How Companies Spy on Their Employees

Added: 2026-05-22

[00:00:00]So, here's something fun to think about.

[00:00:02]If you're watching this on a work laptop, your employer might be watching you right now. Not metaphorically, not in some vague, oh, they can probably see my browser history kind of way. I mean, they might actually be watching you like from your webcam. So, maybe you should get back to work and stop procrastinating on YouTube. Just kidding. You're probably fine. Please don't leave. But there's a category of software that digital rights groups have started calling bossar. It sits quietly on your device. It logs everything you do and it sends all of that data back to a dashboard where your manager can see exactly how productive you've been down to the last damn minute. Some of these tools can activate your webcam without telling you. Some record every single key you press, including passwords. Some take a photo of your face every few minutes just to make sure that you're the one sitting there. This isn't fringe. This isn't some dystopian pilot program at one weird company. Survey suggests that somewhere between 60 and 70% of medium to large employers now use some form of digital monitoring on their workers. That number has roughly doubled since the start of 2020 and it's still climbing. Now, employers will tell you this is about security, compliance, protecting company data. And sure, sometimes it actually is. But when the software can see what you're typing in a private message or flag you for getting up to make a cup of tea or quietly score your worth based on how often you wiggle your mouse. I mean, is that really still about security? In today's episode, we're opening the black box of workplace monitoring. How it goes, how far it goes, what it does to people, and what happens when your boss stops managing you and starts watching you instead.

[00:01:53]So, let's break those numbers down. The 60 to 70% figure comes from a few different places. Gartner, the big tech research firm, tracked the share of large employers using digital monitoring tools. In early 2020, it sat around 30%.

[00:02:07]By 2022, it had doubled to roughly 60 and Gartner projected it would keep climbing down towards 70% within a few years. IDC, another major research outfit, ran their own survey in mid 2022. They focused specifically on North American companies with 500 or more employees. The result, 67.6% were running monitoring software. Then ExpressVPN, the VPN company, pled employers and workers separately. Their number was higher. 78% of bosses said they used some form of online tracking.

[00:02:40]Now, that was an optin internet survey, not a randomized sample. Also, take it with a grain of salt. But even the most conservative estimates land at around 60%. And monitoring covers a lot of ground here. Some companies just log which websites and apps you use. Others record every keystroke. Others take periodic screenshots of your desktop, track your GPS location, or use biometrics like facial recognition for time clocks. Some do all of the above.

[00:03:09]ExpressVPN also surveyed workers directly. The majority reported increased stress and anxiety. Nearly half said they'd consider quitting if their employer ramped up surveillance, and a significant number said they didn't even know they were being tracked until they found the software themselves. Their employer never mentioned it, which sounds super ethical.

[00:03:34]So, bosses watching workers, that's not exactly new. Back in the early 1900s, a guy named Frederick Winslow Taylor made a career out of standing behind factory workers with a stopwatch. He'd time every movement, how long it took to pick up a tool, turn a bolt, walk to the next station. His whole thing was breaking jobs into tiny, measurable steps, and then squeezing out anything he considered wasted time. They called it scientific management. Workers didn't call it that. By the 20th century, call centers were recording phone calls and timing how long each agent spent per customer. Factories installed CCTV.

[00:04:06]Warehouses used punch clocks that logged you to the minute. And then the 1990s hit and everyone got email. Almost immediately, companies started scanning it. Web monitoring software followed, tracking which sites employees visited and for how long. By the 2000s, keystroke loggers, screen capture tools, and electronic badge tracking were spreading across offices, especially in finance and government. But here's where it accelerates. In 2021, the EU's joint research center published a massive review of 398 studies on workplace monitoring. Their finding, the technology had moved beyond just tracking what workers do and where they go. It was now targeting, in their words, thoughts, feelings, and physiology, mood detection, attention scoring, stress indicators through wearables. And then March 2020 happened.

