A recent study has raised concerns about the privacy practices of workplace monitoring software, revealing that many employee-tracking applications are sharing user information with major technology companies, advertising networks, and data brokers.

The research was conducted by experts from Columbia Law School, Northeastern University, Vanderbilt University, and the University of California, Berkeley. The team examined nine popular workplace monitoring platforms, commonly known as "bossware," including Hubstaff, Time Doctor, and Deputy. These tools are widely used by employers to monitor staff activities such as working hours, keyboard and mouse usage, screenshots, location tracking, application activity, and productivity levels.

According to the findings, all nine platforms transmitted employee-related information to external organizations. Researchers created both employee and manager accounts to study how data flowed through the applications and identified numerous instances where personal information was shared with third parties.

“The striking piece of this study is that every single platform, nine of nine bossware companies, shared worker data with outside companies,” Stephanie Nguyen told The Verge.

The investigation uncovered 121 cases where employee information, including names, email addresses, and company details, was sent to external entities such as Facebook, Google, Microsoft, and AppLovin. Researchers also found that sensitive information—including IP addresses, device specifications, and browsing activity—was shared with 145 third-party companies, among them Facebook, Google, LinkedIn, Bing, and Yandex.

The report warns that many workplace monitoring providers have adopted data collection practices similar to those seen across much of the consumer internet.

“Bossware platforms have adopted the same business model as much of the consumer internet: collect as much data as possible, retain it indefinitely, and repurpose it in ways workers neither expect nor meaningfully consent to,” the researchers warn.

Researchers further noted that companies may use collected information, such as app usage patterns and network connections, to draw conclusions about employee behavior, engagement levels, or even whether a worker may be considering a job change.

The study also highlighted location-tracking concerns. Approximately one-third of the platforms reviewed were capable of monitoring a worker’s precise location even when the application was running in the background and, in some cases, potentially outside working hours.

The researchers emphasized that workplaces should not evolve into environments of excessive surveillance and unchecked data collection.

“Banning the sharing and selling of workplace data now is critical to avoid locking in practices that undermine worker privacy, autonomy and economic security,” the report notes.

“Workers typically lack the ability to meaningfully refuse surveillance, to switch employers, or to stop using an employer-issued surveillance platform without risking their jobs and livelihoods.”

Several companies named in the study did not immediately respond to requests for comment. However, Deputy’s Chief Technology Officer, Ciaran Hale, stated that the company works only with trusted service providers necessary for platform operations, security, and reliability. He also argued that researchers may have confused marketing-related website cookies with the company's secure employee application. Researchers maintained that their review covered the entire user journey experienced by workers, from visiting the company website to using the application itself.

The findings have intensified discussions around employee privacy, workplace surveillance, and the growing role of data collection technologies in modern work environments.