Emerging Technology

day one project

Move Algorithmic-Driven Pay and Scheduling Systems From Surveillance Pay to Fair Wages

06.11.26 | 15 min read | Text by Wilneida Negrón

Employers increasingly rely on scheduling, timekeeping, and payroll software to determine hours, eligibility, and pay. When monitoring data and optimization rules feed these systems, or what this memo refers to as “algorithmic wage-setting”—it rarely appears as a standalone tool. It shows up as configured rules and thresholds, time edits, automatic deductions, and eligibility flags that can quietly change compensable time and earnings. A 2025 Equitable Growth brief describes this dynamic as “surveillance pay”—the use of granular monitoring data integrated into pay systems to set compensation and calculate wages in ways that can disconnect time from pay and make outcomes harder to predict, audit, and challenge for discrimination.

States are already moving to regulate surveillance/algorithmic wage-setting, but proposals focus on prohibition and basic notice rights. This memo complements those efforts by centering the enforcement reality: payroll and timekeeping are the system of record and the regulatory choke point. It pairs guardrails on non-job-related data use with an enforcement operating model, audit-ready decision trails, integration/egress mapping, standardized audits and complaints triage, and minimum operational standards, so agencies can prove violations, correct errors quickly, and prevent repeat harm using preexisting wage-and-hour, civil rights, consumer protection, and procurement authority.

Challenge and Opportunity

Core labor protections like minimum wage, overtime, predictable scheduling, and anti-discrimination regulations, increasingly run through proprietary workplace systems that employers and vendors configure, but workers and regulators often cannot see or challenge. As these tools spread across white- and blue-collar industries—including healthcare, retail, logistics, food service, manufacturing, construction, and public services, they can normalize hidden wage loss, income volatility, and unequal treatment, especially when employers use surveillance-derived metrics to change pay tiers, incentives, benefits eligibility, or hours without clear notice or a workable way to challenge errors.

Why payroll and timekeeping are the focus.

In most workplaces, pay and schedules do not come from a single “algorithmic wage tool.” Instead, they come from connected systems that track hours, assign shifts, and apply workplace rules, that then feed into HR and payroll systems, which serve as the official record for compensation.

This memo focuses on payroll and timekeeping/scheduling because that’s where data turns into earnings: wages, hours paid, premiums, bonuses, and benefits eligibility. It is also where states can most realistically require auditable records, set clear limits on what data can influence pay decisions, and enforce worker rights.

Worker data typically flows through a simple data chain:

1. Capture: timekeeping, scheduling, attendance, and productivity/monitoring tools record events (clock-ins, breaks, shift changes, performance flags). 
2. Integrate: HR and payroll systems (and their vendors/subcontractors) pull those inputs together and link them to pay rules. 
3. Decide: configured rules, thresholds, or models trigger pay-affecting actions—time edits, automatic deductions, eligibility flags for premiums/bonuses, schedule adjustments, and pay calculations. 
4. Pay out: the results appear in payroll as wages, hours paid, premiums, bonuses, and take-home pay.

Because payroll and timekeeping are the official record, regulators cannot rely on the paycheck alone. Instead, regulators need to see and audit the system’s decision trail which includes the data sources that were used, the rule or thresholds that were applied, what changed (e.g., edits, deductions, eligibility flags), and who made (or approved) any changes.

Added risk pathway: third-party intermediaries.

Worker data does not always stay inside a single employer system. In instances, third parties such as verification services, analytics intermediaries, and sometimes data brokers/resellers collect and commercialize worker-related data and feed it back into workplace tools in the form of aggregated scores, flags, or “risk/reliability” signals that can affect scheduling, wages, and/or compensation.

Without clear limits and disclosure on this type of third-party data sourcing and onward sharing for pay and time keeping-affecting decisions (including brokered data and broker-derived scores), non-job-related data can also shape pay and scheduling indirectly while obscuring provenance (who supplied it), purpose (why it was used), and accountability (who is responsible) .