[00:04:55]Millions of people started working from their kitchen tables overnight and employees panicked. Sales of monitoring software spiked. Webcam tools, keystroke trackers, screenshot grabbers, all marketed as the solution to managing a workforce you could no longer physically see. That's when the Electronic Frontier Foundation, the Digital Rights Group, gave it a name, Bossware. Software that sits on your device and captures whatever your employer tells it to.

[00:05:24]So, how does this stuff actually work?

[00:05:27]Most bossware runs as a small program on your laptop or phone. Once it's installed, it sits in the background and logs what you do, which apps you open, which websites you visit, how long you spend on each one, whether your keyboard and mouse are active or idle, and for exactly how many minutes. Mine would show a lot of activity on YouTube.

[00:05:47]Sorry, boss. Anyway, that's the basic layer. Your employer sees a timeline of your day broken into productive and unproductive blocks, color-coded on a dashboard. Check LinkedIn for six minutes at 2 p.m. logged. Open Spotify, logged. Sat still for 10 minutes while you read a printed document at your desk. That shows up as idle time. Then there's keystroke logging. Some of these tools record literally every single key you press, every email you type, every Slack message, including the ones you delete before sending. Then every password you enter. The EFF flagged this back in 2020. Several major vendors advertise full keystroke capture as a feature. They market it as insider threat detection or data loss prevention. But the software doesn't know the difference between a confidential client email and your bank password. It just records everything.

[00:06:36]Screen capture then goes a step further.

[00:06:39]Tools like Time Doctor take screenshots of your desktop at set intervals, every few minutes, sometimes more often. Some offer continuous screen recording. Your manager can scroll through your day frame by frame. All of this data feeds into dashboards. Managers get charts, graphs, risk scores, and productivity ratings. Sometimes updated in real time.

[00:06:59]Individual workers get rated, compared to their team, and flagged if they fall below whatever threshold the company sets. Now, not every employer switches on every feature. Some only track app usage. Others go the full monty. The point is that these tools can do all of this and the person being monitored usually has no way of knowing which settings are turned on.

[00:07:24]So that's keystrokes and screenshots.

[00:07:26]Now let's talk about cameras. In 2020, the EFF reviewed the feature lists of major monitoring vendors. Two products stood out. Staff Cop Enterprise and Clever Control. Both advertise the ability to silently activate a worker's webcam and microphone. No notification, no light. The software just turns your camera on, captures what it sees, and sends it back to the employer. And these aren't the only ones. A tool called Sneak launched during the early pandemic as a way to keep remote teams connected.

[00:07:55]Here's how it worked. Every few minutes, it snapped a photo through each employees webcam and posted it to a shared screen, a live grid of faces. The company marketed it as building human contact for distributed teams. Business Insider covered it in March 2020. The interface looked like a wall of CCTV monitors, except every camera was inside someone's home. Other tools take a slightly different approach. Instead of a constant feed, they snap random webcam photos alongside desktop screenshots.

[00:08:22]The idea is to verify that the right person is sitting at the keyboard. If your face doesn't match or nobody's there, it gets flagged. Now, think about where these cameras are pointing. In a call center, the webcam shows a desk in a shared office. At home, it shows your kitchen, your living room, your kids walking past in their pajamas, your partner in the background. Some employers say they only activate webcams during clockedin hours. Others have pushed for always on camera access throughout the working day. And since most of these tools run silently, the worker often has no way to confirm which policy is actually in effect. And then there are the other ways of watching. A company called Hub Staff sells GPS time tracking software aimed at businesses with mobile workers, delivery drivers, field technicians, cleaning crews, that kind of stuff. The app runs on the worker's phone and logs their location, route, and timestamps throughout the shift. Managers can set up geo fences, virtual boundaries around job sites. If a worker leaves the zone or takes a route the system doesn't expect, it's flagged. Hub staff markets this as payroll accuracy and safety compliance.

[00:09:29]Then of course there's biometrics.

