California
California Employee Monitoring Laws: Employer Rules (2026)

California employers face some of the strictest monitoring rules in the country. Labor Code § 980 bars demanding an employee's social media password, Labor Code § 435 bans cameras in restrooms and locker rooms, and the CPRA gives employees CCPA-style notice and access rights over monitoring data since 2023.
Information last verified on July 9, 2026. This article has not yet been reviewed by a licensed lawyer.
This article covers what California law says specifically about an employer's ability to monitor its employees, as distinct from the general recording-consent rules covered in California Recording Laws and its workplace recording page. This cluster's focus is the employer side: social media password protections, surveillance limits, and how California's privacy statutes now reach employee data.
Jurisdiction scope: This article addresses California state law on employer monitoring of employees, including Cal. Lab. Code § 980 (social media passwords), Cal. Lab. Code § 435 (restroom and locker room recording), and the CPRA's employee-data provisions, together with the federal ECPA baseline. It does not re-derive California's two-party consent recording rules or general GPS-tracking law in depth; for those, see the linked California recording law and GPS tracking law pages.
How Federal and California Recording Law Apply to Employer Monitoring
California is a two-party, or all-party, consent state for recording confidential communications under Penal Code § 632, meaning every participant in a confidential conversation must consent before it can be recorded. This article does not re-derive that framework; for the full rules on consent, penalties, and exceptions, see California Recording Laws and the site's dedicated workplace recording guide.
A separate federal rule governs employer monitoring of business communications specifically. Under the Wiretap Act, 18 U.S.C. § 2511(2)(a)(i), a business that owns its phone or computer system can intercept communications on that system "in the ordinary course of business" without needing a party's consent at all. The Eleventh Circuit narrowed that exception in Watkins v. L.M. Berry & Co., 704 F.2d 577 (11th Cir. 1983): an employer can monitor a business call, but once a call is identified as personal, continued listening falls outside the exception, and the employer is expected to stop listening or rely on spot checks instead. In California, this federal exception operates alongside, not instead of, the state's stricter two-party consent rule for confidential communications.
California Has No Dedicated Monitoring Notice Law, But the CPRA Fills Part of the Gap
California has not enacted an electronic-monitoring notice statute in the style of Connecticut, Delaware, New York, or Maine. Instead, the state's principal notice mechanism for employee monitoring runs through its consumer privacy law. The California Consumer Privacy Act and its amendment, the California Privacy Rights Act (CPRA), originally exempted employee and job-applicant data. That exemption expired on January 1, 2023, when the Legislature declined to extend it, and employees now have the same core rights as any other California consumer with respect to their employer's data practices.
In practice, this means a California employer must provide a notice at collection describing the categories of personal information it collects about employees, including monitoring, surveillance, and location data, and the purposes for which it is used. Employees can request to know what has been collected, request deletion of information no longer needed for a disclosed purpose, request correction of inaccurate information, and opt out of the sale or sharing of their personal information. New CPPA regulations add risk-assessment obligations beginning January 1, 2026, for employers whose monitoring activities involve significant use of employee data, including any use of automated decision-making technology (ADMT) for a significant employment decision; employers with pre-existing covered activities have until December 31, 2027 to complete an initial assessment, and ADMT-specific notice and opt-out mechanics phase in January 1, 2027.
California's Social Media Password Law
Cal. Lab. Code § 980 prohibits an employer from requiring or requesting that an employee or applicant disclose a username or password for the purpose of accessing personal social media, access personal social media in the employer's presence, or otherwise divulge personal social media content. An employer that retaliates against a worker for refusing, by discharging, disciplining, or threatening to do either, violates the statute, though it can still take a lawful adverse action for other, independent reasons.

Two exceptions matter for employers. First, under subsection (c), an employer may require disclosure of personal social media reasonably believed relevant to investigating allegations of employee misconduct or a violation of law or regulation, but only for use in that investigation or a related proceeding. Second, under subsection (d), the statute does not restrict an employer's ability to require login credentials for a device it actually issued to the employee, such as a company phone or laptop account.
