Tracking Indoor Location, Movement and Desk Occupancy in the Workplace
A case study on technologies for behavioral monitoring and profiling using motion sensors and wireless networking infrastructure inside offices and other facilities"
Wolfie Christl, Cracked Labs, November 2024
This case study is part of the ongoing project “Surveillance and Digital Control at Work” (2023-2024) led by Cracked Labs, which aims to explore how companies use personal data on workers in Europe, together with AlgorithmWatch, Jeremias Prassl (Oxford), UNI Europa and GPA, funded by the Austrian Arbeiterkammer.
As offices, buildings and other corporate facilities become networked environments, there is a growing desire among employers to exploit data gathered from their existing digital infrastructure or additional sensors for various purposes. Whether intentionally or as a byproduct, this includes personal data about employees, their movements and behaviors.
Technology vendors are promoting solutions that repurpose an organization’s wireless networking infrastructure as a means to monitor and analyze the indoor movements of employees and others within buildings. While GPS technology is too imprecise to track indoor location, Wi-Fi access points that provide internet connectivity for laptops, smartphones, tables and other networked devices can be used to track the location of these devices. Bluetooth, another wireless technology, can also be used to monitor indoor location. This can involve Wi-Fi access points that track Bluetooth-enabled devices, so-called “beacons” that are installed throughout buildings and Bluetooth-enabled badges carried by employees. In addition, employers can utilize badging systems, security cameras and video conferencing technology installed in meeting rooms for behavioral monitoring, or even environmental sensors that record room temperature, humidity and light intensity. Several technology vendors provide systems that use motion sensors installed under desks or in the ceilings of rooms to track room and desk attendance.
This case study explores software systems and technologies that utilize personal data on employees to monitor room and desk occupancy and track employees’ location and movements inside offices and other corporate facilities. It focuses on the potential implications for employees in Europe. To illustrate wider practices, it investigates systems for occupancy monitoring and indoor location tracking offered by Cisco, Juniper, Spacewell, Locatee and other technology vendors, based on an analysis of technical documentation and other publicly available sources. It briefly addresses how workers resisted the installation of motion sensors by their employers. This summary presents an overview of the findings of this case study.
Occupancy monitoring and “workplace analytics” with motion sensors
The Belgian-German vendor Spacewell offers a system for “real-time office space monitoring” and “workplace analytics” that monitors and analyzes how employees use desks, meeting rooms, office floors and entire buildings.
Spacewell uses sensors installed under desks, in the ceiling and at doors to track desk attendance and count the number of people in rooms. In addition to motion sensors that detect heat emitted by human beings, the system uses visual sensors that analyze “low-resolution” images of rooms, which represents a form of video surveillance based on computer vision and AI. An example in Spacewell’s technical documentation shows an office floor with 75 motion sensors, 16 “headcount” sensors and two “doorcount” sensors installed at restroom doors.
The system’s “live data floorplan” and "space monitor” show which rooms and individual desks in the office are occupied, both in real time and over time. While electronic floorplans that disclose desk presence typically do not display employee names, employees can be identified based on information about their assigned desks. An additional system allows employees to book meeting rooms, or, in cases where flexible seating is used, also desks. The booking system can show where specific named employees are currently seated on the floorplan.
According to Spacewell, employers can use the system to “get a detailed picture of how the building is used during the day”, “identify underused areas”, “reduce underutilized space”, “save on rent, energy and cleaning” and “optimize workplace experience”. The company explains that employers can “sit back and watch it as a movie” in order to “get a feeling of how presence, utilization, and comfort parameters evolve during the day”. Spacewell provides additional functionality that utilizes sensor data, such as a “smart” cleaning application.
Room temperature, humidity, light intensity and other environmental sensor data can also be utilized to analyze room occupancy. However, Spacewell states that the accuracy is low in this case.
While the system offers some functions and information that address data security, employee privacy and data protection, Spacewell does not adequately engage with the risks posed by behavioral monitoring and profiling.