[00:09:31]Fingerprint scanners and facial recognition cameras are replacing old-fashioned swipe cards at warehouse stores and factory entrances. The pitch is simple. You can't buddy punch a fingerprint. One ExpressVPN survey reported that around 67% of employers now use some biometric method for timekeeping or access control. That number comes with the same methodology caveats as their other surveys. But the direction is clear. Biometrics are spreading fast. The US Government Accountability Office published a tonomy of workplace surveillance tools in 2024.

[00:10:00]The list included cameras, microphones, GPS trackers, badge systems, vehicle telematics, and wearables, wristbands, and body-mounted sensors that can track movement speed, heart rate, and physical location inside a building down to the aisle because your employer should know your heartbeat. Some of these tools have genuine safety applications. GPS tracking on a lone worker in a remote area can be the difference between a quick rescue and a long search. But the same GPS app that protects a field engineer at 2 p.m. also logs where they stopped for lunch and how long they sat in their car. A handful of US states, including Illinois, Texas, and Washington, have passed biometric privacy laws requiring employers to get consent before collecting fingerprints or face scans. Enforcement has been uneven, but the lawsuits are piling up.

[00:10:54]So let's look at a specific company.

[00:10:56]Teleerformance is one of the largest call center operators on the planet.

[00:11:00]Headquartered in France, operating in dozens of countries, employing hundreds of thousands of people, many of them working from home since 2020. In March 2021, The Guardian reported that Teleerformance had told some of its homebased staff to expect AI powered webcam monitoring. The system would watch for what the company called infractions. Eating at your desk, looking at your phone, leaving your workstation. The camera would flag these behaviors automatically. Privacy International picked up the story the same day, but their summary added some more detail. Workers in certain countries outside the UK were told that AI webcams would be installed in their homes to detect rule violations in real time. Keyboard and mouse activity would be tracked, and idle periods would trigger alerts to managers. Unions pushed back hard. The UNI global union accused teleerformance of crossing a line, collecting biometric data, monitoring workers inside their own homes, and creating conditions where people felt they couldn't step away from their screens without being penalized.

[00:11:56]The Business and Human Rights Resource Center documented these complaints in August 2021, noting allegations that the company had also gathered medical information from some workers.

[00:12:06]Teleerformance responded publicly. The company said it complied with GDPR and all applicable local laws. And it said webcams were used primarily for collaboration and data protection, not punitive monitoring. And it pointed to internal surveys showing that staff feedback on remote working arrangements was largely positive. After the media coverage and union pressure, the company appeared to scale back some of the more visible monitoring, at least in the UK.

[00:12:29]What changed in other countries is harder to pin down.

[00:12:36]So, teleperformance was cameras in the home. Pretty bad in our opinion. But Amazon is something else. Amazon built the system that turns productivity data into automatic consequences, warnings, discipline, and sometimes termination with minimal human involvement. In April 2019, The Verge obtained internal documents through a Freedom of Information request. They came from a labor dispute filed with the National Labor Relations Board. In a signed letter, an Amazon attorney described how the company's tracking system worked.

[00:13:05]Every warehouse employee carries a handheld scanner. The system logs each scan, measures the time between scans, and tracks something Amazon calls time off task or toot. If a worker stops scanning for too long, the system generates a warning. If the pattern continues, it generates a termination notice. The attorney's exact words, "The system automatically generates any warnings or terminations regarding quality or productivity without input from supervisors." The same letter revealed that at a single Baltimore warehouse, Amazon had fired hundreds of workers between August 2017 and September 2018 for failing to meet productivity rates. Around 300 people at one facility in roughly one year, that's about 10% of the site's workforce.

[00:13:48]Amazon pushed back, of course. A spokesperson said it was absolutely not true that employees are terminated by an automated system alone and that managers can intervene, but the documents showed the system was designed to operate without that input as a default. Then in January 2024, French data protection authority CNIL announced that it had fined Amazon France logistic €32 million. CNIL's investigators found that the scanner system tracked workers down to the second. It flagged any pause longer than 10 minutes. It flagged pauses under 10 minutes. It even flagged items scanned less than 1.25 seconds apart. Too fast in the regulator's view to have properly checked the product.

