PREETA BHAGATTJEE and BRADLEY WORKMAN-DAVIES: AI monitoring in the workplace could pose privacy risk
Popia reinforces the principle that employers should avoid excessively intrusive monitoring that could violate personal privacy
29 November 2024 - 05:00
byPreeta Bhagattjee and Bradley Workman-Davies
Support our award-winning journalism. The Premium package (digital only) is R30 for the first month and thereafter you pay R129 p/m now ad-free for all subscribers.
The effect of artificial intelligence (AI) on the workplace is a rapidly evolving field of study, and SA can look to other countries where cutting-edge AI technologies are already being used to enhance, improve and monitor employee performance and productivity.
How these other countries are responding to these developments can be instructive for SA employers. In this regard it is noteworthy that the US Consumer Financial Protection Bureau (CFPB) is intensifying efforts to regulate workplace surveillance against growing employee concerns of privacy infringement.
The CFPB has observed companies using third-party monitoring tools to assess performance and collecting biometric and personal data without transparent consent. The CFPB’s oversight of this area in terms of the US Fair Credit Reporting Act (FCRA) grants workers the right to know and contest any data that is collected that relates to them.
By applying the FCRA, the CFPB has exercised its jurisdiction over monitoring technology to prevent unfair profiling and misuse. In partnership with the US department of labour, the CFPB’s guidelines advocate that both employees and contractors must be informed of tracking practices, given the chance to dispute inaccuracies, and when necessary be assured of data deletion.
The concern about AI-driven surveillance risks, such as “black box” algorithms scoring employees on effectiveness and productivity, is the unintended consequence of hindering work environments by creating stress and anxiety, which creates dangerous work environments.
Such tools can collect sensitive information, including stress levels, body temperature and location data. US healthcare and retail sectors have raised specific concerns that AI monitoring can detract from the quality of patient care or create high-pressure environments.
A further concern is that organisations rarely provide employees clear information on how data that may be collected influences performance assessments, leading to job insecurity.
Despite these issues the CFPB and US department of labour have emphasised that protecting employees’ privacy rights does not conflict with technological innovation. Instead, the aim is to establish ethical standards for monitoring, ensuring that modern tech developments do not erode existing employee protections.
The National Employment Law Project, a US-based nonprofit advocacy organisation dedicated to strengthening workers’ rights, and other labour organisations, has said transparency around data usage, deletion protocols and error correction is essential to prevent workplace technology from infringing on worker rights.
Overall, the CFPB’s guidance signals a critical step towards reining in unchecked surveillance, balancing organisational oversight with essential privacy and labour law protections that allow US employees to limit potentially unfair or excessive monitoring practices by their employer.
In SA, the CFPB’s intervention into employee monitoring in the US is particularly relevant under the Protection of Personal Information Act (Popia), which enshrines the right to privacy and regulates the collection, use or processing of personal data. Employers using AI-driven surveillance and monitoring tools in SA would need to justify their monitoring practices under Popia’s principles of transparency, data minimality and lawfulness, ensuring only necessary data is collected and used for legitimate purposes.
In addition, employers would need to ensure that any such monitoring is carried out with the required express consent of the employee, as contemplated in the Regulation of Interception of Communications & Provision of Communication-Related Information (Rica) Act, or at least that such monitoring of employee communications is lawful under the provisions of Rica that allow an employer to do so in respect of communications by employees that are made in the course of carrying on the business of the employer.
In any circumstances, care needs to be taken to manage use of AI tools that perform these monitoring functions, especially where they are used for profiling, automated decision-making about the employee (such as for performance management, salary increases and incentives or promotions) and/or to collect and analyse biometric information or other sensitive information.
Caution is also advised where the lines blur between information collected in relation to employee work activities and productivity and accessing employee health information (stress levels, vitals) and information relating to their personal life (information on employees’ home environments or family/personal matters where work from home activities are tracked). Employees must have the right to know what data is collected, how it is being processed, and to challenge inaccuracies or overreach, similar to the Fair Credit Reporting Act in the US.
Popia reinforces the principle that employers should avoid excessively intrusive monitoring that could violate personal privacy, particularly where technologies track sensitive information. In line with the spirit of Popia, employers in SA should ensure that employee surveillance does not foster a coercive or mistrustful environment, emphasising a balanced approach where employee rights to privacy co-exist with the legitimate interests of workplace management.
As technologies evolve, the principles of Popia remind SA employers of the imperative to uphold privacy in the workplace, even as they seek to incorporate performance-monitoring tools.
• Bhagattjee is head of technology & innovation, and Workman-Davies director, at Werksmans Attorneys.
Support our award-winning journalism. The Premium package (digital only) is R30 for the first month and thereafter you pay R129 p/m now ad-free for all subscribers.
