More

    Summary of Updated Employee Rights under the California Consumer Privacy Act

    Data Privacy

    Introduction

    Employers across the U.S. are increasingly adopting electronic monitoring and algorithmic management tools to oversee their workers. These data-driven technologies significantly affect several aspects of employment, including screening job applicants, assessing performance, and making promotion or disciplinary decisions. Despite this trend, many workers remain virtually unprotected from the invasive nature of these technologies. It’s clear that new laws are essential to establish worker technology rights that fit the 21st-century workplace.

    A notable development in this area began in early 2023, when California workers gained substantial rights regarding their workplace data under the California Consumer Privacy Act (CCPA), which has since been bolstered by the California Privacy Rights Act. Originally established for consumer protection, the CCPA now extends its provisions to workers, providing them with crucial rights that address privacy concerns in the modern work environment.

    Worker Rights Under the California Consumer Privacy Act (CCPA)

    As of January 1, 2023, the CCPA includes workers, offering various rights designed to protect personal information. Here are some of the key aspects:

    Who is Covered by the CCPA?

    The CCPA applies to workers at for-profit companies doing business in California that meet certain criteria:

    • Companies with over $25 million in gross annual revenue.
    • Businesses that buy, sell, or share the personal information of at least 100,000 consumers or households.
    • Companies deriving 50% or more of their annual revenue from selling or sharing consumer data.

    Notably, the definition of “workers” encompasses employees, independent contractors, job applicants, and former employees. Even third-party labor subcontractors are not exempt; they must follow the same regulations.

    What are Workers’ Rights Under the CCPA?

    Workers can exercise several essential rights under the CCPA:

    • Right to Know: Workers can be informed when their employers collect data about them.
    • Right to Access: They have the ability to request their data.
    • Right to Correct and Delete: Workers can request corrections or deletion of their data.
    • Right to Opt-Out: They may choose to opt out of their data being sold or shared.
    • Right to Limit Use of Sensitive Data: Workers can restrict how their sensitive data is utilized.
    • Protection from Retaliation: The law protects workers from retaliation for exercising these rights.

    Future regulations may expand the rights related to automated decision-making, further strengthening worker protections.

    What Data Does the CCPA Cover?

    Under the CCPA, personal information includes data that can be linked to an individual worker, such as:

    • Personal IDs
    • Employment-related data
    • Social media data
    • Biometric input
    • Geolocation data

    Sensitive personal information covers various aspects, including Social Security numbers, health data, union membership, and more.

    How is the CCPA Enforced?

    The California Privacy Protection Agency (CPPA) is the primary body responsible for enforcing the CCPA, empowered to investigate potential violations and impose fines. Although the California Attorney General can also enforce the act, there’s currently no private right of action unless there’s a data breach, which limits individuals’ ability to sue for violations.

    Accessing Data Under the CCPA

    A primary method for workers to exert their rights under the CCPA is by making data access requests. Understanding the information collected by employers enables workers to monitor their data and its implications on their work environment.

    Content of Response to Data Request

    Upon a data access request, employers must provide:

    • The categories of data collected over the last year.
    • The sources from which that data was collected.
    • The business purpose behind the data collection.
    • Specific pieces of data alongside categories of data sold or shared with third parties.
    • This data must be provided in a “readily usable format” for workers to transfer if they wish.

    Submission and Verification

    Employers must have at least two methods for submitting data requests, one of which should be a toll-free number. Other options may include email or an online submission portal.

    Employers are also required to verify the worker’s identity, utilizing existing authentication processes where applicable.

    Response Timeline

    Once a request is made, businesses must respond within 10 days, outlining how the request will be processed. The complete data must be provided within 45 days, with possible extensions totaling up to 90 days.

    Case Studies of Data Access Requests

    Several organizations are beginning to leverage data access requests to enhance workers’ rights under the CCPA. Notably, the U.S. has historically offered limited data rights compared to the EU, which has mandated worker data rights since 2018 under the General Data Protection Regulation (GDPR). Below are two case studies that illustrate the potential of data access requests.

    Worker Info Exchange

    The Worker Info Exchange (WIE) is a European organization focused on advocating for digital rights for workers and their unions. The organization aims to build worker data trusts that allow for collective bargaining power.

    WIE has facilitated over 500 data access requests and has encountered widespread noncompliance with data protection laws, which hinder transparency. Consequently, they pursued strategic litigation under the GDPR to obtain corporate data and insights regarding automated decision-making processes.

    For instance, in collaboration with the App Drivers & Couriers Union, WIE took legal action against Uber and Ola to demand compliance with data access requests. The Amsterdam Court of Appeals ruled in favor of transparency in automated decision-making systems, leading to action that can potentially set wider industry standards related to data rights.

    Amazon Warehouse Workers with UNI Global Union

    UNI Global Union represents millions of workers worldwide and has been actively promoting data protection rights in the service sector. In May 2023, UNI released a report regarding the implications of algorithmic management on workers while providing guidance on leveraging legal frameworks for collective bargaining.

    In a collaboration with the European data rights group NOYB, UNI organized data access requests by Amazon warehouse workers across several countries. By seeking transparency about the data collected and its implications for automated decision-making, they hope to challenge harmful practices by Amazon.

    Despite initial delays, Amazon ultimately responded to these requests, and UNI is evaluating the next steps in advocating for workers’ rights.

    These cases illustrate the emerging landscape of data rights for workers in the U.S. and beyond, showcasing how access to information can empower individuals in the increasingly data-driven world of work.

    Latest articles

    Previous article
    Upcoming Week: Mergers, Dividends, and Stock Splits
    Next article
    Monterey Bay Initiative for Drone, Automation, and Robotics Technology Secures Funding – Santa Cruz Sentinel

    Related articles

    Leave a reply

    Please enter your comment!
    Please enter your name here

    Popular

    Popular articles

    Featured

    Popular categories

    Cybercrime88Corporate News77Generative AI77Operating Systems76Robotics75Wearables73

    © Copyright - Tbh.technology