The Fine Line of Tracking Employee Time Legally in the US

Written by Asim Qureshi
By Asim Qureshi, CEO Jibble

April 14th 2023

It’s no secret that anything related to individual data privacy is a BIG deal. With the proliferation of interconnected devices, people are more and more anxious about having some type of control over this privacy.

Big corporations are increasingly getting into hot water for the manners in which they handle user data, and now they’re being sued left, right, and center over concerns for privacy, security, consent, accuracy, and discrimination. 

The results of these lawsuits vary, but they often lead to settlements or fines. Facebook, now Meta, settled a $650 million lawsuit about their face-tagging feature and about 1.6 million people in Illinois who use the app are gonna get around $350 each from the settlement. TikTok, for one, has had to recently resolve a class-action lawsuit for $92 million in relation to tracking its users’ data.

This does not come as a surprise – I mean, who wants their every move online to be monitored by some corporation? 

While such cases relate to unauthorized tracking, companies that track their employees legally through the use of various tools are also facing lawsuits. 

But what exactly are they being sued for?

In this article, I will go through:

  • The Legality of Employee Tracking
  • Laws in Violation when Tracking Employees
  • Public Lawsuits
  • Final Thoughts

Can you track your employees?

Employee monitoring involves observing, tracking, or recording employees’ work-related activities, behaviors, and communications while they are on the job. This can be done through tools such as employee monitoring software, time and attendance software, video surveillance, GPS tracking, and biometric technology.

US courts have generally held the view that employers have the right to monitor their employees in the workplace, provided that the monitoring is conducted in a reasonable manner and does not violate the employees’ privacy rights. 

Still, the specific legal standards and requirements for employee monitoring vary depending on the state, industry, and nature of the monitoring itself. 

Some states have enacted specific laws that regulate employee monitoring, such as the California Invasion of Privacy Act (CIPA) or the Electronic Communications Privacy Act of 1986.

Basically, the legal landscape surrounding time tracking and employee monitoring is more complex than whether you just can track your employees or not. 

Laws in violation when tracking employees

The legal system has been working to catch up with modern employee tracking methods and tools, but the pace of change varies by jurisdiction and can be slow in some cases.

In the US, there is a patchwork of federal and state laws that govern employee monitoring. These are primarily and commonly invoked in US courts in relation to employee monitoring or tracking cases. They include:

  • The Fourth Amendment – The Fourth Amendment is a provision of the United States Constitution that safeguards individual privacy and prevents the government from conducting searches and seizures without a proper justification. It requires that warrants be issued only upon probable cause and that the warrant be specific in describing what is to be searched or seized. The Fourth Amendment applies to all levels of government, including federal, state, and local authorities.
  • The Electronic Communications Privacy Act (ECPA) – The Electronic Communications Privacy Act (ECPA) is a federal law that regulates the interception of wire, oral, and electronic communications while being made, in transit, or stored on computers. The ECPA was passed by the US Congress in 1986 to address concerns about privacy in electronic communication technologies which were not addressed in the Fourth Amendment and applies to email, telephone conversations, and data stored electronically. Prior to the ECPA, the Federal Wiretap Act prohibited the interception of spoken communications but there was no clear legal standard for electronic communication interception.
  • The Stored Communications Act (SCA) – On a federal level, the Stored Communications Act (SCA) is part of the Electronic Communications Privacy Act and governs the access and disclosure of electronic communications, namely emails and messages transmitted via electronic communications platforms that are stored, and not in transit to their intended recipients. It prohibits unauthorized access to a facility through which an electronic communication service is provided and the electronic communications stored on that facility.
  • The Biometric Information Privacy Act (BIPA) – Passed in 2008, the Biometric Information Privacy Act (BIPA), an Illinois state law, regulates the collection, use, and storage of biometric data, including fingerprints, facial recognition, and iris scans. BIPA compels companies to obtain written consent from individuals before collecting their biometric data and mandates them to protect the security and confidentiality of the data. Statutory damages under BIPA can be significant. For each negligent violation of the law, the individual can recover damages of up to $1,000. For each intentional or reckless violation, the individual can recover damages of up to $5,000.

To what extent can you actually monitor your employees?