From a regulatory standpoint, the risks typically concentrate in four areas:

1. Implementation/configuration failures, rollouts, integrations, default settings, or rule changes that trigger underpayment or missing premiums. 
2. Improper inputs/uses in pay or time keeping decisions, such that non-job-related personal data (including surveillance-derived metrics and brokered inferences) used to set or modify wages, hours, eligibility, or incentives. 
3. Secondary use and onward sharing (data governance risk), in that worker pay/HR data repurposed, shared, or sold beyond payroll/service delivery, potentially re-entering decision systems as scores, flags, or eligibility signals. 
4. Black-box accountability gaps, in which systems that prevent workers, unions, and regulators from seeing which inputs and rules produced pay outcomes.

Understanding these is key from a regulatory standpoint because the question then becomes not only what the paycheck says, but what rules and input influenced any changes in wage or compensation calculations and whether those inputs are legitimate and traceable. 

The recommendations that follow do three things: (1) cut off high-risk data inputs, (2) require audit-ready decision trails, and (3) give workers enforceable rights to notice, explanation, and correction.

Why states should act now.

We already have evidence that algorithmic pay is common in some sectors in the labor markets, and that payroll “modernization” rollouts can cause widespread pay errors when software becomes the system of record. Even if “surveillance wages” is not yet widespread beyond the gig economy, which is the point: states can act upstream, before these tools harden into default infrastructure. At the same time and in parallel, states are also introducing surveillance-pricing prohibition signaling growing legislative appetite to regulate data-driven personalization and discrimination before it becomes default infrastructure.

Below are examples of the ways this trend is taking shape:

• Algorithmic pay in app-based work. The best-known example of algorithmic wage-setting is in the context of ride-hail and delivery platforms, where algorithms determine pay and can be difficult for workers to predict or contest, a classic “black box” accountability problem that vendors now export into traditional workplaces. Bloomberg Law notes this “baseline model” is now being exported to other industries through vendors marketing automated pay tools.

• Payroll systems failing at scale: Workday rollouts. After Seattle rolled out Workday, a third-party algorithmic payment system, workers filed a wage theft class action alleging underpayments and payroll problems. This is an example of how implementation/configuration failures at scale can take place when software becomes the system of recording. In another example, Oregon state workers also reached a $15 million class action settlement over wage errors tied to the implementation of Workday Payroll. Both cases show why “software errors” can function as de facto wage theft when employers run pay through complex proprietary systems that workers cannot debug and employers struggle to correct. 

• Timekeeping rules driving wage loss: time edits, rounding, and auto meal deductions. In a federal class action against Yale New Haven Health, workers alleged the employer rounded and edited time records and automatically deducted meal breaks even when breaks were missed, interrupted, or not fully taken, showing how pay harm can come from timekeeping configuration choices (and the lack of a transparent, contestable audit trail), not an “even when no one labels it “algorithmic wage-setting”.

• Timekeeping systems failing at scale: the Kronos/UKG outage. The 2021 ransomware attack on Kronos/UKG’s timekeeping platform left employers without their normal system of record for weeks, triggering wage-and-hour claims that employees went unpaid or underpaid when employers reconstructed hours and overtime. For example, Cargill reached a $2.4M settlement tied to unpaid wages/overtime allegations stemming from the outage, and other employers (e.g., Frito-Lay; Honda) have faced similar outage-related wage claims and settlements, illustrating how dependence on a single timekeeping/payroll platform can create systemic pay risk when the software fails.

These examples show how payroll and timekeeping systems are often the choke point because they encode pay rules, execute pay-affecting actions (like time edits and eligibility flags), and generate, or withhold, the audit trail regulators need to verify compliance. 

Harms this proposal targets (and what we know about scope)

This memo targets a specific set of harms that arise when employers route compensation decisions through timekeeping, scheduling, and payroll systems (often with third-party inputs). 

These harms fall into five buckets:

1. Hidden wage loss and underpayment.
   Examples include time edits and reclassifications, automatic deductions (e.g., meal breaks), missing premiums/differentials, or misapplied overtime triggers that reduce pay without a clear explanation or easy correction path.
   What we know: wage-and-hour complaints and litigation regularly surface these mechanisms, especially when payroll/timekeeping becomes the system of record.
   
2. Income volatility and scheduling instability.
   Automated scheduling and rule-based eligibility can drive unpredictable hours, unstable earnings, and difficulty budgeting, even more so, when rules change inside proprietary systems.
   What we know: volatility is well-documented in app and gig-based labor markets and is a growing concern as similar logic moves into traditional workplaces.
   
