Microsoft, UnitedHealth Apps Pose Risks to Worker Privacy, Bypass HIPAA Requirements
WASHINGTON, D.C. – More than 50 apps, wearables and other technologies marketed as workplace surveillance tools to combat COVID-19 have been released since the pandemic began, and they pose an alarming threat to worker privacy, a new report from Public Citizen found. These new surveillance and contact tracing technologies institute intrusive mass surveillance, forcing workers to either accede to dystopian levels of surveillance or risk losing their jobs.
“The default setting of most workplace surveillance apps is mass surveillance by design,” warned Burcu Kilic, digital rights program director for Public Citizen and author of the report. “The speed at which these new privacy-shredding technologies have been unleashed is alarming, especially given that none of them have been proven to be effective at mitigating the spread of COVID-19.”
The report found that these new technologies are currently being used by at least 32 employers to track at least 340,000 workers, and they are available to as many as 14,000 additional employers with nearly 4 million additional workers. These technologies are putting workers’ rights in jeopardy by tracking, monitoring and collecting personal data – including health data – and sharing it with employers, creating new cybersecurity risks.
For example, Microsoft and UnitedHealth Group’s ProtectWell app sends COVID-19 diagnostic test results directly to the employer, bypassing the worker. Other apps don’t treat workers’ data as being subject to the requirements of the Health Insurance Portability and Accountability Act (HIPAA), meaning the data does not have to be securely handled and protected in accordance with HIPAA’s health information privacy provisions.
“In a work setting, where activities are governed by a contractual or power relationship, many workers must either accept the new high-tech workplace surveillance or risk losing their jobs,” the report reads. “Without sufficient government regulation and guidelines, employers using these technologies are invading workers’ privacy to varying degrees.”
The report also describes what the apps are and how they work, highlighting specific privacy concerns. It concludes with a checklist of best practices for employers as they consider whether to introduce surveillance technologies into their workplaces.