Overview of AB 1651: The California Workplace Technology Accountability Act

I recently co-authored a paper entitled “Overview and Commentary of the California Workplace Technology Accountability Act.” This is California Assembly Bill 1651 (AB 1651), introduced in the 2022 legislative session by Assemblymember Ash Kalra.  I won’t re-publish the article in this blog post but will (a) give an overview of the proposed bill and (b) discuss AB 1651 in the context of the California Privacy Rights Act (CPRA) vis a vis the employee-employer exemption.  I will leverage some of the text of this whitepaper in this blog post.

Overview of AI Regulations at State and City Level

Stepping back, AI regulation is starting to catch on in a few states (e.g., California and Illinois) and New York City. However, these regulations have been narrowly focused, centering around automated employment decision-making (e.g., recruiting, hiring, promotion, and work scheduling). These regulations ensure that AI does not present a barrier to equal employment opportunities or prevent diversity in the workforce. This is partly a reaction to the increased use during the Covid-19 pandemic of AI-based employee assessments and algorithmically analyzed video interviews. For example, software providers such as Gecko, HireVue, and Mya have AI-based systems that analyze video footage of interviews to “evaluate and make hiring recommendations based on applicants’ facial expressions, body language, word choice, and tone of voice.” 

Illinois passed the Illinois Artificial Intelligence Video Interview Act in 2019, which went into effect in January 2020. The law regulates the use of AI in video interviews for employment decision-making purposes. Specifically, the law requires businesses to tell applicants that AI will be used to analyze video interviews, explain how the AI works and what characteristics it takes into consideration, get consent from the applicants before the interview, and not share the video interviews. Furthermore, businesses must destroy the interviews upon request from the applicants, and employers who solely use AI analysis for video interviews must annually report to the state the race and ethnicity of applicants hired and not hired. There are no fines for non-compliance, with the assumption that there may be a hit to the business’s reputation if they are found to be non-compliant.

New York City passed local law 1894-A at the end of 2021, requiring a “bias audit” to be conducted on automated employment decision-making tools starting in January 2023. It also requires that candidates or employees be notified if those tools are used in the assessment or evaluation for hiring and promotion purposes. The scope applies to companies operating in New York City that use AI tools in employment decisions. Non-compliant systems can incur penalties from $500 to $1,500 daily, and failure to disclose to employees constitutes a separate violation subject to the same penalty.

The California Workplace Technology Accountability Act

In California, Assembly Member Ash Kalra proposed AB-1651 — the California Workplace Technology Accountability Act — in January 2022. This proposed legislation limits electronic monitoring and automated decision systems to specific times of day, activities, and locations. It gives workers the right to know, review and correct data their employer holds. The law also requires employees to be notified if automated decision systems (ADS) are used in employment-related tasks such as hiring, assessment, and promotions. Employers using ADS must have these systems assessed through an algorithmic impact assessment (AIA) conducted by a third party. Non-compliance can result in fines between $2,500 and $20,000 per violation. As of mid-2022, the bill remains stuck in committee.

The Act also requires that the primary responsibility for administration and enforcement is with the Labor Commissioner and that the Department of Fair Employment and Housing should investigate violations in coordination with the Division of Labor Standards Enforcement. Further, the Labor and Workforce Development Agency are required to adopt regulations to enable the administering and enforcement of the legislation, including guidelines on how to manage the coordination of enforcement by the divisions of the Department of Industrial Relations (including the Division of Occupational Health and Safety and the Division of Workers’ Compensation). Further, the Labor Commissioner would be required to contravene a committee of relevant stakeholders, who represent the Department of Industrial Relations and the Department of Fair Employment and Housing, among others.

Interestingly, the proposed legislation helps to introduce boundaries for worker monitoring, limiting it to only certain times, locations and activities. While this is important for all workers, those in the physical workplace are likely to leave their work at work, i.e., when they leave the site, they are no longer on duty. For those working remotely, particularly those who work from home, the boundaries between home and work can become blurred, and it is not as easy for employers to monitor those who are not physically on-site – they must use software or invasive approaches like requiring webcams to be on at all times to monitor workers. Indeed, during the first wave of the pandemic, many workers were required to work from home. This saw many remote workers working longer hours than they would at the office since it is difficult to create those boundaries when working and living in the same environment, leading to some feeling they are always on the clock. Consequently, workers' work-life balance could become impaired if they find it difficult to switch off, which could result in lower job performance and greater turnover intentions, impacting both workers and employers.

Further, some employers have been known to use invasive monitoring, tracking the keystrokes of employees, taking pictures of them through their webcams, and recording their screens, which can be done without workers knowing. This can not only invade the privacy of workers but also their family members or anyone sharing their working space. Therefore, the introduction of clear and unambiguous boundaries and conditions for monitoring employees is important for protecting the privacy of workers both in the workplace and those who work remotely.

Potential Conflicts with the CPRA

While at face value the legislation does signal the greater governance of AI, particularly with respect to the employment context, that there have been calls for, in its current form the proposed legislation conflicts with other laws in California regarding workers’ rights over their data. Indeed, the California legislature passed the California Consumer Privacy Act (CCPA) in 2018 (AB 375, 2018), which introduced the “employee-employer exemption” that exempts employees from the data subject rights (e.g., the right to be informed, the right to access, the right to delete, etc.) that the CCPA gives consumers (in this case, the employee) as it relates to the consumer’s personal information collected by a business (in this case, the employer). The legislation also has an exemption for employers whose annual revenue is not greater than $25 million and or who do not have data on at least 50,000 people, something that the proposed legislation does not do.

The employee-employer exemption was set to expire on January 1, 2021. With the passage of Proposition 24, the California Privacy Rights Act (CPRA) of 2020), which in effect represents Version 2 of the CCPA, the “employee-employer exemption” was pushed back until January 1, 2023 (see Section 1798.145(m) of the CPRA and Section 3(a)(8) of Proposition 24). But the exemption has been relaxed in a few ways with the CPRA: (1) the employer must give the employee a notice of what personal information is being collected; (2) the employer will have the obligations with respect to negligent data breaches (see Section 1798.150) vis a vis an employee’s data being breached; and (3) employees can prohibit the sale of their personal information by an employer (see Section 1798.145(n) that references Section 1798.120). The CCPA also In the 2022 legislative session there are two bills (AB-2891, 2022; AB-2871, 2022) that will make the employer-employee exemption permanent or push it back until January 1, 2026, respectively. Thus, Workplace Technology Accountability Act in effect overrides the “employee-employer exemption” found in California’s privacy law.

Current Status of AB 1651

The bill currently sits with the Committee on Privacy and Consumer Protection.  Will be interesting given its far-reaching impact if it will emerge from Committee.