3. Discrimination and disparate impact at scale.
   Surveillance-derived metrics, proxy variables, and eligibility flags can embed unequal treatment in pay, hours allocation, or access to premiums/bonuses, especially when workers cannot see or contest the underlying rule or data input.
   What we know: civil rights risk is structural when decisioning relies on opaque metrics and limited contestability; disability advocates flag heightened vulnerability due to higher fixed costs and budgeting constraints.
   
4. Accountability failures (“black box” enforcement gaps).
   When the system’s decision trail is unavailable, employers can’t explain pay outcomes, workers can’t self-advocate, and agencies can’t prove violations, turning basic labor protections into an after-the-fact guessing game.
   What we know: this is a recurring barrier in investigations and disputes involving payroll/timekeeping platforms and integrated tools.
   
5. Data governance harms (secondary use and third-party re-entry).
   Worker pay/HR data may be repurposed, shared onward, or reintroduced via third-party scores/flags (e.g., verification, analytics intermediaries, brokers), shaping pay and scheduling indirectly while obscuring provenance and accountability.
   What we know: third-party ecosystems exist and can influence eligibility/access decisions; the risk increases when data egress and sourcing aren’t disclosed.
   

Given these harms, this memo seeks to reduce wage loss, volatility, and discrimination by (1) limiting high-risk inputs and secondary use, (2) requiring audit-ready decision trails and integration/egress visibility, and (3) giving workers practical rights to notice, explanation, and correction.

Plan of Action

Recommendation 1. Establish a clear guardrail on compensation data use.

Adopt legislation to create the bright-line ban, scope, and remedies, then reinforce it through existing wage/civil rights/UDAP enforcement and procurement requirements for public employers and contractors.

States should adopt a bright-line rule that bars employers and vendors from using non-job-related personal data, including brokered data and broker-derived scores or classifications—to set or change wages, hours, bonuses, differentials, benefits, or pay eligibility. “Non-job-related personal data” means any data or inference not reasonably necessary and proportionate to determine hours worked, pay owed, or job-related compensation factors, which are limited to seniority, job classification, documented skills/credentials, objective shift attributes (e.g., nights/weekends/hazard pay), location-based cost adjustments, and transparent performance metrics tied to job duties (not biometrics, health inferences, parenthood status, home address, or off-duty behavior). This targets the core risk: opaque, individualized wage manipulation.

To prevent loopholes and misclassification incentives, the guardrail should:

• Cover workers broadly. Apply to employees and to workers treated as independent contractors when an algorithm or platform determines compensation, since contractors are often most vulnerable to misclassification and therefore irregular pay, and exposed to variable, algorithm-set pay.
• Define prohibited practices clearly. Treat “surveillance wage-setting” as the use of surveillance-derived data or inferences to determine compensation at an individualized level.
• Create real accountability. Pair agency enforcement (e.g., labor and state Attorney Generals) with meaningful penalties and a private right of action. For this, states can look to bills such as Colorado’s HB26-1210, New York’s S8872 (and Assembly companion A9641), or Maryland’s HB0148 as models.
• Center disability and civil rights protection. Require accessibility, nondiscrimination testing, and meaningful appeal/human review for any permitted automated compensation practices.
• Preserve legitimate pay practices. Allow transparent, non-personalized wage premiums (e.g., seniority steps, COLA, hazard pay, shift differentials) and job-related market adjustments that do not rely on individualized surveillance.
• Limit secondary use and commercialization of compensation data. Prohibit employers and vendors from selling, licensing, or otherwise disclosing worker compensation data (and pay-derived eligibility flags) to third parties for purposes unrelated to payroll and scheduling/service delivery, and prohibit use of compensation data to train generalized AI models unless the data is truly deidentified and the use is strictly necessary for the contracted service.

Recommendation 2. Make enforcement practical: require audit-ready records for algorithmic pay and scheduling systems.

Use rulemaking/guidance and enforcement to require decision-trail records and standardized audits, reinforced through procurement requirements for public employers and contractors, and use targeted legislation only if agencies lack clear authority to compel retention/production or to cover vendors directly.

