:

META AND GOOGLE GET DATA FROM EMPLOYEE TRACKING APPS

INDUSTRY DESK2 MIN READ
THU, MAY 21, 2026

■ AI-SUMMARIZED FROM 2 SOURCES ▸ TIMELINE

A new study found that workplace monitoring software used by hundreds of thousands of companies shares employee data with Meta, Google, and data brokers. All nine bossware services examined in the research transmitted personal information beyond employers.

Workplace monitoring software—often called "bossware"—has become commonplace across corporate America. These tools track employee activity, from keystroke logging to screen monitoring. A comprehensive review led by Stephanie Nguyen, senior fellow at Columbia Law School's Center for Law and the Economy, reveals the scope of data leakage from these platforms. The study examined nine major workplace monitoring services and found that all of them share employee data with third parties. Meta and Google are among the biggest recipients, gaining access to information about workers through tracking pixels and data integrations embedded in these monitoring tools. Nguyen, who previously served as chief technologist at the Federal Trade Commission under Chair Lina Khan, oversaw the research that documents how bossware vendors collect detailed behavioral data and then distribute it to digital advertising platforms and data brokers. The implications are significant. Employees believe their monitoring data stays within their organization, used only for workplace purposes. Instead, the information flows to major tech platforms that use it for targeted advertising and other commercial purposes. This creates a secondary surveillance system layered on top of employer monitoring. The findings raise questions about workplace privacy and data practices. Employees have limited visibility into what data their monitoring software collects or where it goes. Many are unaware their activity feeds into advertising networks. The research adds to growing scrutiny of both workplace surveillance tools and how major tech platforms acquire data. Regulators, including the FTC, have increasingly focused on data broker practices and how companies acquire personal information through third-party channels. Neither Meta nor Google immediately responded to requests for comment on the study. The bossware vendors involved have not addressed the findings. The study underscores the interconnected nature of modern data flows—where information collected for one purpose rapidly becomes valuable to other industries, often without meaningful user consent or awareness.

■ SOURCES

The VergeTechCrunch

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.

4H AGOIndustry Desk

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.

4H AGOSecurity Desk

Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.

7H AGOAI Desk

A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.

9H AGOIndustry Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.