Our proposal is based upon five principles, with the fifth principle being centered on worker data protection—specifically, that the use of new technologies in the workplace should be aligned with international human rights standards and protect the privacy and nondiscrimination rights of workers.
Data protection is rarely discussed during dialogue about the need for a new social contract, but we included it for two simple reasons: firstly, the existing social contract was developed in the pre-digital world, not today’s data-rich environment; secondly, a modern social contract must address a whole host of new risks and opportunities arising from how employee data are collected, shared, and used. The COVID-19 pandemic is shining an even brighter light on this challenge by both increasing the significance of worker health data and obscuring the distinction between the home and the workplace.
We believe that a 21st-century social contract needs to address three main concerns:
- Privacy: Monitoring and surveillance may be considered acceptable to protect worker and customer health, safety, and security, but the use of digital tools to track the productivity, wellness, or emotional state of an employee raises important questions about reasonable expectations of privacy in the workplace—and at home for those working remotely.
- Non-discrimination: New digital tools could accentuate existing workplace discrimination and increase risks for workers from vulnerable groups. For example, monitoring how many times employees leave their workstation during a workday could discriminate on the basis of religion, disability, or pregnancy status, while the use of sentiment analysis to provide insights into an individual’s facial expressions or body language during hiring risks discrimination based on gender, race, ethnicity, or other physical characteristics.
- Human dignity: The use of digital tools to collect data, analyze signals, and inform decisions raises novel issues around human dignity, autonomy, control, self-worth, and well-being—for example, whether employees should reasonably expect to have their movements tracked as a metric to gauge productivity or whether insights into employee motivation and workplace satisfaction derived from psychological or sentiment analysis are a reasonable expectation of employment.
Furthermore, we note that violation of rights to privacy and non-discrimination impacts other rights too, such as freedom of expression, freedom of assembly, freedom of religion, and the right to favorable conditions of work.
A diverse range of workplaces—warehouses, factories, offices, call centers, mines, entertainment venues, restaurants, transit centers, and homes—will increasingly deploy digital tools, and this both increases the significance of worker data protection and makes it more challenging to realize in practice. We need to consider three key concepts as we endeavor to strengthen 21st-century social contracts in relation to worker data protection.
- Informed consent. Informed consent is defined by both participation (i.e. the ability to participate in decisions) and empowerment (i.e. the ability to understand both risks and rights when consenting). It will be essential that workers are able to provide informed consent for how their data are collected, processed, and used by employers. The formal contracting process that underpins the employer/worker relationship provides a well-defined pathway for providing informed consent, but this may not exist for informal workers.
- Power and vulnerability. There are power dynamics in all employer/worker relationships, and the data-driven digital economy alters this dynamic in significant ways. While the employer has access to an increasing array of data, the most vulnerable workers—those without real options to “walk away”—have the fewest choices open to them and are less able to understand their rights and risks when consenting. Beyond informed consent, this disparity needs to be addressed with clear rules governing what employers are simply not allowed to do.
- Addressing different worksites. The data protection risk-and-opportunities profile will vary significantly across different industries, job types, and workplace environments, including workplaces in the context of new business models, such as gig workers, online sellers, and other novel forms of income generation. These need to be understood individually, for example via assessments into the social, economic inclusion, and the potential human rights impacts of disruptive technologies.
One of the most revealing elements of our research to inform the 21st-century social contract was the lack of international norms for workplace data protection in the context of a data-rich world. For example, while the International Labour Organization (ILO) published a code of practice providing guidance on the protection of workers’ personal data in 1997, there is no ILO convention or recommendation covering workplace data protection, privacy, and non-discrimination issues in a modern setting.
As the use of workplace technologies evolves, new norms, laws, and regulations will be needed to manage the way disruptive technologies are deployed in the workplace. Technology providers, employers, labor organizations, governments, and civil society organizations all have an important role to play in the dialogue around what these new norms can and should be. As workplace monitoring and surveillance become increasingly commonplace, it will be important for employers to collaborate with labor organizations to define clear boundaries and a social consensus for data protection in the modern workplace.