By Dylan Chidick

            Since the start of the twenty-first century, employers have increased their monitoring of employees to track productivity.^[1] This practice dates to the early days when employers hired a group called “The Pinkertons” to conduct workplace surveillance.^[2] Now employers can monitor every click, movement, and even biometric signal of their employees.[3] Employers have expanded to monitoring employees even in their own homes, thanks to the rise of remote work.

            This blog argues that the law should officially establish a fiduciary relationship between employees and employers when it comes to handling workplace data. Since no such duty currently exists, this proposal outlines what that duty entails, the relationship it should replicate, and how the legislative or judicial branch can implement the proposed law.

The Current Framework

            In the United States, there is no single, comprehensive federal law that strictly limits employee surveillance. Instead, federal statutes indirectly regulate workplace monitoring by prohibiting its use in ways that violate specific employee protections.

            The main law governing the interception of communications is the Electronic Communications Privacy Act (“ECPA”). While this law governs electronic surveillance, in practice, it provides little protection for employees. Congress enacted the ECPA in 1986,[4] far before remote work, AI monitoring, and constant digital surveillance became the norm. Additionally, the ECPA prohibits the interception of electronic communications but carves out broad exceptions that largely favor employers. Under the “ordinary course of business” exception, employers may lawfully monitor communications made on company systems if they claim a legitimate business purpose.[5] The statute also includes a “consent” exception, allowing employees to consent explicitly or implicitly when they use employer-provided devices after receiving notice of monitoring.[6] In short, the ECPA demonstrates how current federal law is outdated and was designed for email and phone calls, rather than the algorithmic surveillance pervading today’s workplaces.

            The COVID-19 pandemic highlighted the weaknesses of existing federal employee protection laws. Practically overnight, massive numbers of employees transitioned to remote work, and employers needed a way to monitor their employees.[7] As the American Bar Association noted, remote work spurred a surge in employer use of tracking apps, wellness software, and “bring your own device” policies.^[8] This moment exposed the asymmetry of control between employers and employees. Workers had no meaningful opportunity to consent to surveillance; participation became a condition of continued employment.[9] The power imbalance during this period reflects a relationship where the dominant party can exploit it unless the law imposes restrictions.

Why a Fiduciary Duty Fits in the Employment Relationship

            Fiduciary duties exist to regulate relationships built on trust and vulnerability. Doctors, lawyers, financial advisors, and trustees are bound by duties of care, loyalty, and confidentiality because they control sensitive information that directly affects another’s wellbeing or rights.[10] Establishing an employee-employer fiduciary relationship would shift the employment relationship from one governed by minimal regulatory compliance to one grounded in heightened ethical and legal obligations.

            The employer-employee relationship also shares the characteristics with the professions listed above. Employees entrust their colleagues with sensitive information – such as location, health, and communications – hoping they protect the data. However, due to the consent exception in the ECPA, there is a possibility that employers can misuse the data to discriminate against and even manipulate performance evaluations.[11] As Ifeoma Ajunwa has shown, employers can use the information their employees provide to delve into aspects of their behavior, including running an analysis on the risk of injury.[12] The potential misappropriation, if employed in that way, can undermine trust and increase the harms that a fiduciary duty aims to prevent.

What the Law Should Look Like

            The proposed law should establish three core responsibilities when managing employee data: duty of care, duty of loyalty, and duty of confidentiality. It is important to note that these responsibilities do not eliminate the possibility of employee monitoring, as there are certain benefits to it.[13] Instead, the law would establish a legal baseline of fairness, allowing employers to use the tool while protecting employees’ data from abuse.

1. Duty of Care

            Employers must implement reasonable safeguards to protect employee data from misuse, unauthorized access, or breaches. These safeguards can include limiting data collection to legitimate business purposes and adopting secure storage and retention practices.

2. Duty of Loyalty

            Employers must prioritize employees’ best interests regarding their data. They should be prohibited from selling, sharing, or exploiting surveillance information in ways that can harm employees, such as targeting union activities or using irrelevant personal data in employment decisions.

3. Duty of Confidentiality

            Employers must disclose what information they collect, how it is used, and when it is deleted. Additionally, employees should have access to their own data and the right to correct any inaccuracies.

Models for Implementation

            Congress or the judiciary can establish this framework through legislation or through the development of common law.

1. Statutory Approach

            Congress can create and codify an “Employee Data Protection Act.” This Act would explicitly impose a fiduciary duty of care, loyalty, and confidentiality on all employers who collect surveillance data.

