top of page

Digital Twins at Work: The Next Employee Data Problem for Employers

  • Writer: Mark Addington
    Mark Addington
  • 1 day ago
  • 8 min read

Digital twins may become one of the next major workplace AI issues. The term can mean different things depending on the technology, but in the employment context, the concern is easy to understand. An employer may use an employee's emails, chats, documents, meeting transcripts, recorded calls, workflow history, customer interactions, and decision-making patterns to create an AI tool that mimics that employee's knowledge, style, judgment, or role.


For employers, the business case may be appealing. A digital twin could preserve institutional knowledge, help train new employees, assist with customer service, reduce disruption when key employees leave, or allow executives and managers to handle routine communications more efficiently. But the legal question is not simply whether the technology is useful. The harder question is whether the employer has defined what is being copied, who controls the copy, how it may be used, and whether it may survive the employment relationship.


Digital Twins Are Not Just Another Workplace AI Tool

Employers are already using AI for recruiting, scheduling, customer service, document review, training, productivity analysis, and other business functions. A workplace digital twin differs in that it may be employee-specific. It may be trained not only on general business data, but on the conduct, communications, knowledge, and patterns of a particular person.

That distinction matters. An employer may own company emails, business records, documents, and work product. But ownership of those materials does not necessarily answer every question about how to use them to create a continuing AI version of an employee's professional identity. A digital twin may blend employer-owned data with employee-specific judgment, communication style, voice, image, client relationships, and accumulated experience.

That is where the legal risk begins.


The Early Legal Signals Are Already Here

There are not yet many reported employment cases involving a true digital twin of an ordinary employee. That does not mean the issue is theoretical. Courts, regulators, and lawmakers are already beginning to examine AI systems that replicate people, use personal data, or influence employment opportunities.



Mobley v. Workday, Inc., 740 F. Supp. 3d 796 (N.D. Cal. 2024), is different. It is not a digital twin case. It does not involve a digital replica, employee likeness, voice, or post-employment use of an employee's knowledge. Its relevance is narrower, but important. Mobley shows that when an AI tool materially affects access to employment opportunities, courts may look beyond the employer's or vendor's description of the technology and examine how the tool actually functions.


In Mobley, the plaintiff alleged that Workday's algorithm-based applicant-screening tools discriminated against applicants on the basis of protected characteristics. The court rejected the "employment agency" theory, but allowed the case to proceed on the theory that Workday could be treated as an agent of the employers using its tools. That distinction strengthens the practical lesson: labels do not necessarily control. A vendor may not be an "employment agency," but its role in an employment process may still matter legally.


That principle has obvious implications for workplace digital twins. A digital twin may begin as a productivity or knowledge-management tool. But if it is used to evaluate employees, assign work, train replacements, recommend discipline, support promotion decisions, screen applicants, manage customers, or shift duties away from an employee after protected activity, the legal analysis may change. At that point, the issue is no longer only who owns the data or who controls the software. The question becomes whether the AI system affected the terms, conditions, or opportunities of employment.


For employers, the lesson from Mobley is not that digital twins are unlawful. The lesson is that labels may not control. Calling a system a "support tool," "assistant," "knowledge base," or "digital twin" will not necessarily determine the legal analysis. Employers should focus on what the system does, what decisions it influences, what data it uses, who supervises it, and whether its use can be audited and explained.


That is why employers should address digital twins before they are embedded in workplace operations. A tool designed to preserve knowledge can quickly become a tool that changes job duties, reallocates opportunities, or affects employment decisions.


Florida Employers Should Not Ignore Likeness, Persona, and Multistate Privacy Issues

For Florida employers, digital twins also raise state-law issues that should not be overlooked. Florida's right-of-publicity statute, section 540.08, Florida Statutes, restricts the unauthorized public use of a person's "name, portrait, photograph, or other likeness" for purposes of trade, commercial use, or advertising without consent. The statute also includes postmortem rights, barring claims only after 40 years from the person's death.


That does not mean every internal workplace digital twin will trigger section 540.08. The statute is directed at public use of name or likeness for trade, commercial, or advertising purposes. It also does not expressly list voice. But it is relevant to some of the harder scenarios, especially where an employer uses a former employee's image, likeness, persona, or potentially a voice clone in customer-facing materials, sales communications, advertising, training content, or external presentations. In those situations, employers should not assume that ordinary work-product ownership language answers the question.


Florida employers should also think beyond Florida. Florida does not have a standalone biometric privacy statute analogous to Illinois's Biometric Information Privacy Act. Florida's Digital Bill of Rights treats biometric data as sensitive personal data, but it is not a Florida version of BIPA. Among other differences, Florida's law is enforced by the Attorney General rather than through a broad private right of action.


That distinction matters for multistate employers. Illinois's BIPA includes private enforcement and has generated substantial litigation risk around biometric identifiers and biometric information. A Florida-based company with employees, applicants, customers, or operations in other states may face different consent, notice, retention, and private-lawsuit risks when voiceprints, facial geometry, or other biometric identifiers are used to build or operate AI systems. The compliance question is not only where the employer is headquartered. It is also whose data is being used and where those individuals are protected.