[00:14:30]CNIL's ruling was blunt. The system potentially required employees to justify every break or interruption.

[00:14:37]Amazon said the findings were factually incorrect and appealed. In December 2025, a French court reduced the fine to 15 million euros and overturned some of the findings. Meanwhile, in California, the state had passed a law in 2001 called AB71, specifically targeting undisclosed warehouse quotas. In 2024, the California Labor Commissioner's Office fined Amazon $5.9 million after investigating two warehouses in Riverside and San Bernardino counties.

[00:15:04]The investigators found $59,017 violations over a six-month period. The core issue, Amazon hadn't given workers written notice of the productivity targets they were expected to hit or the consequences of missing them. Unions and labor researchers have long argued that these kinds of quota systems drive injury rates up. Osher data analyzed by the strategic organizing center found that in 2022, Amazon's serious injury rate was 6.6 per 100 workers. At non- Amazon warehouses, it was 3.2. Amazon accounted for over half of all serious injuries in the warehousing industry that year while employing about a third of its workers. Amazon has said it plans to invest hundreds of millions in safety initiatives and that injury rates have been improving.

[00:15:54]So we covered the headline numbers earlier, roughly 60 to 70% of large employers depending on the survey. But those numbers deserve a closer look because the story underneath them is actually a bit messier than you might think. Start with who's doing the asking, shall we? The IDC figure came from a survey of North American companies with 500 or more employees.

[00:16:14]That's a specific slice. Big firms, one continent. The ExpressVPN numbers, which ran higher at around 78%, came from an optin online panel. People who volunteer for internet surveys aren't a random sample of employers. and Gartner's projections are exactly that, projections based on their own client data and modeling. The US government accountability office flagged this gap directly in its 2024 report. No federal agency systematically tracks how many employers use digital surveillance tools, what kinds they deploy, or how intensively they use them. The data we have comes from a patchwork of vendor funded research, academic surveys, and regulator investigations. And that's useful, but it's not really that precise. Then there's the disclosure problem. ExpressVPN's survey found that a significant number of employers said they might not inform staff when new monitoring tools are rolled in. The GAO noted similar concerns. Workers often don't know what's being collected until something goes wrong. So when surveys ask employees whether they're being monitored, the real number could be much higher than what gets reported because some people genuinely don't know. And of course, monitoring itself covers an enormous range. One company might log which applications are open during work hours, basically an IT security measure.

[00:17:35]Another might be recording every keystroke, taking webcam photos, and scoring each employees productivity minuteby minute. both count as monitoring in these surveys, but they're definitely not the same thing. What is consistent across every source, the GAO, the ICO, Gartner, and the academic reviews, is that adoption is climbing, not falling. More tools, more employers, more data being collected.

[00:18:06]So, that's the technology and the numbers. Now, what does all this actually do to the people on the other end of it? In 2024, sociologist Paul Glavin at McMaster University in Canada ran a national survey of workers. He wasn't asking about one company or one tool. He wanted to know whether the perception of being surveiled at work across industries correlated with measurable psychological outcomes. And it did. Workers who reported higher levels of perceived surveillance also reported more psychological distress and lower job satisfaction. Surprising, we know. Glavin's model traced the pathway.

[00:18:43]Surveillance increased job pressure, reduced workers sense of autonomy, and made them feel their privacy had been violated. Those three stresses in turn drove the distress. One national sample, one country. But the pattern was really rather clear. The EU's joint research center found something similar across a much wider evidence base. Their 2021 review of 398 studies linked excessive monitoring to increased stress, lower commitment to the organization, higher intentions to quit, and what researchers called resistance behaviors. People finding ways to gain or avoid the system rather than engage with it. The GAO's 2025 report added a physical dimension.