This recommendation targets two recurring failure modes: (1) rollout/configuration errors (especially during integrations) and (2) black-box systems that prevent regulators from showing what the software did and why. Guardrails only work if agencies can access the decision trail behind pay outcomes. 

Agencies already use payroll records/paystubs, time and attendance data, schedules, job classifications and rate tables, and worker complaints. But those records often show only the outcome, not the mechanism; they rarely reveal which rules, inputs, or system changes produced a pay result. To enforce wage and civil rights protections when software mediates pay and scheduling, agencies must also require retention and production of:

• Automated decision records (audit trails): logs of pay-affecting actions (time edits, auto-deductions, pay recalculations, eligibility changes for premiums/bonuses), including timestamps and the rule or data source that triggered each change.
• Rule/configuration history: the pay rules in effect over time, plus change history and approvals.
• Integration and egress map: (a) upstream systems feeding decisioning (timekeeping, scheduling, attendance, productivity, location/ratings); (b) any third-party sources supplying inputs (verification databases and any data brokers/resellers), including which fields/scores they provide and which pay/eligibility rules use them; and (c) whether worker pay/HR data is shared onward or sold, and for what purposes, including any analytics, benchmarking, or model-training uses unrelated to payroll/service delivery.

These missing records are not “nice to have;” they are the minimum evidence needed to audit pay outcomes when software is the system of record. To close this enforcement gap, states should do two things at once: (1) require retention and production of decision-trail records, and (2) standardize how agencies request, analyze, and enforce them. 

Actions states can take now include:

1. Modernize payroll recordkeeping. Require employers (and covered vendors where appropriate) to retain and produce audit trails, rule/configuration history, and integration/egress maps as standard payroll records.
2. Standardize an audit protocol (Labor and State Attorney Generals). Use a shared checklist and data request template to compare system outputs to hours worked/pay owed and identify repeat patterns (missing premiums, unexplained deductions, volatility, disparate impact). A small interagency working group should maintain templates, secure intake, and a vendor/system map.
   • Rapid supply-chain mapping: for each investigation, map (1) payroll/HRIS, timekeeping, scheduling, and monitoring systems; (2) each vendor/subcontractor processing worker data; (3) third-party sources supplying scores/flags; (4) which fields feed which pay/eligibility rules; and (5) any onward sharing/sale of worker data.
   • Audit templates should include both case-level review (individual decision trails) and pattern tests (aggregate metrics that reveal systematic underpayment, volatility, or disparities after rollouts or rule changes).
3. Use procurement as leverage. For public employers and contractors, require auditability, data retention, worker notice, and cooperation with investigations as contract conditions. Contracts should also prohibit undisclosed sale/sharing of workforce and pay data and prohibit using worker pay/HR data for analytics, benchmarking, or model training unrelated to the contracted service, with audit rights and penalties for noncompliance.
4. Set minimum standards for pay-affecting vendor practices (rule-setting and procurement). States do not need to regulate every feature of payroll and scheduling software to reduce harm. A practical approach is to set a small set of baselines, enforcement-ready standards through State Attorney General labor enforcement guidance, settlement terms, and public procurement that target the most common ways software drives wage loss and blocks accountability.

To make this action (#4) more concrete, states can start with a brief list of “minimum operational standards” that directly targets the most common ways payroll and timekeeping systems reduce pay and block accountability.

Four minimum operational standards can pursue:

• No silent time edits or auto-deductions. Prohibit break deductions, time reclassifications (e.g., “idle time”), or post-hoc hour changes without clear worker notice. Require an easy, timely process to review and correct records. (Example: an automatic meal-break deduction should not reduce paid time when a worker did not take a break, took a shorter break, or had the break interrupted, unless the worker can easily confirm or correct the record.)  States can also require logs that show what changed, when, and why. 
• Document and notify pay rules and eligibility changes. Require documentation and worker notice when systems change eligibility for premiums, bonuses, differentials, or overtime triggers and when pay rules/configurations change. States can also seek to prohibit earnings-impacting changes without a traceable record and a responsible human owner. 
• Exportable audit logs (decision trails) as payroll records. Require tamper-resistant, exportable logs that capture pay-affecting actions, the rule that triggered them, and the data source used, and treat these logs as payroll records subject to retention and production requirements. 
• Burden-shifting when records are missing. If required records are missing, place the risk on the employer and not the worker—using a rebuttable presumption in favor of the worker’s reasonable account of hours/pay, plus escalating penalties for recordkeeping failures (civil fines, enhanced damages for systemic violations, monitoring/injunctive relief, and procurement consequences). 