Ownership Is Not Enough

Employers should resist the temptation to treat digital twins as a simple ownership issue. The real questions are broader.


What data will be used to build the digital twin? Was the employee told that the data could be used in that way? Does the employer's AI policy cover employee-specific models? Does the employment agreement address post-employment use? Does the vendor contract allow the vendor to use the employer's data to improve its own systems? Can the employee object? Can the digital twin communicate with clients or customers? Can it be used after the employee resigns, retires, is terminated, or joins a competitor?


Those questions should be answered before deployment. They should not be left for a separation dispute, trade secret fight, discrimination claim, or customer complaint.


Post-Employment Use May Be the Hardest Issue

The most likely flashpoint may be what happens after the employee leaves. Suppose an employer builds a digital twin of a senior employee with significant client relationships, technical knowledge, or institutional authority. Can the employer continue using the twin after that person resigns? Can it train the replacement? Can it communicate with customers? Can it draft messages in the former employee's style? Can it rely on the former employee's judgment patterns to make business recommendations?


Those facts could create disputes over consent, compensation, confidentiality, unfair competition, right of publicity, misrepresentation, and trade secrets. The problem becomes even more sensitive if the employee leaves for a competitor, is terminated after protected activity, retires, becomes incapacitated, or dies.


Employers should define post-employment use expressly. A generic work-product clause may not be enough.


Wage-and-Hour Issues Should Not Be Overlooked

Digital twins also raise practical wage-and-hour questions. If non-exempt employees are required to train, test, correct, supervise, or maintain AI replicas, that time may be compensable work. If employees are expected to respond to prompts, correct outputs, review transcripts, or refine the system outside normal hours, employers may create off-the-clock and recordkeeping issues.


This is especially important because training a digital twin may not look like traditional work. It may feel like answering questions, correcting drafts, reviewing suggested responses, or rating outputs. But if the activity is required and benefits the employer, employers should analyze whether the time must be tracked and paid.


Discrimination, Retaliation, and Job Erosion

A digital twin trained on historical workplace behavior may reproduce more than expertise. It may reproduce subjective preferences, exclusionary patterns, biased assumptions, or flaws in prior decision-making. If that tool influences hiring, promotion, discipline, scheduling, customer assignments, compensation, or termination, the employer may remain responsible for the resulting employment decision.


There is also a retaliation and constructive-discharge angle. If an employer begins shifting an employee's core responsibilities to a digital twin after the employee complains, requests leave, seeks an accommodation, reports discrimination, or engages in other protected activity, the employee may argue that the employer materially changed the job or used AI to sideline the employee.


The technology may be new, but the legal theories will sound familiar.


Confidentiality, Trade Secrets, and Vendor Control

A workplace digital twin may become a concentrated repository of sensitive information. It may contain pricing strategy, client preferences, internal processes, customer lists, legal advice, financial data, technical knowledge, and confidential business plans.


That creates two separate risks. First, employers must control internal access. Not every employee who could benefit from a digital twin should have access to everything the twin knows. Second, employers must control vendor use. Vendor agreements should address confidentiality, cybersecurity, retention, deletion, model training, subcontractors, audit rights, and whether employer data can be used to improve tools for other customers. For many employers, the vendor contract may be as important as the employment policy.


Transparency With Clients, Customers, and Coworkers

If a customer, client, vendor, or coworker believes they are communicating with a specific person, but they are actually communicating with that person's AI replica, the employer should consider whether disclosure is appropriate or required. Even where no specific disclosure rule applies, transparency may reduce reputational, ethical, and misrepresentation risks.


This issue may be especially important in professional services, healthcare, financial services, education, consulting, and other industries where trust and personal judgment matter.


Unionized Workplaces Add Another Layer

In unionized workplaces, digital twins may implicate bargaining obligations. The technology may affect surveillance, job duties, staffing, workload, productivity expectations, discipline, displacement, or access to employee data. Employers should evaluate labor obligations before implementation, not after the technology changes working conditions.


What Employers Should Do Before Deployment

Employers do not need to reject digital twin technology outright. But they should not let the technology arrive before the rules.


Before creating or using employee-specific AI tools, employers should review AI governance policies, employee monitoring notices, confidentiality agreements, invention and work-product provisions, handbooks, wage-and-hour practices, data retention policies, separation agreements, and vendor contracts.


The goal is to answer the important questions in advance: what data may be used, what may not be used, who owns the resulting system, who controls access, how long the digital twin may operate, whether it may survive employment, whether the employee must consent, whether customers or coworkers must be told, and what human oversight remains required.


Digital twins may sound futuristic. For employers, the legal risks are not. They are familiar issues in a new form: employee data, consent, ownership, compensation, discrimination, confidentiality, vendor control, and post-employment use.


The better approach is to address those issues before the digital twin becomes part of the workforce.

 
 
 

Comments


bottom of page