[00:19:22]Stakeholders told the GAO that productivity metrics push workers to move faster, skip breaks, and avoid reporting injuries for fear of falling behind on their scores. The same report flagged another problem, emotional AI tools that tried to gauge worker mood or attentiveness through facial analysis or voice tone. The GAO noted concerns that these systems misidentify people, particularly workers of color and those with accents, as negative or non-compliant. A false reading from one of those tools could affect scheduling, performance reviews, or disciplinary action. ExpressVPN's worker surveys backed up the behavioral side. A majority of monitored employees said they took fewer breaks. Nearly half said they'd considered quitting or accepting a pay cut to work somewhere with less surveillance.

[00:20:14]All right, then here's the big question.

[00:20:16]Is any of this actually legal in the United States? The short answer is mostly yes. The Electronic Communications Privacy Act passed in 1986 and the Stored Communications Act both allow employers to monitor activity on company provided systems as long as it happens in the ordinary course of business. That phrase does a lot of heavy lifting because in practice it means that if you're using a company laptop, company email or company network, almost everything you do on those systems is fair game. Brookings highlighted a case that shows how far this can go. A woman named Renee worked at a store where her employer had installed key logger software on the company computers. Nobody told her. She used that computer to check her personal email and her bank account. The key logger captured her passwords. Another employee used those passwords to access her private accounts and read through her emails and financial records. When Renie found out and confronted her colleagues, she was fired for poor performance. The federal court ruled that the key logger itself didn't violate the federal wiretap act. Her claim under the stored communications act for the actual use of her passwords to read her private accounts survived, but the key logger capture was arguably legal because it happened on a company system. A handful of states have added notice requirements on top of federal law. Connecticut passed one in 1998.

[00:21:33]Delaware followed in 2001. New York took effect in May 2022, requiring every private sector employer to give written notice to new hires if it monitors phone calls, email, or internet usage.

[00:21:46]Penalties for non-compliance in New York range from $500 to 3,000 per offense.

[00:21:51]But notice requirements only mean your employer has to tell you that they're watching. They don't limit what they can watch. In Europe, thankfully, the picture is different. Under GDPR, any monitoring has to be necessary, proportionate, and limited to a specific purpose. The EU's article 29 working party, which advises on data protection, issued an opinion in 2017 saying that employee consent to monitoring is usually not valid because the power imbalance between employer and worker means it's not freely given. Employers are expected to use the least intrusive method available and to justify why alternatives wouldn't work. The UK's information commissioner's office landed somewhere in between. Its 2023 guidance tells employers to be transparent, conduct impact assessments before rolling out monitoring, and avoid anything disproportionate. But disproportionate isn't defined by a hard line. It's a judgment call reviewed case by case.

[00:22:48]So, here's a question worth sitting with. When your employer asks you to install monitoring software on your laptop and the alternative is losing your job, do you consent? The EU's article 29 working party addressed this directly in 2017. Their opinion was straightforward. In an employment relationship, consent is almost never valid as a legal basis for data collection. The reason is that workers depend on their employer for income and that dependency creates a power imbalance. If saying no means risking your livelihood, then saying yes doesn't mean much. The working party told employers to stop relying on consent altogether and instead justify any monitoring through necessity and proportionality. Go back to the teleerformance case. Unions alleged that homebased workers were told to accept AI webcams in their houses. The company said participation was voluntary and pointed to positive staff survey results. But the UNI Global Union argued that workers in countries with weak labor protections felt they had no real option to refuse. When your contract renewal depends on corporation, voluntary isn't really that voluntary, is it? Allegedly. Then there's the problem the EU's joint research center calls function creep. Their 2021 review found a recurring pattern across industries. An employer introduces monitoring for one stated purpose, security, say, or health and safety training. But over time, that same data quietly migrates into performance management, disciplinary processes, or scheduling decisions. Workers who originally agreed to a safety check find their break times being scored. The JRC flagged this as one of the most common ways that trust breaks down between employers and staff. Data collected under one justification gets repurposed without fresh notice or consultation.

[00:24:32]And in most US jurisdictions, none of that requires consent at all. If it's a company device on a company network, the employer doesn't even need to ask.

