What is the story about?
A new study has raised concerns over how workplace monitoring software collects and distributes employee information, with researchers warning that many popular “bossware” platforms are sharing worker data with major technology and advertising companies.
The research, carried out by academics from Columbia Law School, Northeastern University, Vanderbilt University and the University of California, Berkeley, examined nine widely used employee monitoring services including Hubstaff, Time Doctor and Deputy. These platforms are commonly used by companies to track staff attendance, productivity and online activity.
The apps can monitor a wide range of employee behaviour, including time spent working, keyboard and mouse activity, screenshots, location data, app usage and browsing behaviour. According to the researchers, the information gathered does not always stay within the workplace.
Stephanie Nguyen, one of the researchers involved in the study, told The Verge that the most significant finding was that all nine platforms examined transmitted worker data to external firms.
To conduct the study, researchers created both worker and manager accounts across the different services before analysing how user data moved through the platforms.
They discovered that every app tested shared personal employee details such as names, email addresses and company information with outside organisations. In total, researchers identified 121 separate instances where worker data was transferred to third parties including Meta, Google, Microsoft and AppLovin.
The study also found that sensitive technical information, including IP addresses, device identifiers and websites visited by workers, was sent to 145 third-party companies. These included firms linked to advertising, analytics and tracking services such as LinkedIn, Bing and Yandex.
Researchers argued that many workplace surveillance platforms now operate using a business model similar to that of consumer internet companies, where vast amounts of user data are collected, stored and repurposed over time.
The report warned that companies could potentially use metadata, such as when workers log into apps or the networks they connect to, to infer behaviour patterns, engagement levels or even whether an employee may be considering changing jobs.
The researchers also highlighted concerns around location tracking. According to the report, around one-third of the workplace monitoring apps tested were capable of collecting workers’ precise location data while running in the background, including in situations where employees may no longer have been actively working.
The authors of the study cautioned that workplaces risk becoming another arena for extensive digital surveillance and commercial data extraction unless stronger safeguards are introduced.
They argued that employees often have little practical ability to refuse monitoring tools, particularly when such software is required by employers. Refusing to use these platforms, the report noted, could place workers’ jobs or livelihoods at risk.
The researchers have called for tighter restrictions on how workplace monitoring companies collect, share and monetise employee data, warning that unchecked surveillance practices could erode worker privacy, autonomy and economic security over time.
The research, carried out by academics from Columbia Law School, Northeastern University, Vanderbilt University and the University of California, Berkeley, examined nine widely used employee monitoring services including Hubstaff, Time Doctor and Deputy. These platforms are commonly used by companies to track staff attendance, productivity and online activity.
The apps can monitor a wide range of employee behaviour, including time spent working, keyboard and mouse activity, screenshots, location data, app usage and browsing behaviour. According to the researchers, the information gathered does not always stay within the workplace.
Stephanie Nguyen, one of the researchers involved in the study, told The Verge that the most significant finding was that all nine platforms examined transmitted worker data to external firms.
Researchers found widespread data sharing
To conduct the study, researchers created both worker and manager accounts across the different services before analysing how user data moved through the platforms.
They discovered that every app tested shared personal employee details such as names, email addresses and company information with outside organisations. In total, researchers identified 121 separate instances where worker data was transferred to third parties including Meta, Google, Microsoft and AppLovin.
The study also found that sensitive technical information, including IP addresses, device identifiers and websites visited by workers, was sent to 145 third-party companies. These included firms linked to advertising, analytics and tracking services such as LinkedIn, Bing and Yandex.
Researchers argued that many workplace surveillance platforms now operate using a business model similar to that of consumer internet companies, where vast amounts of user data are collected, stored and repurposed over time.
The report warned that companies could potentially use metadata, such as when workers log into apps or the networks they connect to, to infer behaviour patterns, engagement levels or even whether an employee may be considering changing jobs.
Concerns over surveillance beyond work hours
The researchers also highlighted concerns around location tracking. According to the report, around one-third of the workplace monitoring apps tested were capable of collecting workers’ precise location data while running in the background, including in situations where employees may no longer have been actively working.
The authors of the study cautioned that workplaces risk becoming another arena for extensive digital surveillance and commercial data extraction unless stronger safeguards are introduced.
They argued that employees often have little practical ability to refuse monitoring tools, particularly when such software is required by employers. Refusing to use these platforms, the report noted, could place workers’ jobs or livelihoods at risk.
The researchers have called for tighter restrictions on how workplace monitoring companies collect, share and monetise employee data, warning that unchecked surveillance practices could erode worker privacy, autonomy and economic security over time.