Video and Audio Surveillance Limits: Labor Code 435 and Hernandez v. Hillsides
Cal. Lab. Code § 435 is a bright-line rule: no employer may cause an audio or video recording to be made of an employee in a restroom, locker room, or room designated for changing clothes, unless authorized by a court order. Employee consent cannot substitute for a court order, any recording made in violation cannot be used by the employer for any purpose, and a violation is an infraction. This is one of the clearest statutory limits on workplace surveillance in the country and applies to nearly every private and public employer in the state.
Outside those specifically protected spaces, California courts evaluate workplace video surveillance under a reasonable-expectation-of-privacy and highly-offensive-intrusion standard. The California Supreme Court's decision in Hernandez v. Hillsides, Inc., 47 Cal.4th 272 (2009), remains the leading case: the Court found that two employees had a reasonable expectation of privacy in their shared, closed-door office even though the employer had a legitimate reason (identifying who was accessing inappropriate websites) for installing a hidden camera, but held the employer was not liable because the camera was never activated while the employees were present and the intrusion, on the facts, was not highly offensive to a reasonable person. The case illustrates that a legitimate business reason for surveillance does not eliminate the need to weigh the manner and scope of the intrusion against the employee's privacy interest.
GPS and Vehicle Tracking
California's general anti-tracking statute, Penal Code § 637.7, makes it a misdemeanor to use an electronic tracking device to determine a vehicle's location or movement, but the statute does not apply where "the registered owner, lessor, or lessee of a vehicle has consented to the use of the electronic tracking device with respect to that vehicle." Because an employer is typically the registered owner or lessee of its own fleet vehicles, this consent exception is why employers can generally track company-owned vehicles without violating § 637.7. For the fuller rules on GPS and vehicle tracking in California, including how this interacts with personal vehicles and the state's general privacy framework, see California GPS Tracking Laws.
Biometric Monitoring
California does not have an Illinois-style Biometric Information Privacy Act with a standalone private right of action for mishandled fingerprint or facial-recognition data. Biometric identifiers are instead treated as a category of "sensitive personal information" under the CPRA, which gives employees the right to limit certain uses of that data and requires the same notice-at-collection and risk-assessment obligations described above when an employer's monitoring program processes biometric data, such as a fingerprint time clock or facial-recognition access system. For more detail on how California defines and protects biometric data generally, see California Biometric Privacy Laws.

Recent Developments: Failed and Pending Surveillance Bills, and the Meta Example
California's Legislature has repeatedly tried and failed to pass a comprehensive workplace-surveillance notice law. AB 1221, the Workplace Technology Accountability Act, would have required 30 days' written notice before deploying a new workplace surveillance tool and would have barred certain uses of AI-driven monitoring, such as facial or gait recognition, but it failed on February 2, 2026 when it was filed with the Chief Clerk under Joint Rule 56 without advancing out of the Legislature. A related bill, AB 1331, which would have restricted surveillance in employee-only break areas, was ordered to the inactive file in the Senate on September 13, 2025 and had not been revived as of this writing. Neither bill is currently law, so the CPRA notice-at-collection framework and the statutes described above remain the operative rules.
Real-world monitoring disputes continue to test these boundaries even without new legislation. In 2026, Meta's internal Model Capability Initiative, a program that logged employee keystrokes, mouse activity, and app usage on company devices to train AI models, drew an internal petition from more than 1,600 employees after the company disclosed in June 2026 that sensitive data the program collected, including private prompts and internal discussions, had been broadly accessible inside the company. Meta subsequently added a 30-minute pause option and a limited opt-out process. The episode is a useful illustration of the kind of employer monitoring program that California's CPRA notice and risk-assessment rules, and any future legislation modeled on AB 1221, are aimed at.
