Your Work Apps Are Quietly Handing 19 Data Points to Someone

The Incogni analysis underscores how modern workplace productivity suites have become data goldmines. Apps such as Gmail, Microsoft Teams, and Zoom Workplace routinely harvest location, interaction logs, and user identifiers, often repurposing them for advertising or marketing. This level of granularity—averaging 19 data points per app—mirrors the broader trend of monetizing employee activity, blurring the line between operational efficiency and commercial exploitation. For businesses, the hidden cost is not just a potential loss of employee trust but also heightened exposure to regulatory scrutiny, especially under GDPR and emerging U.S. privacy statutes.

Beyond collection, the study highlights the downstream flow of information. Notion, for example, transmits eight distinct data types to third‑party ad tech partners, a practice that can amplify risk when confidential workspace content—product roadmaps, HR notes, client records—feeds external models. The EU’s Data Protection Board has already signaled tighter standards for AI training data, suggesting that firms using AI‑enhanced tools could face additional compliance hurdles. Meanwhile, Workday’s lack of a user‑initiated deletion mechanism leaves employers with lingering personal data, complicating data‑subject‑access requests and eroding the principle of data minimization.

The breach record paints a stark picture: Gmail, Slack, Trello, Zoom, and Notion have all suffered incidents that exposed tens of millions of credentials. In BYOD settings, where employees blend personal and professional usage, the attack surface expands dramatically. Companies must reassess app vetting processes, enforce strict mobile‑device management policies, and consider alternatives that offer end‑to‑end encryption. Proactive transparency with staff about data practices, coupled with regular privacy audits, can mitigate both reputational damage and regulatory penalties in an era where workplace apps double as surveillance tools.