Meta recently paused a program that logged keystrokes, mouse movements and screenshots from many U.S. employees after a permissions error made that sensitive data visible widely inside the company. The initiative was presented as AI-training work, but employees say most did not expect private conversations and activity records to be collected and stored in this way.
Legally, employers can monitor company devices and networks in many jurisdictions, but they must follow labour laws, data-protection rules and workplace privacy norms. Monitoring that captures personal conversations or sensitive data can cross legal lines — especially when consent is absent, purpose is unclear, or the data isn’t properly secured. Regulators and courts look at proportionality, notice, and safeguards when deciding if monitoring is lawful.
Practically, companies should limit collection to what’s strictly necessary, anonymize data, get clear, documented notice (and where required, consent), and apply strong access controls and audits. Employees who feel harmed can seek remedies: internal complaints, union or works-council action, labour-board complaints, data-protection authority complaints, and civil suits for privacy or breach of confidence depending on local law.
This episode shows that mandatory, wide-ranging surveillance invites not only legal risk but also loss of trust. Employers must balance legitimate business needs with clear rules, transparency and strong security — or face regulatory penalties, litigation and employee revolt.
NO COMPANY SHOULD BE ABLE TO TURN YOUR WORK LAPTOP INTO A PRIVATE-LIFE SEARCHLIGHT.
Sanjay Sahay
Have a nice evening.