Future Research

Research Questions to Advance Knowledge of Practices & Impacts of Workplace Monitoring Platforms

  1. Worker-Consumer Parallel: How are workers treated as consumers through workplace monitoring platforms?

  2. Authorities: How do existing laws and authorities apply to workplace data abuses?

    • Consumer Protection Laws

    • Privacy Laws

    • Labor and Employment Laws

    • Anti-Discrimination and Civil RIghts Laws

    • Competition Laws

    • FCRA and comparable state credit reporting statutes

    3. Dormant or Under-used Authorities: Which agencies (federal, state, local) dormant or under-used authority over different forms of worker data abuse and misuse?

  3. Fair Credit Reporting Act: How are algorithmic worker scores applicable under the FCRA when they are used to make hiring, firing, promotion, or scheduling decisions?

  4. Consent: How and why is employee consent to workplace surveillance structurally invalid, and what alternative legal frameworks – beyond notice-and-consent – can effectively govern the collection and use of worker data?

  5. Privacy Laws: What are the potential challenges of state privacy laws – and how should these laws be updated to reflect modern workplace realities? E.g. To what extent can workplace biometric data collection – such as facial recognition, voice prints, etc. – violate statutes (e.g. Illinois Biometric Information Privacy Act)?

  6. Obligations to disclose: What responsibilities do publicly traded companies have in disclosing risks associated with workplace surveillance in regulatory filings?

  7. Cross-use practices. What are the current ways that worker data is being used by data brokers? How is workplace data "mixed" with consumer data in ways that amplify the risks of potential harm? To what extent does the infusion of workplace data (with consumer data), make those risks even more pronounced? How is workplace data current [priced] as compared to consumer data? Is it more valuable? Is workplace data purchased by more specialty data brokers or more multilateral use data brokers?

  8. Business model: To what extent do bossware companies advertise or try to monetize the sharing of data as part of its value proposition for investors, etc.? How do bossware companies advertise, communicate to data brokers about the value of this data? How do data brokers advertise the inclusion of workplace data to potential purchasers of data sets that include this data? Do workplace data (or data that includes workplace data) get priced higher? Do data brokers have any ability to identify and manage what comes from consumer sources vs workplace – if so what and how?

  9. Data sharing and selling practices. Using available information, which third parties does the company share or sell data to, and what specific purposes or use cases are associated with each of these data-sharing relationships?

  10. Data collection and aggregation practices. Using available information, from which third-party sources does the company collect or acquire data, and what types of data are obtained from each source? For what purposes is this externally sourced data collected and used?

  11. Disclosures. How do the platform disclose its data uses and practices to users (e.g. within the app or platform, via legal documents, and public materials)? Where and how are these disclosures presented (e.g. onboarding flows, settings menus, privacy dashboards, pop-up boxes, etc.)? How do these disclosures represent the platform’s actual data practices?

  12. Productivity Scoring and Data Errors. Does the company generate productivity scores or similar metrics to evaluate worker performance that may influence discipline or termination decisions? If so, how does the company say they generate these scores? What mechanisms exist for workers to access, contest, or correct such data? Is there any available evidence of workers successfully using these mechanisms following disciplinary action or termination?

  13. Consumer-Worker Data Breaches. Have any relevant companies experienced data breaches, and if so, what were the details of these incidents? In particular, did these breaches occur in consumer-facing systems, workforce systems, or both, and was worker-related data incidentally or directly compromised as part of a broader breach? What types of data were exposed in each case, and what actions did the company take to mitigate harm, notify affected individuals, and assume responsibility?

  14. Data Uses. Using available information, does the company or its platforms use worker data – directly or through third parties – for any of the following purposes? If so, what categories of worker data are used, how are they connected to job functions, and what default settings and opt-out mechanisms are available to workers?

    • AI or machine learning model training

    • Marketing, advertising, licensing, or monetization

    • Emotion-related, biometric, or behavioral inferences (e.g., fatigue, stress, mood)

  15. How does “continuous location monitoring,” even while “on the clock” become problematic, especially in contexts where workers' economic reality involves multiple employers and continuous mobility? What are some examples of this?

  16. Data inputs and pay-setting platforms. What are the data types, sources of data, and data processing tools that are being used in, or as a part of, compensation or work-allocation algorithms? How do you know these are used or why do you believe they are being used? How are workers able to see, challenge or correct data used to determine their pay, promotion, disciplinary action, or other decisions?

Updated regularly · External blog