:

META AND GOOGLE GET DATA FROM EMPLOYEE TRACKING APPS

INDUSTRY DESK2 MIN READ
THU, MAY 21, 2026

■ AI-SUMMARIZED FROM 2 SOURCES ▸ TIMELINE

A new study found that workplace monitoring software used by hundreds of thousands of companies shares employee data with Meta, Google, and data brokers. All nine bossware services examined in the research transmitted personal information beyond employers.

Workplace monitoring software—often called "bossware"—has become commonplace across corporate America. These tools track employee activity, from keystroke logging to screen monitoring. A comprehensive review led by Stephanie Nguyen, senior fellow at Columbia Law School's Center for Law and the Economy, reveals the scope of data leakage from these platforms. The study examined nine major workplace monitoring services and found that all of them share employee data with third parties. Meta and Google are among the biggest recipients, gaining access to information about workers through tracking pixels and data integrations embedded in these monitoring tools. Nguyen, who previously served as chief technologist at the Federal Trade Commission under Chair Lina Khan, oversaw the research that documents how bossware vendors collect detailed behavioral data and then distribute it to digital advertising platforms and data brokers. The implications are significant. Employees believe their monitoring data stays within their organization, used only for workplace purposes. Instead, the information flows to major tech platforms that use it for targeted advertising and other commercial purposes. This creates a secondary surveillance system layered on top of employer monitoring. The findings raise questions about workplace privacy and data practices. Employees have limited visibility into what data their monitoring software collects or where it goes. Many are unaware their activity feeds into advertising networks. The research adds to growing scrutiny of both workplace surveillance tools and how major tech platforms acquire data. Regulators, including the FTC, have increasingly focused on data broker practices and how companies acquire personal information through third-party channels. Neither Meta nor Google immediately responded to requests for comment on the study. The bossware vendors involved have not addressed the findings. The study underscores the interconnected nature of modern data flows—where information collected for one purpose rapidly becomes valuable to other industries, often without meaningful user consent or awareness.

■ SOURCES

The VergeTechCrunch

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

LastPass has issued a warning about an active phishing campaign using fraudulent security notices to redirect users to malicious websites. The scheme targets both LastPass and Bitwarden password manager users.

1H AGOSecurity Desk

Microsoft has rolled out cumulative updates KB5101650 and KB5099414 for Windows 11, addressing security vulnerabilities and bugs across multiple versions. The updates target versions 25H2/24H2 and 23H2.

1H AGOIndustry Desk

Iran leveraged known vulnerabilities in mobile networks to identify and target U.S. military personnel in the Middle East during the buildup to and early stages of armed conflict.

3H AGOIndustry Desk

Security researchers can now validate system vulnerabilities by analyzing attack techniques rather than launching live exploits. This approach eliminates risks to critical infrastructure while still determining exploitability.

3H AGOSecurity Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.