I share with you now a number of cases related to employee monitoring which could be helpful in understanding how the above-mentioned laws may be invoked in court proceedings and how they may serve each case:

Lawsuits Related to the Collection of Employees’ Biometric Information

1. Topgolf Settles $2.6M Class Action Lawsuit Over Finger Scan

In March 2019, a Class Action Complaint was made by a class of former employees and filed by Thomas Burlinski alleging that entertainment company Topgolf violated the Illinois Biometric Information Privacy Act (BIPA) by collecting and disclosing their biometric data through a finger-scan timekeeping system. The violation was said to be in three manners:

  1. Collection of biometric fingerprint identifiers and information without obtaining informed written consent as per BIPA
  2. Possession of biometric data with no publicly available data retention schedule and destruction policy
  3. Disclosure of biometric data to a third-party timekeeping vendor without consent

Despite Topgolf denying the allegations, the US District Court for the Northern District of Illinois approved a $2,633,400 settlement agreement between both parties. The settlement award would be distributed among more than 2,600 class members and amounts to $990 per person.

Key lessons from this case:

  1. The collection of biometric information is not what the employer is particularly being held liable for in court proceedings but rather the failure to obtain written consent before such collection and provide adequate disclosures and guidelines.
  2. Employers must obtain written consent from employees before collecting their biometric data.
  3. Employers must provide guidelines for collecting, storing, retaining, and destroying employee biometric data.
2. Walmart Reaches $10M Settlement in Biometric Privacy Lawsuit 

In a lawsuit filed in 2019, Ethan Roach, a former employee of American multinational retail corporation Walmart filed a class action lawsuit alleging the retailer required him to use a palm-scanning device when checking out and returning cash register drawers without obtaining his written permission, violating the Biometric Information Privacy Act (BIPA). A $10 million settlement was reached between the parties applying to former and current employees in Illinois who had used palm scanners to access cash recycler systems without giving their written consent between Jan 28, 2014, and when the scanners stopped being used on Feb 28, 2018, at Walmart stores and on April 24, 2019, at Sam’s Club stores. The class of people involved in the lawsuit is estimated to be around 21,677, which would translate to a compensation of $461.32 per person.

Key lessons from this case:

  1. Companies need to obtain written consent from their employees before collecting and storing their biometric data, such as fingerprints or palm scans, under the Biometric Information Privacy Act (BIPA).
  2. Failure to obtain written consent can result in expensive class-action lawsuits and settlements.
  3. Employers need to be aware of the state laws in which they operate and implement policies that comply with these regulations to avoid costly legal disputes.

Lawsuits Related to Monitoring Employee Conversations 

When it comes to employers monitoring their employees’ personal conversations to track how they are spending their time, the practice becomes ethically and legally complex in particular.

3. City of Ontario Monitors Employee Text-message Pager

In 2010, employees of the City of Ontario, California police department filed a claim alleging Fourth Amendment rights violations in relation to the police department’s search of text messages made by an employee, Mr. Quon, on a city-issued text-message pager. The claim was filed in a California federal district court against the police department, city, chief of police, and an internal affairs officer.

The district court sided with the police department and determined that the search was justified and did not infringe upon the Fourth Amendment rights of the officer. This was based on the following reasons:

  1. No expectation of privacy: Although the city did not have an explicit privacy policy for text messaging, it had a computer usage policy that explicitly stated that employees should have no expectation of privacy when using company resources, including email and internet use, reserving the right for monitoring and logging all network activities. This policy was communicated to employees, including Mr. Quon, who used the text-messaging pagers.
  2. Reasonable search: The court determined that the search of Mr. Quon’s text messages was reasonable because it was conducted for a legitimate work-related purpose and was not excessively intrusive. The search was limited to text messages sent and received during work hours and was only conducted after a supervisor became concerned that Mr. Quon was using the pager for personal use during work hours.
  3. No violation of Fourth Amendment: The court ruled that the search did not violate Mr. Quon’s Fourth Amendment rights because he had a reduced expectation of privacy due to the city’s policy and because the search was reasonable under the circumstances. The court also found that the search was not a significant intrusion on Mr. Quon’s privacy interests.

Key lessons from this case:

  1. Having clear policies regarding electronic communications in the workplace and clearly defining privacy expectations for employees is a must for employers.
  2. Employees should not have an expectation of privacy when using company resources, including email and internet use.
  3. Employers can monitor electronic communications, but the search must be conducted for a legitimate work-related purpose and should not be excessively intrusive.
4. Pure Power Boot Camp’s Industrial Espionage Lawsuit Turns into Employee Privacy Lawsuit

The lawsuit of Pure Power Boot Camp (PPBC) and Warrior Fitness Boot Camp is particularly interesting as it concerns a non-compete dispute that later became a matter of the privacy of stored emails. In 2007, two employees of PPBC left to establish their own fitness facility and allegedly took customer lists and other materials. PPBC made a court claim after accessing four personal email accounts belonging to the former employees and reading 546 emails within nine days, accusing the employees of stealing the business model, customers, and internal documents, breaching their fiduciary duties as employees, and infringing on the company’s trademarks, trade dress, and copyrights.

