Firms say surveillance tech protects them and boosts the bottom line, but unions warn it is too easy for employers to collect intimate, personal data and use it against their workers
BRUSSELS, June 23 (Thomson Reuters Foundation) – From Swedish retailer H&M being fined 35 million euros ($42 million) for recording employees' private data to Britain's Barclays bank accused of spying on its staff, workplace surveillance has come into the spotlight in recent months.
On Wednesday, the European Trade Union Institute (ETUI), the European Trade Union Confederation's research arm, said planned regulation by the European Union (EU) to improve privacy does not do enough to stop companies from snooping on their workers in the name of security and efficiency.
As artificial intelligence (AI) technology becomes ever more accessible and sophisticated, here's why unions are worried:
What kind of surveillance are we talking about?
Employee monitoring today can involve software programmes for live monitoring, streaming and recording more than a dozen employees' computer screens at a time.
Keystrokes, chat programmes, instant messaging and Skype dialogues may also be monitored and recorded in real time.
Firms can also track staff movements using ID badges with biometric measuring capabilities, hire intelligence analysts to tail union organisers, monitor email lists and Facebook groups and use data mapping to counter unionisation drives.
Is such surveillance justified?
Software manufacturers say their surveillance is needed to help businesses increase productivity, support staff facing burnout, identify slackers and protect against security threats.
But Aida Ponce Del Castillo, an ETUI researcher, said a line should be drawn between employee monitoring and intrusive surveillance, which can be partly defined by who it targets, the volume and type of information it gathers and for how long.
She said over the phone that the line is crossed when monitoring "involves scraping the intimate life of a person - your behaviour, emotions, whether you're speaking loud or not, what words you use in communication...".
What does the law say?
The General Data Protection Regulation (GDPR), which took effect in the EU in May 2018, is designed to protect the privacy rights of the bloc's citizens.
It sets some limits on the ways personal information can be collected and proscribes employee monitoring without prior notification.
But unions question its enforceability and say workers may not have the knowledge, expertise or power to challenge monitoring clauses in an employment contract.
Many businesses also view dismissals based on automated technology without human oversight as unacceptable.
"The general principle of business is to be transparent and get that consent from the employee (to be monitored) when using keystrokes and location data," one industry official said on condition of anonymity, as he was speaking without permission.
Ponce Del Castillo said she was in the process of dealing with two cases in Europe of multinationals that inappropriately used data-loss protection programmes - intended to staunch leaks of sensitive information - against workers.
The programmes created risk profiles of employees, signalled behaviour that was "out of the norm" and sent alerts that could lead to disciplinary measures, she said.
The EU is currently debating an AI Act which would crack down on what it refers to as "high-risk" uses of AI surveillance, such as live biometric facial recognition systems.
The ETUI report said this would create de facto authorisation for employee monitoring, which is judged to be "low risk".
What are the unions doing about it?
The ETUI is calling for an EU directive to deal with the use of AI in workplaces, separate from the AI Act.
One EU official told the Thomson Reuters Foundation that such a directive was "always a possibility" as a sector-specific complement to the Act.
Ponce Del Castillo said staff surveillance could mushroom due to the boom in remote working during the COVID-19 pandemic.
"With the increase in telework, I suspect that a growing number of companies may have started using intrusive surveillance software and possibly taken the risk of doing so without informing workers," she said.
"The world of work has changed, and we are not going back to 2019."
($1 = 0.8376 euros)
Regulate AI or risk 'dehumanisation' at work, British unions say
Tech's long COVID-19: What privacy battles will define 2021?
INSIGHT-The gig workers taking legal action to regain control of their data
(Reporting by Arthur Neslen @ArthurNeslen, Editing by Jumana Farouky and Katy Migiro. Please credit the Thomson Reuters Foundation, the charitable arm of Thomson Reuters, that covers the lives of people around the world who struggle to live freely or fairly. Visit http://news.trust.org)
((Arthur.Neslen@thomsonreuters.com; Mob: +32 492 759973;))