PREETA BHAGATTJEE and BRADLEY WORKMAN-DAVIES: AI monitoring in the workplace could pose privacy risk
Popia reinforces the principle that employers should avoid excessively intrusive monitoring that could violate personal privacy
The effect of artificial intelligence (AI) on the workplace is a rapidly evolving field of study, and SA can look to other countries where cutting-edge AI technologies are already being used to enhance, improve and monitor employee performance and productivity.
How these other countries are responding to these developments can be instructive for SA employers. In this regard it is noteworthy that the US Consumer Financial Protection Bureau (CFPB) is intensifying efforts to regulate workplace surveillance against growing employee concerns of privacy infringement.
The CFPB has observed companies using third-party monitoring tools to assess performance and collecting biometric and personal data without transparent consent. The CFPB’s oversight of this area in terms of the US Fair Credit Reporting Act (FCRA) grants workers the right to know and contest any data that is collected that relates to them.
By applying the FCRA, the CFPB has exercised its jurisdiction over monitoring technology to prevent unfair profiling and misuse. In partnership with the US department of labour, the CFPB’s guidelines advocate that both employees and contractors must be informed of tracking practices, given the chance to dispute inaccuracies, and when necessary be assured of data deletion.
The concern about AI-driven surveillance risks, such as “black box” algorithms scoring employees on effectiveness and productivity, is the unintended consequence of hindering work environments by creating stress and anxiety, which creates dangerous work environments.
Such tools can collect sensitive information, including stress levels, body temperature and location data. US healthcare and retail sectors have raised specific concerns that AI monitoring can detract from the quality of patient care or create high-pressure environments.
A further concern is that organisations rarely provide employees clear information on how data that may be collected influences performance assessments, leading to job insecurity.
Despite these issues the CFPB and US department of labour have emphasised that protecting employees’ privacy rights does not conflict with technological innovation. Instead, the aim is to establish ethical standards for monitoring, ensuring that modern tech developments do not erode existing employee protections.
The National Employment Law Project, a US-based nonprofit advocacy organisation dedicated to strengthening workers’ rights, and other labour organisations, has said transparency around data usage, deletion protocols and error correction is essential to prevent workplace technology from infringing on worker rights.
Overall, the CFPB’s guidance signals a critical step towards reining in unchecked surveillance, balancing organisational oversight with essential privacy and labour law protections that allow US employees to limit potentially unfair or excessive monitoring practices by their employer.
In SA, the CFPB’s intervention into employee monitoring in the US is particularly relevant under the Protection of Personal Information Act (Popia), which enshrines the right to privacy and regulates the collection, use or processing of personal data. Employers using AI-driven surveillance and monitoring tools in SA would need to justify their monitoring practices under Popia’s principles of transparency, data minimality and lawfulness, ensuring only necessary data is collected and used for legitimate purposes.
In addition, employers would need to ensure that any such monitoring is carried out with the required express consent of the employee, as contemplated in the Regulation of Interception of Communications & Provision of Communication-Related Information (Rica) Act, or at least that such monitoring of employee communications is lawful under the provisions of Rica that allow an employer to do so in respect of communications by employees that are made in the course of carrying on the business of the employer.
In any circumstances, care needs to be taken to manage use of AI tools that perform these monitoring functions, especially where they are used for profiling, automated decision-making about the employee (such as for performance management, salary increases and incentives or promotions) and/or to collect and analyse biometric information or other sensitive information.
Caution is also advised where the lines blur between information collected in relation to employee work activities and productivity and accessing employee health information (stress levels, vitals) and information relating to their personal life (information on employees’ home environments or family/personal matters where work from home activities are tracked). Employees must have the right to know what data is collected, how it is being processed, and to challenge inaccuracies or overreach, similar to the Fair Credit Reporting Act in the US.
Popia reinforces the principle that employers should avoid excessively intrusive monitoring that could violate personal privacy, particularly where technologies track sensitive information. In line with the spirit of Popia, employers in SA should ensure that employee surveillance does not foster a coercive or mistrustful environment, emphasising a balanced approach where employee rights to privacy co-exist with the legitimate interests of workplace management.
As technologies evolve, the principles of Popia remind SA employers of the imperative to uphold privacy in the workplace, even as they seek to incorporate performance-monitoring tools.
• Bhagattjee is head of technology & innovation, and Workman-Davies director, at Werksmans Attorneys.
JONATHAN ELCOCK: AI chatbot technology reshapes customer service infrastructure
JOHAN STEYN: Prompt to action: the next frontier of AI automation
JOHAN STEYN AND SHENANDA JANSE VAN RENSBURG: Preparing for the age of misinformation and deepfakes, a guide for business leaders
LUNGILE MASHELE: AI’s power consumption and role in energy transition
JOHAN STEYN: Unlocking potential: how AI is redefining internal auditing
Would you like to comment on this article?
Sign up (it's quick and free) or sign in now.
Please read our Comment Policy before commenting.
Most Read
Published by Arena Holdings and distributed with the Financial Mail on the last Thursday of every month except December and January.