CFPB warns industry against ‘deeply invasive’ workplace digital surveillance

The Consumer Financial Protection Bureau (CFPB) put industry on notice Thursday, warning companies against improperly using digital surveillance and artificial intelligence tools to spy on staff.

Companies that use third parties to analyze and compile information harvested from digital badges, artificial intelligence and other electronic workplace surveillance tools could be violating the Fair Credit Reporting Act (FCRA), according to new guidance issued by the agency.

Under the FCRA, employers using third party consumer reports must obtain workers’ consent for the monitoring and are required to be transparent about how they use data to penalize employees, a CFPB press release said. Management also must allow workers to dispute inaccuracies.

The guidance only applies to third-party assessments, but includes those based on data gleaned from digital surveillance tools employers require workers to use such as monitoring apps installed on their phones.

“With the rise of AI, the data harvested about us can be used to power models and scores, put us in different categories, grade us on who we are, sometimes by just guessing,” CFPB Director Rohit Chopra said in a Thursday speech. “I have serious concerns about how these background dossiers and reputation scores are being used in hiring, promotion and reassignment.” 

Chopra noted that those dossiers also can be sold for profit.

Department of Labor Secretary Julie Su joined Chopra for the announcement and said it is critical that “humanity, empathy, compassion, human ingenuity” are not “sacrificed at the altar of AI” in the workplace.

“When workers’ data is collected or created by AI, our principles make it very clear that it should be limited in scope ... and it should be protected and handled responsibly,” Su said, referring to a workplace AI roadmap released by the agency on Oct. 16.

The consumer reports employers commission based on data they collect through digital surveillance tools could reveal private information that management has no right to know, including, for example, whether a given employee has been a steward in a union, Chopra said.

The data some employers collect to “score” employees is often generated by “opaque algorithms,” Chopra said.

“That makes it even more suspicious,” he added.

In many health care settings, nurses are now required to wear badges outfitted with digital tracking devices, Chopra said, offering one example of how workplace surveillance is used. The data collected is often given to a monitoring company that uses AI to track metrics, Chopra said.

Grading nurses on how much time they spend in patient rooms fails to capture “the reality and complexity of nursing, missing the time when the nurse is discussing symptoms with a colleague on the next shift, or when answering questions from a patient's family,” Chopra said.

The danger, Chopra said, is that incomplete data points are used by third party companies to create inaccurate reports that unfairly hurt individuals’ careers. A nurse could even be unable to get a job at another hospital if it uses the same monitoring company that her employer does, he said.

Jamie Brown, a critical care nurse who is president of the country’s largest nurse union, appeared alongside Chopra and Su and said that employer surveillance technologies are invasive.

She recalled how a previous employer used digital badges to track her team and “could even tell how long we spent in the bathroom.”

The hospital industry has already widely adopted technologies that harness AI, she said.

“Many of these technologies are marketed as tools to improve patient care, but in fact, they track the activities of healthcare workers like me and frequently violate our privacy and the privacy of our patients,” she added. 

Algorithms also rely on inaccuracies to dictate patient care and staffing, she said.

“Those decisions seem driven by a desire to lower labor costs,” she added.