Skip to Content

Privacy & Data

Strategies to Tackle Bossware’s Threats to the Health & Safety of Workers

This is the third and final entry in a series of follow-up posts relating to CDT’s July 2021 report, Warning: Bossware May Be Hazardous to Your Health. The report discussed some of the reasons that existing health and safety laws might not be adequate to protect workers, and some alternative policy approaches that might address those shortcomings.

This post expands on that discussion by examining some of the potential policy responses to bossware with greater precision and depth, arguing that pursuing all of these approaches in tandem would be the best way for workers’ advocates to push back against the threats that bossware poses.

As our report demonstrates, employers’ increasing–and increasingly exploitative–use of bossware represents a significant threat to workers’ well-being. But as other commentators have explained, the same technologies threaten to inflict other types of harms on workers as well, including violations of privacy, discrimination against (and even targeting of) marginalized groups, and increasing the information and power advantage that companies already enjoy over workers.

A key premise underlying our report is that laws protecting workers’ health and safety, particularly the Occupational Safety and Health (OSH) Act and the Americans with Disability Act (ADA), provide the best route to using existing laws to challenge harmful uses of bossware. But as the report and a related blog post noted, the ADA’s relatively narrow scope and the OSH Act’s shaky enforcement mechanisms mean that these laws likely will not be adequate to fully address the risks that bossware poses to workers.

As Part III.C of the report argued, a complete solution will require advocates to work toward policy solutions on multiple fronts and from multiple angles. This post briefly lays out four key approaches that advocates should pursue. 

Approach 1: Enhancing and improving enforcement of health and safety laws

  • Description: This approach, which was the focus of CDT’s bossware report, would target the most harmful consequences of exploitative uses of bossware by leveraging laws that protect workers’ health and safety
  • Examples
    • OSHA adopting new standards that target the specific health and safety threats that bossware poses to workers, particularly those relating to job strain, repetitive motion injuries, and fatigue
    • OSHA enforcing its standards more rigorously, particularly in home office environments (which currently are effectively exempt from OSHA enforcement)
    • EEOC, DOJ, OFCCP, and other agencies aggressively enforcing the ADA’s reasonable accommodation requirements and prohibition against disability discrimination to curtail uses of bossware systems that target or inherently disadvantage disabled workers
  • Benefits 
    • Would not require any sweeping new legislation and could be enforced by agencies using existing grants of authority
    • ADA in particular requires proactive action by employers to avoid technologies and practices that discriminate against disabled workers
    • Moving forward, the same standards and principles could be applied to all new workplace tech that threatens worker health/safety.
  • Drawbacks
    • While the OSH Act theoretically protects all workers, its relatively weak enforcement mechanisms and OSHA’s chronic funding and staffing shortages mean that the OSH Act has been (and likely will remain) inadequate to fully protect workers’ health and safety.
    • While some estimates place the number of workers with disabilities at a fifth or more of the population, that still means that the vast majority of workers are not disabled and thus are not entitled to ADA protection.

Approach 2: Targeting harmful employer practices

  • Description: Instead of focusing on negative outcomes for workers, focus on the employer practices that generate those outcomes, such as:
  • Examples
  • Benefits
    • More direct than the health/safety approach, and broader in some ways, since the same employer practices can have multiple harmful effects
      • For example, efforts to eliminate breaks and downtime simultaneously increases the risk of several different negative health effects, including job strain, repetitive motion injuries, and the gastrointestinal and sanitary problems that can occur when workers delay using the restroom.
    • Also helps protect against harmful effects to workers’ autonomy and dignity (not just health/safety)
  • Drawbacks
    • There’s a goldilocks problem in describing employer practices–too vague, and you risk sweeping in normal/innocuous practices. Too specific, and it’s easy for employers to find loopholes or develop alternatives.
    • Because it is based on circumscribing specific employer practices rather than granting broad rights to workers, the legislation or associated regulations would have to be updated frequently to keep pace with new employer practices.

Approach 3: Targeting the tech

  • Description: Regulate the manufacturing, sale, or use of particular technologies, through (e.g.) licensing requirements, use restrictions, or outright bans.
  • Examples
    • There is no notable legislation pending along these lines, but potential approaches might include:
      • Requiring worker surveillance tools to include features that notify workers that they are being monitored
      • Establishing a licensing regime for companies that sell products that collect certain information about workers
      • Create liability for vendors (perhaps jointly with employers) that offer products with features that violate laws, like those that automatically dock worker pay
  • Benefits
    • The other approaches are generally aimed at employers; this could be used to ensure that vendors have an incentive to prevent exploitative uses of their technology as well
  • Drawbacks
    • Many of the same drawbacks that would arise from circumscribing employer practices–difficulty in specifying the exact technologies, might be easy for vendors to develop their products around laws, etc
    • Employers might be able to achieve same level of monitoring by combining various pieces of unrelated (or seemingly innocuous) tech or developing their own

Approach 4: Comprehensive worker privacy legislation

  • Description: Would give workers a concrete right and expectation of privacy in the workplace, and allow employers to surveil workers and collect data on workers only for specific purposes and under specific circumstances.
  • Examples
    • The California Consumer Privacy Act (CCPA) extends its protections to workers, though employers are currently exempt from the CCPA’s requirements until 2023
    • Section 204 of the proposed Massachusetts Information Privacy Act (MIPA) includes strong workplace privacy protections
    • The Worker Privacy Act proposed by the Georgetown Center on Privacy and Technology would create a federal workplace privacy framework, along with a new division in the Department of Labor charged with enforcing it.
  • Benefits
    • Can target both the employer practices and underlying tech, thus creating a belt-and-suspenders approach
    • Would be much harder for employers and vendors to circumvent, because it shifts the burden from the workers (who now must prove that an employer practice is prohibited) to employers (who would then have to prove its practice fell within a specific exception to the general rule against surveillance)
  • Drawbacks
    • Would constitute a sea-change in law for employer/worker relationship, and may meet the stiffest resistance from employers.
    • Broad-based enforcement might be difficult, particularly early on, because no existing agencies are currently equipped to investigate or enforce workplace privacy laws.

The struggle to protect workers’ health, safety, privacy, and dignity in the face of intrusive new workplace technologies will not be a sprint, nor even a marathon. It will be more akin to an extended multisport race such as an ironman triathlon, having to compete over extended periods in multiple arenas.

Such an “all-of-the-above” approach is the best way to ensure that workers are protected in both the short- and long-term. The ultimate solution would likely be general worker privacy legislation (Approach 4), but such legislation may not be viable at the federal level (or in many states) for at least several years. Consequently, leveraging existing laws (as in Approach 1) and pushing for narrow legislation that targets the most exploitative employer practices and technologies (Approaches 2 and 3) will be essential to advance workers’ interests in the near-term. And, of course, there may well be yet other policy approaches not listed in this document that advocates may prove effective as well.

Different coalitions of labor, privacy, and civil rights organizations will undoubtedly be needed to effectively push each approach forward–few, if any, organizations have the breadth of legal and technical expertise necessary to lead the charge on all four fronts. Advocates should therefore start sharing information and developing collaborative strategies as soon as possible. Bossware is becoming more ubiquitous by the day, and the threat bossware systems pose to workers will keep growing unless and until workers’ advocates succeed in altering the policy playing field.