When to act. Agencies should open an investigation when complaints jump right after a new system rollout, when time edits or auto-deductions show up unusually often, when workers can’t get a plain-English explanation or timely correction, or when it looks like third-party/non-work data is affecting pay, hours, or eligibility. To do this consistently, agencies should use a simple, standardized intake and escalation process that logs the employer, the vendor/system (when known), and the issue type and flags patterns that should be reviewed by a designated triage team.

Recommendation 3. Guarantee worker-facing transparency and contestability: a right to know, a right to an explanation, and a right to correct.

Use agency guidance/rules and procurement to require notice, explanations, and fast corrections where agencies already have authority; use legislation to create new worker rights (access, deadlines, anti-retaliation) where needed; and use enforcement to hold employers and vendors accountable when notices or records are missing, false, or misleading.

Enforcement alone often leaves workers waiting months for relief. States should therefore require worker-facing transparency for any automated system that sets pay or materially shapes earnings through time classification, scheduling, differentials, bonuses, or pay eligibility so workers can spot problems early, document patterns, and seek timely correction. Aggregated reporting can help identify systemic issues, but it does not replace a worker’s right to see and contest the records that determine their individual pay.

Privacy and data-broker rules (e.g., CCPA/CPRA-style disclosure and Delete Act-style broker mechanisms) provide useful templates for disclosure and access rights in the worker-pay context.

A worker rights package focused on this issue would include: 

• Right to notice. Provide clear, plain-language notice when automated systems affect pay, time classification, hours allocation, or eligibility for premiums/bonuses. Notices should name the system(s), the categories of data used, the outcomes affected, and whether the employer/vendor relies on third-party sources (including brokers/resellers, verification databases, or analytics intermediaries).
• Right to an explanation. When pay, eligibility, or schedules change due to an automated rule, provide a readable explanation showing what changed; the rule/threshold applied; the input data sources; the effective date; the responsible human owner; and the identity of any third-party source that supplied an input, score, or eligibility flag.
• Right to inspect core records. Provide access to pay-related artifacts needed for self-advocacy, including time entries and edits (including auto-deductions); premium/differential eligibility status; incentive/bonus formulas that apply; and a history of pay-affecting adjustments within the pay period.
• Aggregated reporting for pattern detection (privacy-protective). Require aggregated reporting (by job role/site/shift/pay period, with privacy thresholds) so workers and unions can detect systemic patterns (frequent time edits, missing premiums, pay volatility, disparities). Examples include: % of shifts with auto-deductions; time edits per one hundred workers per pay period; premium eligibility changes over time by job class/site; weekly hours volatility pre/post rollout; and disparity checks such as premium loss rates (no tiny groups).
• Right to timely correction and human review. Require fast, accessible processes to challenge errors or automated determinations affecting pay, with clear deadlines for correction/back pay and escalation paths when errors cause hardship.
• Collective bargaining compatibility. Structure these rights so unions can incorporate them into CBAs and side letters, including access to aggregated reports (time edits/auto-deductions, eligibility changes, error rates, volatility, disparate impact indicators) and bargaining triggers when vendors, integrations, or pay rules change.

Worker-facing transparency also strengthens enforcement: it creates documentation, reduces information asymmetry, and helps agencies identify employers and vendors that warrant priority investigation.

Conclusion

Fair and trustworthy workplace technology starts with something workers understand: a paycheck they can trust and a schedule they can plan around. The evidence is clear: algorithmic pay-setting is established in app-based work, and payroll/timekeeping failures show how software can produce systemic wage harm at scale. States can act now using existing labor, civil rights, consumer protection, and procurement authority—strengthened by a prohibition on surveillance wage-setting, enforcement-ready decision trails, and worker rights to notice, explanation, and correction, so “efficiency” doesn’t come at the expense of fairness, dignity, accessibility, or basic economic security.