It has been revealed that workplace monitoring software, called “bossware” used to monitor employees, does not only provide data to employers. New research conducted by researchers at the Center for Law and Economics at Columbia University School of Law shows that such software also shares user data with third-party platforms such as Meta, Google and Microsoft. Stephanie Nguyen, who led the research, states that all nine different platforms under review shared employee data with outside companies. Shared information includes names, e-mail addresses, IP information and internet usage data.
Within the scope of the research, platforms named Apploye, Desklog, Hubstaff, Monitask, Buddy Punch, VeriClock, When I Work, Deputy and Time Doctor were examined. It is stated that large companies such as Amazon Ring, Ben & Jerry’s, Ticketmaster, Verizon and Tesla are among the customers of these services. According to the review report, these platforms are used in hundreds of thousands of workplaces in total. Despite this, it is stated that there is not enough transparency regarding which employee data is shared with whom.
Stephanie Nguyen told The Verge that the most striking part of the research is that all platforms share data. Employees often think only their employers are tracking them, Nguyen said, but the apps also send data to advertising and analytics companies. It is reported that employee profiles can be made more comprehensive, especially by monitoring online movements.
Some companies did not respond directly to the survey. In his statement, Deputy argued that third-party service relationships are limited only to infrastructure and operational needs. The company claimed that researchers had confused its employee application with marketing cookies on its public corporate website. Despite this, Nguyen stated that they found that employees’ names, e-mail addresses and company information were transferred to third-party services starting from the login screen.
Employee tracking software also processes location and internet history data
During the review, researchers evaluated the privacy policies and terms of use of the platforms. In addition, both administrator and employee accounts were created and network traffic was analyzed. In the investigations carried out with open source tools, it was tracked which data the applications shared with which services. The findings included the websites visited by employees, IP addresses and the transfer of company information. It was stated that three of the nine platforms can collect precise location data even when the application is running in the background.
The research highlights not only data sharing but also the overall effects of employee surveillance. According to the report, these systems can lead to erroneous inferences about employees’ behavior. For example, it is stated that movement data may produce incorrect evaluations on issues such as health status or physical condition. In addition, it is emphasized that performance analyzes may lead to discriminatory results.
Third-party data sharing further increases the risk. Researchers point to data brokers who create detailed user profiles by combining information collected from different sources. It is stated that by adding workplace data to these profiles, long-term digital histories of employees can be created. This situation is described in the report as the “shadow employee reputation economy”. It is evaluated that such a system could be effective in many areas, from employee job change processes to advertising targeting.
The lack of a comprehensive national data privacy law in the US also makes workers more vulnerable. The report states that employees often do not have the opportunity to reject these tracking systems. While it is stated that they have to continue using surveillance tools due to the risk of losing their jobs, it is stated that not enough information is given about what data is collected and how it is used.
As a solution, the researchers suggest banning employee data from being sold or shared with third parties. In addition, it is stated that sensitive data collection methods such as off-duty location tracking should be limited and clear rules should be introduced regarding how long companies can keep data. It is stated that existing state laws and consumer protection regulations may also be applied against unexpected use of employee data. In addition, it is stated that if such data is used in recruitment or performance evaluation processes, legal problems may arise within the scope of the Fair Credit Reporting Act.
In order not to miss the technology agenda, 📰 add it to Google News, 💬 join our WhatsApp channel, ▶ subscribe to YouTube, 📷 follow us on Instagram and 𝕏 X.