Since the Edward Snowden revelations, anti-surveillance activism has focused on the watchful eye of the public sector. Advocates have forced reforms onto the Congressional agenda, and have made bulk data collection a major political issue, meriting selfies from Rand Paul and cautious defenses of the status quo from his fellow presidential candidates.

But there are other forms of oppressive surveillance that barely get any attention from politicians, even though they also spark widespread outrage. Consider recent efforts by an employer to force a worker to keep an app on her phone that reported her location—24/7, on the clock or off—to her boss. Or Esther Kaplan’s exposé earlier this year of UPS’s treatment of its workers: Under constant scrutiny, many are risking injury, or others’ safety , to shave seconds off their delivery times.

These are not isolated cases. Employers are monitoring keystrokes, tones of voice, and faces, all in the name of predictive analytics. Doubt it can get worse? Just talk to the traders who report to managers on what they do and eat and drink, so their job performance can be correlated to certain regimes of exercise and nutrition—some of which will almost certainly become recommended, then mandatory, once optimal patterns are found.

Why has government surveillance become a major political issue, while workplace monitoring barely registers? The Citizens United ruling, of course, has played a role—money talks in politics, and the employer lobby dwarfs even the spy sector. But there are also some misconceptions that can explain this asymmetry in attention.

Many libertarians argue that the threat from the NSA or FBI is far graver than that coming from any private company—firms, no matter how oppressive, cannot put their employees in jail. However, they can and often do share their information with the government. For example, when a woman was interrogated for an innocent search about pressure cookers by anti-terrorism task force agents who were scared she might be the next Boston bomber, it was her employer that had flagged her as a threat—not any NSA dragnet. Robust workplace privacy rules could have prevented her company’s monitoring of her actions.

Those who focus on the government’s privacy infringements also tend to emphasize that, while employees can switch jobs, it is much harder to move to another nation to avoid American surveillance. But this argument is a red herring as well: Competitive pressures  and Big Data faddism are combining to motivate bosses to impose ever stricter surveillance regimes on their workers, which likely will become the rule rather than exceptions. Employees also find it next to impossible to bargain for privacy when they are moving from job to job; it simply is not up for negotiation for the vast majority of workers. As companies race to the bottom in privacy practices, individual workers have next to no leverage to halt the slide.

Legal scholars have been sounding the alarm for years now, and should get more attention from policymakers. Lothar Determan’s and Robert Sprague’s findings, for example, are stark: Europe has taken concrete steps to protect worker privacy, while America has fallen far behind. For example, they write,

Germany, Italy, the Netherlands, Spain, and the United Kingdom strictly prohibit ongoing monitoring of employee communications and permit electronic monitoring only in very limited circumstances (e.g., where an employer already has concrete suspicions of wrong-doing against particular employees), subject to significant restrictions with respect to the duration, mode, and subjects of the monitoring activities.

Some EU jurisdictions also require consultations by employers with “unions or other employee representative bodies before subjecting their employees to surveillance measures.” By comparing American workplace monitoring with more balanced approaches, they demonstrate just how out of lopsided our workplace power relationships have become. Privacy experts recommend clear limits on business power, realizing that the logic of market competition in data-driven industries is to constantly demand more invasive inspections of workers’ performance, levels of concentration, attentiveness, and physical condition.  

So what should be done? The progress anti-surveillance advocates have made is instructive. To their credit, activists who focus on government programs have a clear set of demands: end bulk data collection and warrantless wiretapping. And the academics who authored The NSA Report have complemented activist demands by developing a nuanced set of policy recommendations. For those who care about workplace freedom and worker autonomy, a similar, two-pronged route would be effective. Activists can focus on the most egregious forms of workplace spying, and push for bans on them. Meanwhile, academics can develop finer distinctions about when watching is generally permitted, when it must be licensed by some state authority, and when it is forbidden in all circumstances.

Putting reasonable limits on private surveillance is possible. For example, in 2006, California and Wisconsin banned all persons, including employers, from requiring any other person (such as workers) to be “chipped” with an RFID tag. That may seem like an extreme, dystopian possibility, but forbidding it now shows practical foresight. Some states have also banned employers from requiring employees to turn over the login credentials for their social media accounts.

But more restrictions should be on the legislative agenda. Requiring workers to install an app that records and reports one’s location, 24/7, is exactly the type of intrusive voyeurism that should be presumed illegal. Other spy tools should, at a minimum, merit a full impact assessment before being implemented. In the long run, legislation is vital. States and the federal government need to step up their monitoring of employer violations of privacy. Until they start drawing red lines, the push by bosses to monitor every aspect of workers’ lives—online and off, at work or home—will only gather momentum.