The bank promises safeguards while experts say the law gives employees almost none
Software that its maker brands as "employee and wellbeing intelligence" has drawn TD Bank into a dispute over workplace surveillance, exposing how little Canadian law shields workers from being monitored on the job.
TD told members of its financial crimes and risk management team it would deploy WorkiQ to track the time they spend on browsers and on internal chat and meeting applications, according to a recording of a team call reviewed by Reuters and a document the bank shared with staff.
On the call, employees questioned whether the tool could feed performance management, whether they would be asked for consent, and how their data would be used.
That intent matters legally.
Lawyers told Reuters that a company that says it is monitoring only for productivity cannot then use the data for performance reviews or share it with other organizations.
"The employer could say outright that they're using it for performance evaluations," Brent Arnold, a partner at Toronto law firm INQ Law, told Reuters.
As long as they are upfront about it, he said, employees have no recourse.
In a statement to Reuters, TD called the rollout "standard practice across the industry," saying the tool "allows managers to more accurately manage workflows, team capacity and performance" and that "colleagues are informed about where they are used and for what purpose."
The bank said it has safeguards to protect colleagues' privacy and declined further comment.
The Personal Information Protection and Electronic Documents Act governs how TD handles employee data, because federal rules regulate the bank, according to the Office of the Privacy Commissioner of Canada.
The commissioner's office says employers may collect and use employee information without consent when it is necessary to manage the employment relationship, but must still give notice and limit use to identified purposes, and that any monitoring should be reasonable, necessary and proportionate.
Protection thins outside federally regulated workplaces.
Only Alberta, British Columbia and Quebec run private-sector privacy laws covering provincially regulated employees, the privacy commissioner said.
Ontario takes a narrower route, requiring certain employers to spell out electronic monitoring practices in a written policy under the Employment Standards Act, according to Canadian employment lawyers.
A privacy bill before the House of Commons borrows from the European Union's General Data Protection Regulation and would create a new regulator, Reuters reported, yet it does not touch workplace surveillance.
The bill "contains no rule addressing electronic monitoring of employees," said Michael Geist, a law professor at the University of Ottawa.
It carries no notice or consent requirement for tracking software, keystroke logging or productivity monitoring, he said, and never uses the word "surveillance" in its employment provisions.
A spokesperson for the AI ministry told Reuters the bill would strengthen protections by setting obligations for how data is handled, retained and disclosed.
Even so, "there is basically no specific safeguard that would help employees push back against these invasive practices," said Valerio De Stefano, a law professor at York University's Osgoode Hall Law School.
The friction reflects a wider push to watch remote workers, often under the banner of wellbeing.
Meta is rolling back parts of a plan to collect employee keystrokes and mouse movements for AI training after staff pushback, according to an internal memo seen by Reuters that JPMorgan began tracking the hours of its junior bankers, saying it was for their own well-being.
