Thursday, October 31, 2019

Must you tell employees when you are surveilling their devices?

It’s unusual these days for an employee not to have a device issued by their employer, or on which they can access their employer’s information — cell phones, tablets, laptops, and other computing devices.

Conventional wisdom (California notwithstanding), is that if the employer owns the device, the employee has zero privacy rights in that device, its use, or the information stored on it.

That conventional wisdom, however, might be changing.

The Federal Trade Commission just announced the settlement of charges it had brought against the developer of certain “stalking” apps.

What is a stalking app? It’s one that runs surreptitiously in the background of a device so that the user of that device does not know that the app is tracking their physical movements and online activities.

In this case, the apps in question “allowed purchasers to monitor the mobile devices on which they were installed without the knowledge or permission of the device’s user.” The apps also came with instructions so that the purchaser could remove the app’s icon from appearing on the mobile device’s screen so that the device’s user would not know the app was installed on the device.”

Notably, one of the apps, MobileSpy, was specifically marketed to monitor employees.

The Settlement Agreement and Consent Order [pdf] specifically addresses the employment concerns raised by the app.

Prior to the sale or distribution of any Monitoring Product or Service, Respondents must obtain … [a]n express written attestation from the purchaser that it will use the Monitoring Product or Service for legitimate and lawful purposes by authorized users. The express written attestation must state the legitimate and lawful purpose for which the purchaser is using the device, which may include only the following: … 2. Employer monitoring an employee who has provided express written consent to being monitored….

In other words, while the FTC brought this case against the company that developed, marketed, and sold the stalking apps, the settlement specifically prohibits that company from selling the apps to an employer unless the employer certifies, in writing, that it will only use the apps to monitor employees who have provided express written consent to being monitored.

Legally speaking, this development is very interesting. The law is figuring out how to catch up to advancements in technology.

Practically speaking, I’m wondering why employers aren’t already obtaining consent before tracking their employees. In my mind, this issue raises a fundamental question of the type of employer you want to be, and the type of relationship you want to foster with your employees. Do you want to be an employer that is open and honest with your employees, that operates on trust? Or do you want to be an employer that slinks around behind your employees’ backs and breeds dishonesty and distrust? I know how I answer this question. How you answer it says a lot about who you are as an organization.

* Photo by Matthew Henry on Unsplash