[00:24:45]So, the tools are supposed to make workers more productive, but the GAO's 2025 report flagged a problem with that assumption. The metrics often can't tell the difference between working and looking like you're working. Most monitoring software measures activity, keystrokes, mouse movements, apps open, time between actions. What it can't measure is thinking, reading a printed document, mentoring a colleague, sketching out a plan on paper, staring at a whiteboard. The GAO noted that workers whose jobs involve research, problem solving, or collaboration routinely show up as idle or unproductive on dashboards, even when they're doing exactly what they were hired to do. And because managers sometimes treat those dashboards as gospel, the result is reprimands, lower performance ratings, or worse, aimed at people whose only offense was doing work the software couldn't see. And then there's what happens when workers figure out the system is watching. ExpressVPN surveys found that a significant proportion of monitored employees had adopted counter measures. Mouse jigglers, small devices on software scripts that simulate cursor movements so the dashboard never shows idle.

[00:25:49]pres-scheduled emails sent at strategic times to create the appearance of late night productivity. Tabs left open on work rellated sites while the person does something else entirely. The GAO's term for this dynamic was more clinical.

[00:26:02]They warned that employers risk placing too much trust in automated outputs, treating them as objective data when the underlying data is incomplete or biased.

[00:26:11]Microsoft's own research coined a punchier label productivity paranoia.

[00:26:16]Managers convince their teams aren't working hard enough. workers convinced they're being watched too closely. Both sides responding to the tools rather than to each other. Both sides having a bad time.

[00:26:31]So far, this episode has been mostly about what's happening to workers, but there's a counter story building, and it's coming from multiple directions at once. In the US Senate, Senators Bob Casey, Corey Brooker, and Brian Shatz introduced the Stop Spying Bosses Act in February 2023. A companion version was introduced in the House in March 2024 by Representative Chris Deuzio and Suzanne Bonamichi. The bill would apply to any employer with more than 10 workers. It would require them to publicly disclose what surveillance they conduct, what data they collect, and how that data is used in performance assessments or employment decisions. It would ban monitoring of workers who are off duty in sensitive areas like bathrooms.

[00:27:14]Really, that was a thing. And break rooms or engaged in union activity. And it would restrict the use of automated systems to make employment decisions without human oversight. The bill didn't pass. It expired with the 118th Congress, but it established a framework that labor groups and advocacy organizations are still pushing.

[00:27:32]California tried to go further. AB1331 introduced in the 2025 session by Assembly Member Elawari would have banned employers from using surveillance tools in employeeonly areas like break rooms, changing rooms, and lounges.

[00:27:46]Workers would have had the right to leave monitoring devices behind during offduty time, including me breaks. The California Labor Federation backed it.

[00:27:53]The Chamber of Commerce fought it, arguing the language was too broad and would undermine workplace safety. In September 2025, the bill was moved to the inactive file in the state senate.

[00:28:03]So effectively shelved. None of these efforts have produced a comprehensive federal law in the US. No single regulator has been given the job of how many employers surveill their workers or how intensively. But the proposals keep coming and the fines keep landing and the unions keep on pushing.

[00:28:24]So where does that leave you? If you're working on a company laptop, company phone, or company network, assume it's being logged. That's really just the baseline reality across most industries in most countries right now. The safest move is to keep personal accounts, personal messages, and personal browsing on your own devices. Don't check your bank account on your work computer.

[00:28:45]Don't draft personal emails in your company inbox. Beyond that, ask questions. Ask HR what monitoring tools are in use. Ask what data is being collected, who can see it, and how long it's kept. In the EU and UK, your employer may legally be required to conduct a data protection impact assessment before deploying monitoring.

[00:29:06]You can ask for it. In the US, a few states require written notice. If something feels wrong, if you're being penalized for metrics you can't see or monitor in ways that seem disproportionate, talk to a union rep, a privacy regulator, or an employment lawyer before trying to fight it alone.

[00:29:23]And one last thing, if anyone's thinking after learning about it today of using consumer grade monitoring software to covertly track a partner, a housemate, or anyone else, don't. In many jurisdictions, that's a criminal offense.

[00:29:37]Thanks for watching.