Your Boss's Tracking App Shares Data With Meta and Google

Workplace monitoring has become increasingly prevalent across modern business environments, with hundreds of thousands of organizations deploying sophisticated software to track employee activities throughout the workday. However, a groundbreaking investigation has uncovered a troubling practice that extends far beyond employer oversight: these employee monitoring tools are systematically sharing sensitive worker data with major technology companies and data brokers, raising significant privacy concerns and regulatory questions.

The comprehensive research, conducted by Stephanie Nguyen, a senior fellow at Columbia Law School's Center for Law and the Economy and former Federal Trade Commission chief technologist under Lina Khan's leadership, examined nine different workplace monitoring services commonly referred to as "bossware." The findings revealed a systematic pattern of data sharing practices that many employees and employers may not fully understand or appreciate. According to the study, every single one of the nine services examined shared employee information with third-party platforms, creating a complex web of data collection and redistribution that extends well beyond the employer-employee relationship.

The types of information being shared paint a concerning picture of employee privacy erosion. The data shared ranges from basic identifying information such as names and email addresses to far more sensitive details including complete web browsing histories, keystroke patterns, and location data tracked throughout the workday. These platforms also capture information about employee applications and software usage, communication patterns, and in some cases, even information about employee social media accounts and online behavior outside of work hours. The recipients of this data are particularly noteworthy, including major technology corporations like Facebook (now Meta), Google, and various specialized data brokers whose business models depend on aggregating and selling personal information.

The research highlights an important gap between what employees understand about workplace monitoring and what actually occurs with their data. Most workers are aware that their employers may monitor their work-related activities and productivity, which has become a normalized practice in many industries. However, the revelation that this data is being systematically shared with advertising platforms and commercial data brokers represents a significant expansion of the surveillance ecosystem that most employees would not anticipate or approve of. The intermediation of major tech companies means that employee data is being integrated into broader advertising and consumer profiling systems, potentially exposing workers to targeted advertising, price discrimination, and other uses of their personal information.

Stephanie Nguyen's position as a former chief technologist at the Federal Trade Commission lends considerable authority to this investigation. Her experience at the FTC, during a period of increased regulatory scrutiny of technology companies under Commissioner Lina Khan, suggests that this research may have significant implications for future regulatory action. The FTC has been increasingly focused on examining how technology companies collect, use, and share personal data, particularly when that collection occurs without adequate transparency or consent from affected individuals. This study provides empirical evidence of practices that may warrant regulatory intervention.

The business model underlying these bossware data sharing practices reveals an important economic incentive structure. Many workplace monitoring services are offered at relatively low costs to employers, sometimes free or with minimal subscription fees. This business model sustainability may depend on monetizing employee data through partnerships with advertising platforms and data brokers. In other words, employees may be paying for their employers' ability to monitor them through the implicit cost of having their data sold to third parties. This arrangement raises questions about whether employees have truly consented to this data sharing, even if they may have technically agreed to workplace monitoring policies.

The implications for worker privacy and autonomy are substantial. When employees understand that their workplace monitoring data will be shared with advertising companies, it may fundamentally change their relationship with these tools and their employer. The psychological impact of knowing one's data is being sold to data brokers extends beyond the workplace itself, affecting how workers may be targeted and profiled as consumers in their personal time. Additionally, the aggregation of workplace data with other personal information held by data brokers creates a more comprehensive profile that could be used for purposes ranging from targeted advertising to potential employment discrimination or insurance pricing decisions.

The regulatory landscape surrounding employee monitoring and data sharing remains underdeveloped compared to the sophistication of the surveillance tools themselves. While some states have begun implementing laws requiring notice to employees about workplace monitoring, there are few requirements regarding third-party data sharing from these tools. The Federal Trade Commission has authority to challenge unfair or deceptive practices, and this research provides clear evidence that could support regulatory action. Companies may be failing to adequately disclose to employers that they are monetizing employee data, and failing to provide meaningful consent mechanisms to employees themselves.

For employers, the implications of this research should prompt a critical reexamination of their workplace monitoring strategies. Organizations that are concerned about employee privacy and data protection may need to actively select employee monitoring solutions that either do not engage in third-party data sharing or that operate under stricter data governance frameworks. The reputational risk of using tools that secretly monetize employee data could outweigh the productivity benefits these systems purport to provide. Forward-thinking organizations may find that respecting employee privacy becomes a competitive advantage in talent recruitment and retention.

The broader context of this research reflects ongoing tensions between employer desires for productivity monitoring and fundamental worker rights to privacy. While employers have legitimate interests in understanding how employees spend their time and ensuring appropriate use of company resources, these interests must be balanced against employee privacy rights and the broader societal concerns about surveillance capitalism. The systematic monetization of employee data represents a particularly troubling dimension of workplace monitoring that extends the logic of employer surveillance into commercial systems.

Moving forward, this Columbia Law School study serves as an important catalyst for conversations about regulatory reform and industry standards. Policymakers may use these findings to develop stronger requirements around disclosure and consent for employee data sharing. Technology companies offering workplace monitoring solutions may face pressure to change their business models or provide stronger privacy protections. Employees, armed with information about how their data is being used, may demand greater transparency and control over their digital footprints both in and out of the workplace. This research ultimately highlights the need for a more comprehensive approach to workplace privacy protection that recognizes the complex ecosystem of surveillance tools and data flows in modern employment relationships.