Remote worker monitoring apps raise privacy & cyber risks

Researchers from the University of Waterloo have raised concerns about the increasing use of employee monitoring applications for remote workers, highlighting significant privacy, performance, and cybersecurity risks.

Adam Molnar, Assistant Professor of Sociology and Legal Studies, and Danielle E. Thompson, a PhD candidate, have conducted a five-year study on employee surveillance apps in Canada. Their research comes amid predictions from Gartner that 70% of all large companies will implement some form of worker surveillance software this year.

"We're finding that these apps strip a certain sense of humanity out of the equation when it comes to measuring employee productivity," said Molnar. "Not only are the apps' perceived effectiveness misunderstood, but they also introduce additional risk related to privacy, performance and cybersecurity vulnerabilities, and that should be concerning."

Molnar and Thompson intend to present their findings at the upcoming Congress of the Humanities and Social Sciences (Congress 2025). Congress 2025 is set to gather more than 7,000 scholars, graduate students and practitioners for discussions on major societal challenges under the theme "Reframing togetherness." The event will feature thousands of research papers and presentations from global social sciences and humanities experts.

Their presentation will cover data from ten of the most widely used employee monitoring software programmes, including Hubstaff, Clever Control, and Spyera. Thompson and Molnar note that these apps may have negative social and psychological implications by undermining employees' autonomy, privacy and other rights, alongside introducing limitations that could affect organisational performance.

The study found that most of these applications operate by collecting a range of data from an employee's device, including keystrokes, browser activity, websites visited, time spent in various work documents, and in some cases, facial recognition to verify employee presence at their workstation. Managers typically access these data through dashboards, which use colour codes to sort workers' performance, allowing for quick judgments about productivity levels.

"Essentially, we see power given to the hands of managers to surveil and control worker behaviour, while employees are afforded little to no control over how they're monitored, how their data is represented and what it's used for," said Thompson, indicating that many of apps work in 'invisible' mode, meaning employees don't have any way to know if the software is running on their device.

Molnar added, "These apps are a novel, intense form of surveillance that go well beyond punch clocks and cameras. There are new privacy risks that come into play, especially when you consider the range of sensitive personal information that is collected and that other members of the household may be using the device for school work or pleasure."

The research, which involved purchasing each app and simulating employer-employee relationships, revealed that workers could unknowingly have their personal or sensitive data, such as emails pertaining to health or union matters, exposed. The productivity metrics these apps employ were found to prioritise location, activity, and time spent on devices, rather than the quality of work produced. The researchers questioned the reliability of the digital representation of an employee's activity.

Thompson gave an example: one app displays a web timer with the option to 'stop and save' work, which gives the impression that tracking ceases when the timer is stopped. "The assumption is that the monitoring stops when the timer stops but in reality, the app continues to monitor activity in the background, leaving employees exposed."

They also discovered discrepancies with data reporting. In some cases, there was a delay between when data was captured and when it appeared in the manager's dashboard. As a result, actions undertaken during break times could be misrepresented as excessive non-work activity.

"It's quite concerning when this type of inaccurate information can be used to make decisions about employee job outcomes," noted Thompson. "It comes down to how productivity is being defined. Is a productive worker one who is very active on their device or should it be based on the completion and quality of their work?"

The study also observed that some apps reward behaviour such as overtime or weekend work with designations such as 'time hero,' 'efficiency pro,' or 'productivity champ,' potentially normalising unhealthy work habits and encouraging competition based on device usage rather than results achieved.

Molnar commented, "Even if we set aside the human rights, ethical and social wellbeing concerns, we need to question whether these monitoring apps are actually improving productivity and delivering profitability, or are they contributing to a more corrosive work environment? When it comes to remote work, we believe employers should be looking at whether people deliver on deadlines or meet goals, versus getting bogged down on their device behaviour."