Employers today have numerous tools at their disposal to monitor workers’ behavior and communications. Outdated federal regulations and an administration that prioritizes employers’ interests over employees’ rights mean that workers have to submit to intrusive employer surveillance, even in their own homes, or risk losing their jobs.

As digital applications and their associated data collection have expanded, so too has employers’ ability to monitor workers’ behaviors and communications in increasingly intrusive ways:

The Covid-19 pandemic has brought privacy concerns to the forefront. Those now working from home may be subject to a wide range of employer monitoring, including logging keystrokes, which applications are used and which web pages are visited, while Zoom users can be subject to its attention-tracking feature, notifying a supervisor if meeting attendees go more than 30 seconds without Zoom being in focus on their screens.

Microsoft recently analyzed work patterns to measure how employees were adjusting to remote work. The research team utilized the workplace analytics tools built into Microsoft’s 365 platform, as well as email, calendar entries, and instant messages. Although the researchers anonymized the data, this exercise demonstrates the amount of data about personal work habits available to employers.

Meanwhile, there is a push to develop smartphone contact tracing apps. Amnesty International examined contact tracing apps from Europe, the Middle East, and North Africa and found that many ran roughshod over people’s privacy, with highly invasive surveillance tools that go far beyond what is justified in efforts to tackle Covid-19. Politico concluded that the US has its own unique vulnerabilities: a fragmented collection of apps, tiny state cybersecurity budgets, and stalled legislation in Congress that makes federal government rules unlikely anytime soon.

Between employer-provided laptops and personal smartphones connecting to workplace WiFi, there are numerous opportunities for real-time, continuous collection of personal data by employers. And in the United States, weak, outdated, or essentially non-existent laws give employers practically unfettered rights to monitor their workers.

In the United States, a person’s right to privacy is limited to a reasonable expectation of privacy. Notify workers their communications can be monitored and they no longer have any expectation of privacy in those communications. Meanwhile, federal laws protecting electronic communications were enacted before the commercialization of the internet and proliferation of email, let alone smartphones and social media. So you can’t expect them to offer any practical protections.

Only in truly exceptional circumstances have courts found an invasion of privacy in the workplace: cameras in the bathroom; breaking an employee-provided padlock to search a workplace locker; or hacking into an employee’s personal email account. But if you send a text message to a personal friend while your smartphone is connected to your employer’s system, your employer probably has the legal right to intercept and review that message.

Federal labor law, namely, the National Labor Relations Act (NLRA), addresses employee digital monitoring only indirectly. Section 7 of the NLRA gives employees the right to engage in “concerted activities” for the purpose of mutual aid or protection. And Section 8(a)(1) of the NLRA makes it an unfair labor practice for an employer to interfere with, restrain, or coerce employees in their exercise of their Section 7 rights. 

This means that employers cannot discipline or fire employees who band together to address a workplace issue, such as delayed or missing paychecks, late-hour store closing policies in a dangerous neighborhood, or potentially discussing joining a union. What the law does not protect is simply griping about a supervisor or co-workers.

“In the United States, weak, outdated, or essentially non-existent laws give employers practically unfettered rights to monitor their workers.”

Critical to determining whether an employer has engaged in an unfair labor practice for disciplining or firing an employee over a social media post is whether the employee was engaging in protected concerted activities or merely complaining about work. At the heart of Section 7-protected concerted activities is the notion of group activity. Until last year, an organized group was not required; merely protesting in front of co-workers terms and conditions of employment common to all employees was sufficient for protection. Trying to rally co-workers around a workplace issue on Facebook was generally considered a concerted activity protected by the NLRA.

In January 2019, the National Labor Relations Board (NLRB), which enforces the NLRA, and newly reconstituted under the Trump administration, narrowed this approach to concerted activities. Merely discussing a workplace issue in front of other employees or supervisors is not enough. There must be evidence the disciplined employee was communicating a formulated group complaint to management in a formal setting, or at least preparing to do so.

In other words, spontaneous statements in an informal setting, such as in social media posts, are less likely to be considered protected concerted activities.

Employees are often disciplined or fired because their social media posts have violated an employer’s social media policy. Therefore, courts and the NLRB focus on whether the employer’s social media policy, as written, interferes with employees’ Section 7 rights. Many companies’ social media policies do not directly prohibit protected Section 7 rights, but may do so indirectly by, for example, prohibiting posts that criticize the company or co-workers.

Under the Obama administration’s NLRB, ambiguous social media policies were often invalidated because employees could reasonably construe them as inhibiting Section 7 rights. For example, the NLRB’s Office of General Counsel has in the past declared unacceptable the following social media policies:

  • Prohibiting the release of confidential information [could reasonably be construed as prohibiting employees from discussing and disclosing information regarding their own conditions of employment, as well as the conditions of employment of employees other than themselves];
  • Ensuring posts are completely accurate and not misleading [could reasonably be construed by employees that inaccurate posts could not still be protected];
  • Don’t post if you believe your post may violate a company policy [could reasonably be construed by employees that the employer’s permission was required before posting any information];
  • Think carefully about “friending” co-workers [could reasonably be construed as discouraging communications among co-workers]; and
  • Prohibiting discussion of workplace issues in a forum generally accessible by the public [could reasonably be construed as prohibiting discussion of terms and conditions of employment with non-employees].

The Trump administration’s NLRB has adjusted the scrutiny of whether employees would reasonably construe the language in a policy to prohibit Section 7 activity. Even where a rule may be reasonably construed to limit Section 7 activity, the rule’s business justification use must also be considered. The rule will not be struck down if its business justification outweighs any potential adverse impact on protected rights. 

In other words, the employer’s interests trump (no pun intended) employee’s rights.

In 2014, recognizing that email can serve as a gathering place akin to an employee breakroom or cafeteria, the Obama administration’s NLRB held that employers cannot prohibit employees from using the company’s email system for communications related to Section 7 concerted activities during non-working time. But in 2019, the Trump administration’s NLRB overruled this holding. Now, employers can prohibit non-work use of their communications equipment except where the use of such equipment is the only reasonable means for employees to communicate with one another during the workday.

The NLRB has long held that it is not an unfair labor practice for an employer to notify its employees that it monitors (or reserves the right to monitor) computer and email use for legitimate management reasons and that employees may have no expectation of privacy in their use of the employer’s email system. However, an employer that changes its monitoring practices in response to union or other protected concerted activity will violate the NLRA. 

To what extent will the current NLRB enforce this policy? Employers may soon test its limits. The Intercept recently reported that when Facebook debuted features of its Facebook Workplace, an intranet-style chat and office collaboration product similar to Slack, it highlighted a tool that allows administrators to remove and block certain trending topics among employees. The example used: the word “unionize.” 

Under the employment-at-will doctrine, nearly 95 percent of US workers can be fired at any time for any or even no reason. The Electronic Communications Privacy Act, enacted in 1986 and so far unmodified, exemplifies Congress’s lack of interest or inability to update privacy laws. The fluctuating state of labor law, exemplified by the NLRB influenced by whoever is in the White House, resembles a constantly swinging pendulum —not unlike Edgar Allan Poe’s—with respect to employee workplace protections. 

With the asynchronous power dynamic between worker and employer, coupled with notice provisions that destroy any expectation of privacy, workers have no choice but to submit to intrusive employer surveillance, sometimes in their own home and at the cost of their job.