The idea appears practical on the surface. Remote workers may want to know whether coworkers are physically present at the office to access documents or coordinate tasks that require on-site resources. However, the convenience quickly gives way to concerns about surveillance. Critics warn that this feature could easily be misused to monitor employee attendance or indirectly enforce return-to-office mandates—especially as Microsoft itself is requiring employees living within 50 miles of its offices to spend at least three days a week on-site starting next February.
To better understand the implications, TECHBOOK consulted Professor Christian Solmecke, a specialist in media and IT law. He argues that the feature rests on uncertain legal footing under European privacy regulations. According to Solmecke, automatically updating an employee’s location constitutes the processing of personal data, which is allowed under the GDPR only when supported by a valid legal basis. In this case, two possibilities exist: explicit employee consent or a legitimate interest on the part of the employer. But as Solmecke explains, an employer’s interest in transparency rarely outweighs an employee’s right to privacy, especially when tracking is not strictly necessary for job performance.
The expert compares the situation to covert video surveillance, which is only permitted when there is a concrete suspicion of wrongdoing. Location tracking, if used to verify whether workers are actually on-site, falls into a similar category. For routine operations, he stresses, such monitoring would likely be disproportionate. Solmecke adds that neither broad IT policies nor standard employment contracts provide sufficient grounds for processing this type of data. Consent must be truly voluntary, which is difficult to guarantee in an employer-employee relationship where workers may feel pressured to agree.
He states that if companies wish to enable this automatic location sharing, a dedicated written agreement would be required—one that employees can decline without negative repercussions. Additionally, in workplaces with a works council, co-determination rules apply. Under Germany’s Works Constitution Act, systems capable of monitoring performance or behavior must be approved by the works council before being implemented. Without such approval or a corresponding works agreement, enabling the feature would violate privacy law.
For employees, the upcoming rollout does not mean their on-site presence will immediately become visible. Microsoft cannot allow employers to activate such a feature without clear employee knowledge or consent. According to Solmecke, any attempt to automatically log and share employee location inside the company would be legally vulnerable and potentially challengeable. Workers retain the right to reject such data collection unless a lawful framework is in place.
As companies continue navigating hybrid and remote work models, Microsoft’s new location-based status illustrates the growing tension between workplace efficiency and digital privacy. Whether organizations adopt this feature will likely depend on how well they balance those priorities—and whether they can do so within the boundaries of data protection law.
