Your employer’s tracking software is quietly feeding your private data to Google, Microsoft and Meta, study finds

The app your employer uses to track attendance, productivity or work hours could also be sending your data to tech giants like Google, Meta and Microsoft. A new study has found that these workplace monitoring apps, often referred to as “bossware”, are also sharing employee data with digital advertising platforms and data brokers.

The research, conducted by researchers from Columbia Law School, Northeastern University, Vanderbilt University and University of California, Berkeley, examined nine widely used “bossware” platforms, including Hubstaff, Time Doctor and Deputy. These apps allow employers to track employee activity such as work hours, screenshots, keyboard and mouse usage, location data, app activity and other productivity metrics.

“The striking piece of this study is that every single platform, nine of nine bossware companies, shared worker data with outside companies,” Stephanie Nguyen told The Verge

What data were bossware apps sharing?

Researchers created worker and manager accounts on these services and then went on to analyse how data moved through these apps.

They found that all nine workplace apps shared personal worker data like names, email addresses and company details with third parties. The researchers found 121 instances where worker data was shared with external companies including Facebook, Google, Microsoft and AppLovin.

The researchers also found that these apps transmitted sensitive details like IP addresses, device information and websites visited to 145 third-party companies, which include Facebook, Google, LinkedIn, Bing and Yandex.

“Bossware platforms have adopted the same business model as much of the consumer internet: collect as much data as possible, retain it indefinitely, and repurpose it in ways workers neither expect nor meaningfully consent to,” the researchers warn.

They also note that these companies subsequently monetise employee data by taking note of details like when an app is used or what network a device is connected to in order to make further inferences about an employee’s habits, engagement or intent to look for another job.

The report also found that a third of the tested workplace monitoring platforms had the ability to track workers’ precise location even when the app was running in the background or potentially when the worker was off the clock.

Researchers note that the workplace should not become another frontier for “unchecked surveillance and data extraction.”

“Banning the sharing and selling of workplace data now is critical to avoid locking in practices that undermine worker privacy, autonomy and economic security,” the report notes.

“Workers typically lack the ability to meaningfully refuse surveillance, to switch employers, or to stop using an employer-issued surveillance platform without risking their jobs and livelihoods.”