META AND GOOGLE GET DATA FROM EMPLOYEE TRACKING APPS

Workplace monitoring software—often called "bossware"—has become commonplace across corporate America. These tools track employee activity, from keystroke logging to screen monitoring. A comprehensive review led by Stephanie Nguyen, senior fellow at Columbia Law School's Center for Law and the Economy, reveals the scope of data leakage from these platforms. The study examined nine major workplace monitoring services and found that all of them share employee data with third parties. Meta and Google are among the biggest recipients, gaining access to information about workers through tracking pixels and data integrations embedded in these monitoring tools. Nguyen, who previously served as chief technologist at the Federal Trade Commission under Chair Lina Khan, oversaw the research that documents how bossware vendors collect detailed behavioral data and then distribute it to digital advertising platforms and data brokers. The implications are significant. Employees believe their monitoring data stays within their organization, used only for workplace purposes. Instead, the information flows to major tech platforms that use it for targeted advertising and other commercial purposes. This creates a secondary surveillance system layered on top of employer monitoring. The findings raise questions about workplace privacy and data practices. Employees have limited visibility into what data their monitoring software collects or where it goes. Many are unaware their activity feeds into advertising networks. The research adds to growing scrutiny of both workplace surveillance tools and how major tech platforms acquire data. Regulators, including the FTC, have increasingly focused on data broker practices and how companies acquire personal information through third-party channels. Neither Meta nor Google immediately responded to requests for comment on the study. The bossware vendors involved have not addressed the findings. The study underscores the interconnected nature of modern data flows—where information collected for one purpose rapidly becomes valuable to other industries, often without meaningful user consent or awareness.