The employees made a counterclaim accusing PPBC of violating the New York Labor Law, the Stored Communications Act (SCA), and the Electronic Communications Privacy Act (ECPA), among other claims by reading the emails that were accessible because the username and password information were left stored on PPBC’s computers. The court determined that accessing these accounts violated the federal SCA and that the employees were eligible to receive $4,000 in statutory damages. However, the court concluded that there was no violation of the ECPA as “interception” under the ECPA must occur simultaneously with transmission and does not apply to stored data. The court denied both motions in all other respects.

Key lessons from this case:

  1. This case is particularly notable as it highlights how privacy counterclaims can significantly impact the outcome of a case.
  2. Improperly obtained employee tracking data used as evidence in court may not be admissible and may lead to potential legal consequences of violating privacy laws.
  3. Employers must have a clear privacy policy for electronic communications to avoid labor law violations.
  4. Employees should not share their username and password information with their employers.
5. Pillsbury Terminates Employee’s Contract After Email Monitoring

Michael A. Smyth, an employee at-will, asserted that his employer, Pillsbury Co, a cake manufacturer, wrongfully terminated his employment as a regional operations manager after intercepting his email and finding its content inappropriate and unprofessional. The employee claimed the employer had made a promise not to read employee emails or take disciplinary action based on email content.

The court rejected the argument and determined that there was not a reasonable expectation of privacy when communicating over the company email system. Even if such an expectation existed, the court found that the interception was not a substantial and highly offensive invasion of privacy. The court also found that the company’s interest in preventing inappropriate or illegal activity over its email system outweighed the employee’s privacy interest in the communications.

Key lessons from this case:

  1. These court decisions align with the prevailing law in most jurisdictions, which states that employees cannot reasonably expect privacy while using company property or resources.
  2. Employers can usually monitor their employees’ activities on company-owned equipment or systems, as long as it serves a legitimate business purpose and is not overly intrusive.
  3. Employers should be open about their monitoring practices and abide by relevant laws or regulations. 

Lawsuits Related to Tracking Employees through GPS

The legality of GPS tracking can depend on the specific circumstances of each case. In most cases, employers may use GPS tracking devices to monitor company-owned vehicles or other equipment used by employees during the course of their work. Employers may also be able to use GPS tracking to monitor employees who work in remote or hazardous locations, or who are required to travel for work. 

However, in general, employers must obtain the employee’s consent before using GPS tracking, and they must provide notice of the tracking to the employee. There are also limits to the types of information that employers can collect through GPS tracking. Employers cannot use GPS tracking to monitor an employee’s personal activities or to collect information about an employee’s religion, political views, or other protected characteristics.

6. Lawsuit Filed Against Intermex for Compulsory GPS Tracking via Work Management App

Myrna Arias, a call center employee, filed a lawsuit against her employer, Intermex Wire Transfer, in 2015. The lawsuit was based on her employer allegedly forcing her to download a work management app, Xora, on her company-issued smartphone. Arias claimed that the app tracked her movements even during her personal time, and she was fired for uninstalling it. Arias’ lawsuit included multiple charges, such as invasion of privacy, violations of the California Constitution and California Labor Code, wrongful termination, and unfair business practices. She sought more than $500,000 in damages to make up for lost earnings and wages.

The case made headlines across various news outlets, including the Guardian and CNN, and ultimately was settled outside of court, raising red flags pertaining to compulsory tracking, unlawful termination, and labor law violations.

Key lessons from this case:

  1. The use of compulsory tracking technology in the workplace is questionable and should be carefully considered and evaluated. Employees have a right to privacy and may have concerns about their personal data being collected and used.
  2. Employers must follow proper termination procedures and ensure that they do not discriminate against employees based on protected characteristics. If an employee believes they have been terminated unlawfully, they have the right to pursue legal action.
  3. Employers must comply with labor laws and regulations. Failure to do so can result in legal action and negative publicity.
  4. Employers should ensure that they have appropriate policies and procedures in place to comply with labor laws and to protect their employees’ rights.
7. Coca-Cola Bottling Places GPS Trackers in Employees’ Vehicles

