CFPB warns companies against unchecked digital tracking

The Consumer Financial Protection Bureau recently warned companies against unlimited digital surveillance of employees. Issued Oct. 24, the guidance called on companies to follow the Fair Credit Reporting Act when using third-party consumer reports, including background dossiers and surveillance-based algorithmic or “black box” AI scores.

The Consumer Financial Protection Bureau recently warned companies against unlimited digital surveillance of employees. Issued Oct. 24, the guidance called on companies to follow the Fair Credit Reporting Act when using third-party consumer reports, including background dossiers and surveillance-based algorithmic or “black box” AI scores.

According to the CFPB, some employers require workers to install applications on their personal phones to monitor their conduct. Automated data can be used to assess worker performance, historical patterns and availability and be utilized to reassign team members. 

Such reports can also flag potential performance issues and lead to automated recommendations or warnings without direct human oversight, according to the bureau. Some reports could include a review of workers’ social media presence, potentially impacting hiring decisions.  

 “This includes assessing the likelihood of workers engaging in union organizing activities or estimating the probability that a worker will leave their job, potentially influencing management decisions about staff retention and engagement strategies,” according to the CFPB. 

Employers must secure worker consent, be transparent about how data is used in unfavorable decisions, and allow workers to dispute erroneous information, according to the CFPB. Employers are also banned from selling the data on the open market to use it to market financial products to their workers. 

“The kind of scoring and profiling we’ve long seen in credit markets is now creeping into employment and other aspects of our lives,” said CFPB Director Rohit Chopra. “Our action today makes clear that longstanding consumer protections apply to these new domains just as they do to traditional credit reports.”

Fredrikson & Byron Law