On July 14, 2017, an administrative law judge handed Google a victory over the Office of Federal Contract Compliance Programs (“OFCCP”), ruling that the OFCCP’s requests for Google’s employee data were over-broad and intrusive on employee privacy, and that they exceeded “even the considerable deference owed OFCCP . . . as they create an unreasonable burden on Google and its employees.”

The OFCCP is the agency of the Department of Labor charged with auditing government contractors to determine whether they are complying with certain contractually imposed anti-discrimination and affirmative action obligations.  The OFCCP previously selected Google for an audit in September 2015 – not because of a complaint, but based on its own internal neutral criteria.  Google was subject to such an audit due to a contract it accepted in 2014 to provide “Advertising and Marketing Solutions.”

The audit began in 2015 and continued for over a year before this issue arose. During that time, the amount of information Google provided now makes this the largest ongoing audit in OFCCP’s Pacific Region and one of the ten largest that OFCCP has conducted.  According to the decision, Google expended over 2,300-person hours collecting and providing information and documentation before the impasse was reached.

The audit process came to a halt in June 2016, when the OFCCP requested a large amount of additional information and materials. Google agreed to produce some of what the OFCCP requested and protested the remainder, raising various legal challenges. Eventually, the parties reached an impasse on three specific items. Specifically, 1) a “snapshot” as of September 2014 containing significant amounts of data of each of the relevant 19,539 Google employees, 2) a salary and job history of those employees, covering the employees’ entire tenure with Google, and 3) the name, address, telephone number, and personal email of every one of those employees. As a note, Google previously provided a similar “snapshot” from 2015.

In his 43-page decision, Judge Steven Berlin said that the demand for data about Google employees made by the OFCCP was “over-broad, intrusive on employee privacy, unduly burdensome, and insufficiently focused on obtaining the relevant information.”

Berlin wrote in his decision that the OFCCP was unable to prove the need for their request: “Despite having several investigators interview more than 20 Google executives and managers over two days and having reviewed over a million compensation-related data points and many hundreds of thousands of documents, OFCCP offered nothing credible or reliable to show that its theory about negotiating starting salaries is based in the Google context on anything more than speculation.”

In a blog post, Eileen Naughton, vice president of people operations at Google, said that Google has complied with past OFCCP audits. For this particular one, the company “provided more than 329,000 documents and more than 1.7 million data points, including detailed compensation information, in response to OFCCP’s 18 different data requests.” In addition, as part of its defense, Google cited its concern providing personal contact information for more than 25,000 overall employees could have privacy implications. And it seems that Judge Berlin agreed, citing the history of government data breaches with the Office of Personnel Management, the Presidential election, and recent ransomware attacks on the Department of Labor data.

If the Department of Labor doesn’t file an appeal and Berlin’s recommendation is finalized, Naughton said Google will comply with the rest of the order and provide “the more limited data set” approved by the judge, which includes contact information for up to 8,000 employees.