In an investigation of cash shortages, the Coca-Cola Bottling Co of St Louis placed GPS trackers inside of several company-owned vehicles assigned to employees, including a van assigned to Leon Elgin, who was employed as a service technician. After the investigation, Elgin was informed that the GPS tracker had been placed on his vehicle but that he had been cleared of any wrongdoing. He received no discipline and continued to work for the company with no change in his job duties or job conditions. Elgin sued the company claiming that he was discriminated against based on race and that the company had invaded his privacy by investigating him with a GPS tracker, invoking Fourth Amendment rights. The Supreme Court ruled in favor of the company and held that a person traveling in an automobile on public thoroughfare has no reasonable expectation of privacy in his movements from one place to another. The Court also ruled that the installation of a tracking device did not invade Elgin’s legitimate expectations of privacy and thus was not a “search” or “seizure” within the contemplation of the Fourth Amendment.

Key lessons from this case:

  1. Employers should be cautious when using GPS tracking devices on their employees. While the Supreme Court ruled in favor of the Coca-Cola Bottling Co of St Louis, companies should still be aware of potential privacy concerns and consider alternative methods of investigation before resorting to GPS tracking.
  2. It is important for employers to treat employees equally and avoid any discrimination based on race or any other protected characteristic. In this case, Elgin claimed that he was discriminated against based on race, which could have resulted in serious legal and reputational consequences for the company had the court ruled in his favor.
  3. The Fourth Amendment protects against unreasonable searches and seizures, but the Supreme Court has held that there is no reasonable expectation of privacy in movements on public thoroughfares. This means that employers may have more leeway to use GPS tracking on company-owned vehicles that are used on public roads.
  4. The use of GPS tracking should be balanced against employee privacy concerns and the potential for negative impacts on employee morale and productivity.
  5. Companies should consider implementing clear policies and procedures for GPS tracking, and employees should be informed and given the opportunity to express any concerns or objections.
8. New York Department of Labor’s Employee Termination after GPS Tracking

Michael Cunningham, who was the director of staff and organization development at the New York Department of Labor (DOL), was terminated from his position based on evidence gathered by a GPS device planted by his employer. In 2008, the DOL secretly put the tracker in Cunningham’s personal vehicle to check if he was filling out his time sheets accurately. The device tracked Cunningham and his family for over a month, including during non-working hours and while they were on vacation out of state. At a hearing to decide if Cunningham’s dismissal was justified, the GPS evidence was used against him over his objections, and the hearing officer referred to the GPS data over 20 times in his decision.

In this legal case, Cunningham requested that the court declare that the DOL’s use of a GPS device was a breach of the New York Constitution and the Fourth Amendment’s protection against unjustified searches and seizures. Additionally, he sought a ruling that the GPS evidence should not have been taken into account by the hearing officer and requested for the reversal of the DOL’s decision to fire him and for his restoration to his former job.
In 2013, the New York State Court of Appeals ruled unanimously that the DOL had violated the law by placing the GPS tracking device on Cunningham’s car and monitoring his movements outside of working hours. The Court found that the DOL’s use of the GPS device was “excessively intrusive” and that the agency had no legitimate reason to track Cunningham’s activities during his personal time.

Key lessons from this case:

  1. Employers should not use GPS tracking devices to monitor employees’ activities during non-working hours without a legitimate reason.
  2. The use of GPS tracking devices should comply with state and federal laws regarding privacy, including the Fourth Amendment.
  3. Employees have the right to challenge evidence obtained through GPS tracking devices in legal proceedings and argue that their use violates their privacy rights.
  4. Employers should have clear policies regarding the use of GPS-tracking devices, and employees should be aware of the circumstances under which they may be monitored.
  5. The legality of GPS tracking is a complex issue that depends on the specific context and circumstances. While the Coca-Cola Bottling Co case finds the GPS-tracking of the employee to be reasonable and not infringe privacy expectations, this case holds an opposing verdict and finds it to be excessively intrusive with no legitimate basis.

Final thoughts

Privacy continues to be a major concern for internet users in 2023, as technology companies continue to collect vast amounts of personal data and face increasing scrutiny over how they use it.

While employers today have a whole host of cool gadgets at their fingertips to keep tabs on their employees and while these tools can certainly boost productivity and efficiency, they also bring up some serious privacy concerns. 

Employers need to be ultra-vigilant about using these tools in a way that’s legal and not too invasive. They should always ask for employees’ consent before using these tools, set up clear guidelines for how to use them, and keep employee data secure.

By striking the right balance between technology and privacy, employers can create a workplace that’s transparent, respectful, and highly productive!

Understanding the legal implications of employee time tracking is a must for mitigating the risk of lawsuits and ensuring compliance with employment laws.