Pauline Kim, Washington University in Saint Louis, School of Law, has published Data Mining and the Challenges of Protecting Employee Privacy Under U.S. Law at 40 Comparative Labor Law & Policy Journal 405 (2019). Here is the abstract.
Concerns about employee privacy have intensified with the introduction of data mining tools in the workplace. Employers can now readily access detailed data about workers’ online behavior or social media activities, purchase background information from data brokers, and collect additional data from workplace surveillance tools. When data mining techniques are applied to this wealth of data, it is possible to infer additional information about employees beyond the information that is collected directly. As a consequence, these tools can alter the meaning and significance of personal information depending upon what other information it is aggregated with and how the larger dataset is analyzed. With data mining, individual privacy may be threatened not by the types of information actually collected, but because of what can be inferred from it. This poses a challenge for the law, which often conceptualizes the harm of privacy intrusions in terms of the sensitivity or highly personal nature of information collected or disclosed. This article explores this dilemma by examining three examples of employee privacy protection under US law: anti-discrimination law’s protection of medical and genetic information, the common law privacy tort’s protection of embarrassing or humiliating intrusions or disclosures, and the Fair Credit Reporting Act’s protection against erroneous data. These laws all rest on the assumption that particular information can be identified as problematic and protected. However, because data mining techniques can infer new information, this approach will be largely ineffective in addressing the privacy threats posed by these technologies.
Download the article from SSRN at the link.