More California Laws
- California AI Meeting Recording Laws
- California Alimony Laws
- California At-Will Employment Laws
- California Car Accident Laws
- California Car Seat Laws
- California Child Custody Laws
- California Child Support Laws
- California Common Law Marriage Laws
- California Dashcam Laws
- California Data Privacy Laws
- California Deepfake Laws
- California Divorce Laws
- California Dog Bite Laws
- California Drone Laws
- California Emancipation Laws
- California Expungement Laws
Disclaimer
This article provides general legal information about employee monitoring law in California as of July 9, 2026. It is not legal advice and does not create an attorney-client relationship. Workplace privacy and employment law involve fact-specific analysis; consult an attorney licensed in California about your specific situation before acting on anything in this article.
Related articles
- Employee Monitoring Laws by State
- California Recording Laws
- California Workplace Recording Laws
- California GPS Tracking Laws
- California Biometric Privacy Laws

Last updated: July 9, 2026. Statutes cited reflect their in-force version as of July 9, 2026.
Frequently Asked Questions
Does my California employer have to tell me before monitoring my computer?
California has no dedicated electronic-monitoring notice statute, but since the CPRA's employee exemption expired in 2023, employers must provide a notice at collection describing what personal information they collect, including through monitoring, and why. There is no separate 30-day advance-notice requirement; a bill that would have added one, AB 1221, failed in February 2026.
Can my employer ask for my Instagram password in California?
No, not for personal use. Cal. Lab. Code § 980 bars an employer from requiring your social media username or password, except when your account is reasonably believed relevant to a misconduct investigation or the account is one the employer itself issued to you.
Can my employer put a camera in the restroom or locker room in California?
No. Cal. Lab. Code § 435 bans employer audio or video recording of employees in restrooms, locker rooms, or changing rooms without a court order, and your consent cannot substitute for one. Any footage recorded in violation cannot be used for any purpose.
Can my California employer install a hidden camera in my office?
It depends on the facts. In Hernandez v. Hillsides, Inc. (2009), the California Supreme Court held employees had a reasonable expectation of privacy in a shared, closed-door office, but found the employer not liable because the camera was never activated while they were present and the intrusion was not highly offensive on those specific facts. Courts weigh the manner and scope of the surveillance against the employee's privacy interest.
Can my employer track a company car with GPS in California?
Generally yes. Penal Code § 637.7 exempts tracking consented to by the vehicle's registered owner, lessor, or lessee, and an employer is typically the registered owner or lessee of its own fleet vehicles. See California GPS Tracking Laws for the fuller framework, including personal-vehicle scenarios.
Do I have a right to see what monitoring data my employer collected about me in California?
Yes. Since the CPRA's employee exemption expired January 1, 2023, California employees have the right to know what personal information, including monitoring and location data, an employer has collected, and rights to request deletion or correction, subject to the same exceptions that apply to other CCPA/CPRA rights.
Sources and References
- 18 U.S.C. § 2511(2)(a)(i), Electronic Communications Privacy Act (ordinary course of business exception)(law.cornell.edu)
- Watkins v. L.M. Berry & Co., 704 F.2d 577 (11th Cir. 1983)(law.resource.org)
- California Labor Code § 980, social media privacy protections(leginfo.legislature.ca.gov).gov
- California Labor Code § 435, recording employees in restrooms, locker rooms, and changing rooms(leginfo.legislature.ca.gov).gov
- California Penal Code § 637.7, electronic tracking devices(leginfo.legislature.ca.gov).gov
- Hernandez v. Hillsides, Inc., 47 Cal.4th 272 (2009)(scocal.stanford.edu)
- Employee Data, California Privacy Protection Agency(cppa.ca.gov).gov
- AB 1221, Workplace surveillance tools, California Legislature (failed February 2, 2026)(leginfo.legislature.ca.gov).gov
- AB 1331, Workplace surveillance, California Legislature (inactive file September 13, 2025)(leginfo.legislature.ca.gov).gov
- Meta pauses controversial employee-tracking program after security review, Malwarebytes(malwarebytes.com)