California Assembly Weighs Nation’s Broadest AI-Driven Workplace Surveillance Bill: AB 1221 Raises the Bar, and the Stakes, for Employers

In a move that could reshape day-to-day people-management practices across the state, the California Legislature is advancing Assembly Bill 1221 (“AB 1221”), a sweeping proposal that would regulate how employers deploy artificial intelligence-enabled monitoring tools and how they handle the torrents of data those tools generate. After clearing two policy committees, the measure was placed on the Assembly Appropriations Committee’s “suspense” file on May 14, 2025: a key fiscal hurdle to a possible floor vote. AB 1221’s fiscal impact will be scrutinized in the Appropriations Committee, and the bill could still be amended; perhaps to narrow its scope or clarify open questions such as what constitutes a “significant update” to an existing tool. Nonetheless, the measure enjoys strong labor support and dovetails with California’s broader push to regulate AI. Even if AB 1221 stalls, its core concepts are likely to resurface.

What AB 1221 Would Require

The bill defines a “workplace surveillance tool” broadly to include virtually any technology that actively or passively captures worker data, from innocuous time-tracking widgets to sophisticated photo-optical systems. It would obligate employers (public and private, large and small, as well as their labor-contractor intermediaries) to furnish plain-language written notice at least thirty days before launching any such tool. That notice must spell out the categories of data collected, the business purpose, the frequency and duration of monitoring, retention periods, vendor identities, the extent to which the data informs employment decisions, and the process by which workers may access or correct that data.

Once a surveillance system is up and running, it may collect, use, and retain information that is “reasonably necessary and proportionate” to the purpose identified in the notice, and employers bear joint liability for security breaches involving worker data. Contracts with analytics providers therefore must incorporate robust cybersecurity safeguards, cooperation duties and deletion obligations. Vendors must return worker data “in a user-friendly format” at contract end and delete remaining copies.

AB 1221 would prohibit facial recognition, gait analysis, emotion detection and neural-data collection, but with one narrow carve-out: facial recognition may still be used solely to unlock a device or grant access to a locked or secured area. The bill also bars employers from using surveillance to infer protected traits such as immigration status, health or reproductive history, religion, sexual orientation, disability, criminal record or credit history.

Employers may not rely primarily on monitoring data when disciplining or terminating a worker. If they choose to factor that data into such a decision, a human reviewer must corroborate it. The employer must notify the worker of the decision, provide a simple request form, and give the worker five business days to ask for the surveillance and corroborating records. Any valid correction must be made, and the personnel action adjusted, within twenty-four hours. Records that play any role in discipline must be retained for five years.

Enforcement Mechanisms andCivil Exposure

AB 1221 would vestenforcement authority in the Labor Commissioner, impose civil penalties of $500per violation, and create a private right of action that includes actual andpunitive damages as well as attorneys’ fees and punitive damages. Public prosecutorscould also bring suit, and plaintiffs could seek injunctive relief, heighteninglitigation leverage for worker-side counsel.

Points of Contention andLegislative Headwinds

Industry groups, includingthe California chapter of SHRM, have criticized the proposal’s breadth, warningthat it could hamper legitimate safety and operational uses of technology andsaddle businesses with ambiguous compliance obligations. Labor advocatescounter that AB 1221 supplies essential guardrails against what they describeas an exploding “digital Taylorism” that erodes privacy and exacerbates bias.

Practical Implications forEmployers

If enacted, the bill wouldforce employers to inventory every monitoring technology—no matter howroutine—and to recalibrate vendor contracts, internal policies and disciplinaryprotocols. Multistate employers that already comply with New York City’s automated-employment-decisionrules or the EU’s AI Act would confront new obligations around thirty-dayadvance notice, categorical technology bans and acceleratedemployee-data-access timelines. Because the measure’s private right of actionis untethered to data-breach harm, plaintiffs’ lawyers would gain a freshlitigation hook wherever monitoring intersects with hiring, promotion ortermination decisions.

Takeaways

Employers should beginmapping every data stream generated by workplace technologies, updating privacynotices and embedding human review into any algorithmically informed employmentdecision. Whether AB 1221 becomes law this session or next, the legislativetrajectory is clear: AI-powered surveillance is migrating from operationalconvenience to regulated activity, and businesses that fail to get ahead ofthese requirements risk both regulatory penalties and private lawsuits.

‍