            The Act should mirror aspects of the General Data Protection Regulation (“GDPR”) law in the European Union. The GDPR has strict limits on data collection for consumers and references collective bargaining in the regulation.[14] It enhances individuals’ rights to data protection, imposes more stringent obligations on data processors, and grants regulators stronger enforcement powers.[15] Additionally, the GDPR imposes heavy fines on any company that violates the regulation—up to 20 million euros or 4% of global revenue (whichever is greater).[16] My approach would offer clarity and flexibility, enabling independent agencies, such as the Equal Employment Opportunity Commission, to implement regulations and establish private rights of action for employees.

2. Judicial Approach

            Courts could evolve fiduciary principles through the common law, extending them to employment relationships involving significant data control. Supreme Court precedent also allows for the expansion of fiduciary relationships. In Jaffee v. Redmond, the Court recognized fiduciary obligations of confidentiality in the physician-patient and psychotherapist-client contexts even before statutory protection existed.[17] Furthermore, the court found that this privilege is rooted in the need for confidence and trust, which are essential requirements for effective psychotherapy.[18]

            Judicial recognition would mirror the fiduciary duties of other professions, basing it on power dynamics and trust. Courts could hold employers who collect and control sensitive surveillance data equal to other fiduciaries, such as banks, entrusted with information that could harm the beneficiary if misused.

            Although establishing this duty through judicial recognition may be slower than legislative action, it provides greater flexibility. This approach allows courts to develop a nuanced understanding of what constitutes acceptable monitoring versus exploitative data use, tailoring their decisions to the specific circumstances of each case. Over time, it could create a body of precedent that clarifies the limits of employer surveillance, promoting more ethical data practices and building trust in digital and workplace environments.

Conclusion

            Workplace surveillance reveals a significant weakness in U.S. employment law: employees are increasingly sharing more of their personal information with employers, yet, as a practical matter, they have no legal obligation to protect that information. Establishing a fiduciary duty for employers in managing employee data could close this gap. Such a duty would transform surveillance from an unchecked management tool into a regulated trust-based relationship. Whether established by law or defined by courts, a fiduciary framework would ensure that technology fosters fairness and dignity, not control and fear, in today’s workplace.

^[1] See generally, Lexie White, US agencies take stand against AI-driven employee monitoring, iapp (Oct., 28, 2024),  https://iapp.org/news/a/cfpb-takes-on-enforcement-measures-to-prevent-employee-monitoring.

^[2] Ifeoma Ajunwa, Kate Crawford & Jason Schults, Limitless Worker Surveillance, 105 Calif. L. Rev. 735, 738 (2017).

[3] Kate Morgan and Delaney Nolan, How worker surveillance is backfiring on employers, BBC (Jan. 30, 2023) https://www.bbc.com/worklife/article/20230127-how-worker-surveillance-is-backfiring-on-employers.

[4] Electronic Communications Privacy Act (ECPA), Electronic Privacy Information Center, https://epic.org/ecpa/ (last visited Oct 7. 2025).

[5] 18 U.S.C. § 2510(5)(a)(i)–(ii).

[6] Id. § 2511(2)(d).

[7] Patrick Coate, Remote Work Before, During, and After the Pandemic NCCI, (Jan. 25, 2021), https://www.ncci.com/SecureDocuments/QEB/QEB_Q4_2020_RemoteWork.html.

^[8] Alvin Velazquez & Muyi Zhang, Labor Laws and Surveillance in the Time of COVID-19: A Demand for Better Worker Protections, 38 A.B.A. J. Lab. & Emp. L., 93, 97, 102 (2024).

[9] See Shreya Chowdhary et al., Can Workers Meaningfully Consent to Workplace Wellbeing Technologies, arXiv 1, 2 (Mar. 13, 2023) (arguing that inherent power imbalance in the workplace prevents employees from giving meaningful consent).

[10] See generally Meinhard v. Salmon, 164 N.E. 545, 546 (N.Y. 1928) (stating that a fiduciary duty is held to something stricter than the “morals of the marketplace,” and asserting that a fiduciary standard is of a higher standard).

[11] Ifeoma Ajunwa, Algorithms at Work: Productivity Monitoring Applications and Wearable Technology, 63 St. LOUIS U. L. J. 21, 30–32 (2019

[12] Id. at 30.

[13] See generally Employee Monitoring: Pros, Cons & Considerations, TERAMIND, (Jul. 9, 2024) https://www.teramind.co/blog/pros-and-cons-of-employee-monitoring/ (listing the advantages employers receive through employee monitoring).

[14] Alvin Velazquez & Muyi Zhang, Labor Laws and Surveillance in the Time of COVID-19: A Demand for Better Worker Protections, 38 A.B.A. J. Lab. & Emp. L., 93, 100 (2024).

[15] Id.

[16] General Data Protection Regulation, Privacy International, https://privacyinternational.org/learn/general-data-protection-regulation (last visited Oct. 17, 2025).

[17] Jaffee v. Redmond, 518 U.S. 1, 10 (1996).

[18] Id.