Your Employer Probably Uses AI to Watch You Work. Here's What It Can Actually See.

The employee monitoring software market was worth $5.4 billion in 2023 and is projected to exceed $12 billion by 2028. That growth isn't coming from new companies buying surveillance tools for the first time — it's coming from existing deployments getting dramatically more sophisticated. What started as basic time-tracking and website logging has evolved into AI-powered behavioral profiling: systems that analyze the sentiment of your Slack messages, detect whether you're looking at your screen during a video call, and claim to predict employee departures up to 90 days before they happen.

Most employees in monitored workplaces have limited awareness of how comprehensively their digital work lives are being analyzed. The tools are embedded in platforms they already use every day — including Microsoft 365, which ships with monitoring capabilities that reach an estimated 300 million seats worldwide. This is not an edge-case technology used by a handful of paranoid employers. It is mainstream infrastructure, and the AI layer on top of it is accelerating.

What's Actually Being Monitored

The full surveillance stack in a heavily monitored workplace operates across several layers simultaneously:

Device and activity monitoring: Keystroke logging captures every key pressed, including deleted text. Screenshots are taken at intervals — Teramind, one of the leading platforms, can capture screenshots every 30 seconds by default. Application and browser usage is categorized and timed. File transfers, including to USB drives, are logged. Print jobs are tracked.

Communications analysis: Email content — not just metadata but the actual text — is indexed and analyzed. Slack and Teams messages are read and classified. Some platforms flag messages containing keywords related to competitors, job boards, or phrases associated with disengagement. InterGuard, which covers both remote and on-site employees, tracks USB file transfers alongside email and web activity in a unified dashboard.

Physical and video signals: Badge access records who enters which areas and when. Video calls are analyzed for attention signals — some systems use facial recognition to determine whether an employee is looking at their screen, speaking, or distracted. Emotion AI tools claim to infer engagement levels from facial expressions, though the reliability of this technology is contested.

Behavioral baselines and anomalies: Platforms like Teramind establish a behavioral baseline for each employee — typical work hours, applications used, communication volume — and generate alerts when behavior deviates from that norm. The deviation itself, not a specific action, is what triggers a flag.

The AI Layer: Scoring, Sentiment, and Flight Risk

The software doesn't just log — it interprets. This is where monitoring moves from record-keeping into something qualitatively different.

Productivity scoring: ActivTrak categorizes every minute of computer time as productive, unproductive, or neutral based on the applications and websites in use. These classifications produce a daily productivity score per employee that managers can review in aggregate or individually. Idle time — periods of no keyboard or mouse input — is tracked and deducted from productive time.

Sentiment analysis: Several platforms apply NLP to internal communications to score the emotional tone of messages. Veriato, which markets itself primarily around insider threat detection and "behavioral analytics," applies risk scores to employees based on communication patterns. Flagged sentiment isn't necessarily acted on immediately, but it's recorded and can inform performance reviews or investigations.

Flight risk detection: This is the capability that has attracted the most controversy. Some vendors claim their AI can identify employees likely to leave the company up to 90 days before resignation, based on patterns such as reduced communication volume, increased after-hours email to external domains, or searches for competitor information. The methodology behind these predictions is rarely disclosed, and accuracy figures are vendor-provided without independent validation.

Insider threat scoring: Veriato integrates with DLP (data loss prevention) systems to correlate communication patterns with file access and transfer behavior. An employee who downloads large volumes of files, searches for job postings, and exhibits flagged communication sentiment will accumulate a higher risk score than one who doesn't — regardless of whether they've done anything wrong.

Who's Selling This — and Who Uses Microsoft Viva Without Knowing It

The monitoring vendor landscape has several tiers:

Dedicated surveillance platforms: Teramind, ActivTrak, Veriato, and InterGuard are purpose-built monitoring tools sold to employers who want granular visibility into employee activity. They require deliberate procurement decisions and installation of endpoint agents on employee devices.

Microsoft Viva Insights: This is the most consequential player because it's not a separate tool anyone has to buy — it's bundled with Microsoft 365. Viva Insights gives managers visibility into "focus time" (uninterrupted work blocks), after-hours email and meeting activity, collaboration patterns, and response times. It frames this as wellbeing analytics, but the data is available to managers, not just employees. With M365 deployed across roughly 300 million commercial seats, Viva Insights is almost certainly the most widely deployed monitoring platform on the planet — and most people using it don't know their patterns are being aggregated and surfaced to their managers.

The key distinction Veriato and Teramind advertise as a feature — covert monitoring capability — is the one that creates the most legal exposure in regulated jurisdictions.

The Legal Landscape: US, EU, and UK

The legal situation varies dramatically by jurisdiction.

United States: On employer-owned devices and networks, monitoring is broadly legal in all 50 states. The Electronic Communications Privacy Act creates minimal restrictions for employers monitoring their own systems. Connecticut is one of the few states requiring employers to provide written notice of electronic monitoring. New York City's Local Law 144 requires bias audits for automated employment decision tools, which could apply to some monitoring-derived scoring systems. The general principle: if it's the company's device, the company can watch it.

