In August 2017, a Wisconsin-based company implanted microchips fueled by radio-frequency identification technology in its employees on a voluntary basis. Initially, fifty employees—enticed by the notion of swiping into the building, unlocking their computers and paying for purchases with a wave of the hand—opted to have the grain-of-rice-sized microchip injected between their thumb and forefinger. One-year later, a glimpse at this company reveals that the microchip has continued to gain traction; an additional thirty employees have received the microchip implants while two employees, upon leaving the company, had their microchips removed. Beyond the confines of this Wisconsin firm, several foreign companies have also integrated the employee microchip into their business model. Although some view this technology as signaling a dystopian future, others—namely, microchipped employees—are accustomed to this workplace innovation, benefitting from the added convenience provided by the technology.
The microchip places an employee’s right to bodily integrity at risk when considering the inherent power dynamic between management and employees. Employers can assert their authority in the workplace, dictating the behavior and choices of their workforce. The growth potential of this technology as exemplified in Sweden, where microchip demand has outpaced the main chipping company’s production capacity, has led several states in the U.S. to proactively adopt legislation to contain the threat posed to employees. The legislation prohibits employers from requiring microchips as a mandatory condition of employment. Arkansas has most recently contemplated similar legislation in January of 2019; the legislation provides that an employer’s ability to microchip will be contingent upon written consent by the employee and coverage of implantation and removal costs by the employer.
The adequacy of state regulation comes into question when considering the degree to which this technology has become routine and integrated in certain companies. In particular, the various conveniences afforded to microchipped employees can result in greater efficiency, and as the technology continues to advance, these employees may be able to attain higher levels of productivity or job success as compared to their chip resisting counterparts. For instance, the microchip may progress in such a way as to resolve issues with ineffective communication among employees, which has been cited as a source of detracted productivity in the workplace. One contemplated advancement of this nature involves syncing smartphones with microchips such that any given employee, upon entering a room, can use a smartphone to view the behavioral traits and communication styles of the other employees in the room. Thus, while state regulation nominally bans mandatory microchipping, there is a conceivable risk that employees will be personally compelled to receive microchips in order to gain exposure to these advantages or to appease their employers.
An alternative concern that arises in this context relates to the infringement of employees’ privacy rights. These risks are amplified given the intrusive nature of this technology and the rapid pace at which it may evolve. In fact, microchips with enhanced capabilities are on the horizon. The Wisconsin-based company, shortly after the initial implantation of its employees, branched out its operations from providing self-service kiosks to developing microchips. Specifically, the company has proposed to launch a new microchip powered by body heat and equipped with GPS tracking capability and voice activation software. Employers will be able to use this technology to monitor their employees’ activities in the workplace and beyond. In addition, even if a given microchip has been implanted without certain capabilities, it can be reprogrammed to serve a new purpose while inside the body.
Although no U.S. federal laws explicitly protect employee privacy by restricting employer surveillance, certain state regulation may provide some protection of this sort to employees. As an example, the California law prevents employers from using GPS technology to track employees without their consent. Yet other states are considerably more lenient on an employer’s ability to obtain an employee’s private information. In Massachusetts, the law stipulates that employees are protected against “unreasonable” interferences with their privacy, yet courts have evaluated this by balancing an employer’s legitimate business interest in the employee’s information against the employee’s interest in keeping the information private.
Privacy concerns that emerge from microchip usage need to be to be dealt with in a targeted and holistic manner. The European Union, for example, comprehensively addresses such privacy concerns with the General Data Protection Regulation, which came into effect in May of 2018. This regulation provides protections to EU citizens—including employees—from privacy breaches by all companies that process personal data of individuals residing in the EU. The regulation provides in part that when an employer engages in data processing activities that pose a high risk to the rights and freedoms of individuals, a privacy impact assessment must be conducted. Moreover, the regulation equips employees with several rights intended to shield them from privacy threats posed by their employers. These include the right to be informed of personal information collected by an employer; the right to access the personal data held by an employer; the right to delete personal data held by an employer; and the right to block or suppress the processing of certain personal data.
To the extent employee microchipping expands among U.S. companies, the need for standardized privacy regulation will continue to grow. The General Data Protection Regulation provides employees with robust protections that would considerably lessen the privacy risks posed by microchip usage, including employer surveillance concerns. Such a uniform measure would also rectify the inconsistencies in the varied state approaches to employee privacy protection.