The Swiss vendor Locatee offers a “workplace analytics” system that additionally utilizes badge and device data:
Locatee explains that while motion sensors “provide the most precise and granular level of data”, the “advantage” of using badge data “is that it relies on technologies which are often already in place”. Wi-Fi and LAN data can also be utilized to monitor occupancy, as it provides “continuous and real-time data on the whereabouts” of devices, according to the company.
Locatee provides reports on “people behavior metrics” and “people presence enriched with team information”. Employers can analyze how many employees attend the office each day, how many days a week they come in, how many hours they spend there per day, how much time they spend at their desks and at which times they enter and leave the building. While these reports display aggregate numbers, they utilize behavioral profiling based on extensive personal data. The “team analytics” report, which analyzes how many hours particular teams spend in the office and how much time they spend on each floor, reveals data on small groups.
In several cases, employers installing under-desk motion sensors led to worker protests and media debates, ultimately leading to their removal:
This happened, for example, at the UK newspaper “The Daily Telegraph” and the UK bank Barclays. Both companies installed sensors from OccupEye, a firm that has since been acquired by the facility technology vendor FM:Systems, which states that it has deployed 250,000 sensors at 1,200 client sites across 80 countries. FM:Systems published aggregate analyses of office occupancy from employers in the US and EU on its website, which suggests that it exploits sensor data and thus employee data for its own promotional purposes.
Student workers at the US-based Northeastern University also successfully resisted the deployment of motion sensors, considering them to be “intimidating” and “unnecessary” surveillance that serves “no scientific purpose”. The installed sensors came from EnOcean, a German vendor whose marketing materials promote the deployment of “presence detection”, “people counter” and “door detection” sensors, even in restrooms.
Tracking indoor location, movement and other employee behavior
The network technology giant Cisco offers a product that turns wireless networking infrastructure and other technologies already installed in a building into a system that tracks the location of employees, customers, devices and other objects for a wide range of purposes. It allows companies to “gain insights into how people and things move throughout their physical spaces” and “understand the behavior and location of people (visitors, employees) and things (assets, sensors)”. Companies can get a “real time view of the behavior of employees, guests, customers and visitors” and “profile” them based on their indoor movements in order to “get a detailed picture of their behavior”:
Cisco tracks the location of laptops, smartphones and other devices that connect to its Wi-Fi access points. It can also use other wireless technologies such as Bluetooth/BLE for location tracking. The system processes indoor location data on a massive scale and frequency. An example report shows how monitoring only 138 persons who visited a building via 11 Wi-Fi access points generated several million location records.
Employers can see the current location of each device in the building on a map, access data on past movements and search for devices in order to locate them. Employees who carry these devices can be identified via pseudonymous device identifiers or usernames. As such, the system processes extensive personal data on employees. A “proximity tracking” application introduced by Cisco during the coronavirus pandemic demonstrates that the system is well equipped to track the movements of named employees at the individual level.
The system provides aggregate reports that display, for example, the number of persons currently located in a building. In addition, it can categorize people based on their movements and behavioral profiling. It goes far beyond aggregate analysis and makes it possible to identify, single out and target individuals in several ways.
Cisco promotes various applications for its location tracking system that affect both customers and employees:
Companies can use the system to track, profile and target their customers. Retailers, restaurants, hotels or event venues can identify, for example, loyalty members, weekend visitors, customers who visit certain areas or those who return often. Based on behavioral profiling, they can target them with promotions or personalized recommendations via mobile app. They can also use the data to make decisions about their buildings, the services they offer and about staff and cleaning schedules. Cisco describes many other applications for the system, including indoor navigation at airports, patient tracking in hospitals and student attendance tracking at universities.
As employers, companies can use the system to track, profile and target employees. They can use it for occupancy monitoring, meeting room management and other applications that turn offices into “smart workplaces”. Employers can access aggregate analyses about employees’ entry and exit times, workday durations, visit durations by floor and other “behavior metrics”. They can profile employees, send them notifications based on their movements and measure the impact of internal campaigns that aim to change their behavior.