European Union: GDPR's Article 5 requires that personal data be collected for specified, explicit, and legitimate purposes (purpose limitation) and be limited to what is necessary (data minimisation). Article 88 permits member states to set specific rules for employee data processing but does not authorize comprehensive covert monitoring. Covert surveillance of employees in the EU requires a legitimate interest that is proportionate to the privacy intrusion — a high bar that blanket keystroke logging and communications scanning generally doesn't meet. In Germany and France, works councils have legal rights to approve or block new monitoring systems before deployment. Covert monitoring of the kind marketed by some US vendors is effectively illegal across most of the EU.

United Kingdom: Post-Brexit, the UK operates under its own UK GDPR framework with guidance from the Information Commissioner's Office. The ICO's Employment Practices Code requires employers to be transparent about monitoring, conduct an impact assessment before deploying intrusive tools, and ensure monitoring is proportionate. Covert monitoring is permitted only in limited circumstances involving serious criminal activity investigations.

Real Controversies That Defined the Debate

Amazon warehouse monitoring: Amazon's fulfillment center workers have been subject to pace-of-work metrics since the early 2010s, but the AI layer has made enforcement automatic. Workers are tracked for "time off task" — any period where they're not actively picking, packing, or moving inventory. Accumulate enough time off task and the system generates automatic warnings; persistent patterns can trigger termination processes without manager review. Multiple worker lawsuits in the US and investigations in the EU have challenged these systems. The UK's GMB union filed a complaint with the ICO in 2023 over Amazon's monitoring practices.

Barclays keystroke tracking: In 2020, Barclays deployed a system that measured time bankers spent at their desks and sent "nudges" to employees who had been away too long. The backlash was swift and public; Barclays scrapped the visible productivity tracking within weeks. But the controversy didn't stop the broader trend — it just made deployments quieter. Banks and financial services firms remain among the heaviest users of employee monitoring, partly driven by regulatory requirements around communications surveillance and partly by the nature of managing large distributed trading floors.

Goldman Sachs email surveillance: Goldman Sachs monitors employee communications as a regulatory compliance requirement — financial regulators in the US and UK require that broker-dealer communications be archived and searchable. Goldman has faced scrutiny for using these surveillance systems to identify employees discussing unionization and compensation, activities that intersect with labor law protections in ways that monitoring vendors don't typically highlight in their marketing materials.

What Employees Can and Can't Do

The practical reality is that employees in most jurisdictions have limited recourse against monitoring on employer-owned systems. But there are some concrete steps:

Read your employment agreement: Most monitoring-heavy employers include disclosure language in employment contracts, onboarding documents, or acceptable use policies. Understanding what you've agreed to is the starting point.

EU and UK right of access: Under GDPR and UK GDPR, employees have the right to request a copy of personal data an employer holds about them, including monitoring data. This doesn't stop the monitoring, but it reveals what's been collected.

Personal devices for personal communications: Any activity on employer-owned devices or networks is generally fair game. A work laptop on a corporate VPN, personal email or personal browsing included, is effectively a monitored environment. Personal devices on personal networks are not.

Works council representation: In EU jurisdictions where works councils have approval rights over monitoring systems, employees have collective leverage to negotiate the scope and transparency of what gets deployed.

What employees often underestimate: "personal" use on a work device isn't personal. The monitoring software doesn't distinguish between work tasks and personal browsing — it logs both. Emails sent from a work account, even on personal matters, are archived. Messages sent on a personal phone through a company Slack workspace may be retained and searchable by your employer's admin team indefinitely.

Why It's Accelerating — and What's Coming

Two forces are driving acceleration. The first is the return-to-office debate: companies that can't mandate physical presence are deploying monitoring as a substitute for the visibility that an open-plan office provides. The second is cost. AI has made analysis cheap. Processing 10,000 employees' email and Slack communications for sentiment and behavioral signals was computationally expensive five years ago; it's a negligible infrastructure cost today.

The next generation of tools is moving beyond screen activity into biometric behavioral patterns: the rhythm of your typing, the specific way you move a mouse, the micro-patterns in how you navigate applications. These are claimed to be accurate enough to identify individuals even without passwords. Emotion AI in video calls — detecting frustration, boredom, or disengagement from facial micro-expressions — is being actively marketed, though its scientific validity is disputed.

Flight risk scoring and behavioral anomaly detection will get more granular as the models are trained on more longitudinal data. The fundamental dynamic isn't going to reverse: monitoring tools are cheap, AI analysis is cheap, and the legal landscape in the world's largest economies strongly favors employers.

Takeaways

If you work on employer-owned devices: Assume everything is logged. This isn't paranoia — it's an accurate description of the default state in a monitored environment.

If you're in the EU or UK: You have more rights than US employees, and covert monitoring is legally constrained. Exercise your right of access if you want to understand what's been collected.

If you manage people: The existence of monitoring capability doesn't make its use wise. Heavy surveillance correlates with reduced trust and higher turnover — which is precisely the outcome flight risk scoring is supposed to prevent. The vendors don't advertise this.

The market signal: A $12 billion industry by 2028 means monitoring is becoming standard infrastructure, not an outlier practice. The question isn't whether your employer has these capabilities — it's whether they're actively using them and how the data influences decisions about your career.