inferences, it is important now more than ever for employees to have comprehensive privacy protections, including basic due process protections–the right of notice of the violation and some “opportunity to be heard.”


Bossware is employers’ use of software and electronic tools, usually placed on an employee’s device, that track and monitor their employees. Some examples include closed-circuit video monitoring, Internet monitoring and filtering, E-mail monitoring, instant message monitoring, automatic time tracking, phone monitoring, location monitoring, personality and psychological testing, and keystroke logging. Some bossware send employees’ location information, screenshots of their devices, or emails directly to the employer. There are even bossware services that allow employers to remotely active employees’ webcams and microphones without their knowledge.

Bossware often subjects employees to serious privacy invasions and employees have little to no choice as to whether they should be surveilled if they want to continue their employment. As the Center for Democracy and Technology reported, bossware can actually harm employees’ health and wellbeing. Bossware encourages a faster-paced work environment, which can lead to an increase of physical injuries and mental health problems.

Amazon installed machine learning-powered surveillance cameras in its delivery vehicles. These cameras, which are always on, purportedly monitor employees and provide feedback as they make deliveries. The cameras use AI to monitor employees’ location, movement, and biometric information. Amazon reportedly forced employees to sign a biometric information consent form or risk losing their jobs. Amazon’s overbroad surveillance is just one example of bossware’s privacy violations.

Employee Privacy in the COVID-19 Pandemic

With the increase of telework during the COVID-19 pandemic, use of surveillance software has reportedly increased 50%. Remote work and telework is here to stay. Even as offices transition to hybrid models and employees return to their offices, employees are working from home more than ever. The U.S. needs comprehensive privacy legislation and a dedicated agency devoted to data privacy to protect workers from the surveillance overreach of bossware.

EPIC’s Work to Protect Employee Privacy

In addition to campaigning for federal privacy legislation, EPIC has filed complaints to protect the privacy of workers. In November 2019, EPIC filed a complaint with the Federal Trade Commission against HireVue alleging that recruiting company HireVue has committed unfair and deceptive practices in violation of the FTC Act. EPIC charged that HireVue falsely denies it uses facial recognition. EPIC also said the company failed to comply with baseline standards for AI decision-making, such as the OECD AI Principles and the Universal Guidelines for AI. The company purports to evaluate a job applicant’s qualifications based upon their appearance by means of an opaque, proprietary algorithm.

HireVue represented that it conducted video-based and game-based “pre-employment” assessments of job candidates on behalf of employers. These assessments employed facial recognition technology and proprietary algorithms. The company stated that its algorithmic assessments will reveal the “cognitive ability,” “psychological traits,” “emotional intelligence,” and “social aptitudes” of job candidates HireVue stated that it collects “tens of thousands of data points” from each video interview of a job candidate, including but not limited to a candidate’s “intonation,” “inflection,” and “emotions.” HireVue purportedly inputed these thousands of personal data points into “predictive algorithms” that allegedly determine each job candidate’s “employability.”

According to HireVue, 10% to 30% of a candidate’s score was based on facial expressions and the remainder of the score is based on the language used. HireVue did not give candidates access to their assessment scores or the training data, factors, logic, or techniques used to generate each algorithmic assessment. HireVue marketed its recruiting tools as a way to eliminate biases in the hiring process, but hiring algorithms are more likely to be biased by default. HireVue represents that it builds algorithmic models for employers based on data from top performers, a method which can perpetuate past hiring biases.

Following EPIC’s complaint, HireVue halted its use of facial recognition software.

Recent Documents on Workplace Privacy

Support Our Work

EPIC's work is funded by the support of individuals like you, who help us to continue to protect privacy, open government, and democratic values in the information age.