Other applications promoted by Cisco can have even more consequential implications for employees. Employers in manufacturing can use the system to “understand employee behavior that affects performance” and thus for performance monitoring. In the name of workplace safety and security, they can receive alerts when equipment used by employees enters “restricted zones” or leaves the facility. Similarly, retailers can detect “any deviance from usual asset usage”. Employers in various sectors can use the system for behavioral surveillance in cybersecurity that aims to prevent data theft. Hospitals can use it to “automate monitoring and reporting of hand hygiene compliance”. Cisco generally promotes applications for occupational health purposes.
Employers can use Cisco’s cloud-based indoor location tracking system to collect, analyze and utilize extensive personal data on employee movements and other behaviors inside buildings:
Cisco claims that it has so far processed 17.2 trillion “location data points” collected via 3.1 million Wi-Fi access points installed in 250,000 buildings. It offers employers the ability to compare behavioral metrics with other organizations and states that it uses client data for its own purposes, including for “understanding product usage and enabling product improvements”. As Cisco is a global core infrastructure vendor, this is concerning.
By default, the system collects “MAC addresses” that identify employee devices. While it supports “MAC randomization” to “limit user tracking and support privacy requirements”, Cisco emphasizes that this option will render location analytics “unreliable” and make several applications impossible. The company also emphasizes that employers can export location data to “correlate” it “with other data sources” and integrate it with other enterprise software such as “human resource management systems”.
Third-party vendors can offer applications that are integrated with Cisco’s data. Locatee offers an application that utilizes Cisco’s location tracking data for its workplace analytics system. IBM offers an application that utilizes Cisco data to analyze how employees use offices and desks and how they move in buildings. It also provides “anomaly detection”, promising to detect occupancy patterns that deviate from “normal” patterns.
In addition to wireless networking infrastructure, the system can also turn Cisco’s security cameras and the company’s WebEx video conferencing devices into sensors. Data from video cameras can be utilized to analyze the “behavior of people within physical spaces”, for example, by tracking the number of persons staying in a space, entering or exiting it. As such, Cisco repurposes data from a highly intrusive video surveillance system, originally intended for security and safety purposes, to analyze indoor movements.
Juniper, another large network technology vendor, offers a similar indoor location tracking system:
Juniper uses both Wi-Fi and Bluetooth/BLE technology to locate objects, employees and other persons in buildings. Its Wi-Fi access points can locate people either via their devices or via extra badges carried by them. Employers can see the current location of each device in the building on a map and analyze up to 13 months of past data to “perform long-term historical time series analyses” of employee behavior.
The system provides reports about how employees move between different “zones” in offices and buildings. An example report in Juniper’s technical documentation shows how 551 employee devices were located in a zone labeled “break area / kitchen”, with an average duration of 13.5 minutes per visit. The report also provides records about each tracked activity, including the “device name” and the exact “enter” and “exit” times.
Juniper promotes various applications for its system. In addition to optimizing “space utilization by tracking employee traffic patterns” in offices, employers can use it to “locate key human resources such as nurses, security guards, and sales associates”. Retailers can use it to “track personnel and equipment”, “optimize shelf management” and prevent theft. Hospitals can use it to monitor “employee health and safety”. Manufacturers can use it “optimize workflows”. Together with third-party vendors, Juniper provides “tailored workflow applications” that utilize its location tracking system and “enable data-driven decision making”.
Concluding remarks
Tracking and analyzing employees’ desk presence, indoor location and movements represents intrusive behavioral monitoring and profiling. Even if employers analyze the data only at the aggregate level, they process extensive personal data on employee behavior. Once deployed in the name of “good”, whether for worker safety, energy efficiency or just improved convenience, these technologies normalize far-reaching digital surveillance, which may quickly creep into other purposes. Whether based on existing infrastructure or newly installed tracking technology, the systems examined in this case study raise serious concerns about employee privacy and data protection in the workplace.
The findings of this case study will be incorporated in the main report of the ongoing project “Surveillance and Digital Control at Work” (2023-2024) led by Cracked Labs, which aims to explore how companies use personal data on workers in Europe. The main report will draw further conclusions.