TORONTO -- Canadian employees have few legal protections against workplace monitoring, experts said, after TD Bank told some staff it would use software to track their work activity, raising concerns about consent and privacy.
There are limits, however, to the reasons employers monitor their workers and how they use the data they collect.
Canada’s privacy laws are weaker than those in the European Union, where privacy is a fundamental right and companies must justify the use of monitoring tools under privacy and labour laws, according to six Canadian legal experts.
Globally, companies are increasingly facing employee pushback over using software to monitor work, as new technology becomes available and employers seek to keep tabs on remote workers.
TD, Canada’s second-largest company by market cap, will use WorkiQ software to track the time employees spend on browsers and internal chat and meeting applications, according to a recording of a team call last week and a document TD shared with employees that Reuters reviewed.
In response to the story, several TD employees posted anonymously on social media expressing concerns about potential layoffs, micromanaging, and being replaced by AI. Others worried surveillance would increase pressure to perform.
Lawyers said some monitoring is to be expected, but the intent needs to be defined. If a company says it is only monitoring for productivity, data collected cannot be used for performance reviews or shared with other organizations, for example.
“The employer could say outright that they’re using it for performance evaluations, and as long as they’re upfront about it, there’s nothing the employees can do about it,” said Brent Arnold, a partner at Toronto-based law firm INQ Law.
TD said on Friday the software deployment was “standard practice across the industry ... The tool allows managers to more accurately manage workflows, team capacity and performance.”
TD declined further comment.
Taking notes from the EU
In the U.S., where experts say privacy laws are also weaker than in the EU, Meta is dialing back elements of its plan to collect employee mouse movements, keystrokes and other actions for use as AI training data, according to an internal memo seen by Reuters this month, following weeks of staff pushback.
The Financial Times reported in March that JPMorgan, the biggest U.S. bank, was starting to monitor the hours of its junior investment bankers, saying it was for their own well-being. The bank did not respond to a request for comment.
Canada is revamping privacy laws in a bill before the House of Commons that borrows ideas from the European Union’s General Data Protection Regulation and includes a new regulator to oversee enforcement. It would require companies to meet new compliance obligations and enforcement frameworks.
University of Ottawa law professor Michael Geist said the bill does not cover workplace surveillance, however.
“It contains no rule addressing electronic monitoring of employees, no notice or consent requirement specific to tracking software, keystroke logging, or productivity monitoring, and the word ‘surveillance’ does not appear anywhere in its employment provisions,” he said.
A spokesperson for the AI ministry said the bill would strengthen protections for employees’ personal information by establishing obligations for how data is handled, protected, retained and disclosed.
The government will continue to engage with workers, employers, privacy experts and industry leaders to ensure Canada’s policy framework remains responsive to the needs and expectations of Canadians, the spokesperson said.
Valerio De Stefano, a law professor at York University’s Osgoode Hall Law School, said employee monitoring has not been on the government’s radar.
“There is basically no specific safeguard that would help employees push back against these invasive practices,” he said.
(Reporting by Nivedita Balu in Toronto; Editing by Caroline Stauffer and Rod Nickel)
