Press "Enter" to skip to content

Too Close for Comfort

Facebook Workplace Has Users Worried About Privacy, Just Like With Facebook

By Joanne Cleaver 

First of two parts.

Facebook’s Workplace collaboration platform has raised privacy fears because of the parent company’s reputation for collecting and protecting data. This report examines the data-privacy issues surrounding Workplace.

The terrific thing about Facebook Workplace is that it looks, feels and operates like the Facebook used by hundreds of millions of consumers. 

But the privacy-eroding thing about Workplace is that it looks, feels and operates like the Facebook used by hundreds of millions of consumers.

It’s precisely because the Workplace platform is modeled after Facebook, which undermines the privacy of individuals trying to keep their work and personal accounts and communications separate, said Justin Antonipillai, founder and CEO of Wirewheel in Arlington, Va.

Wirewheel equips companies with workforce and enterprise privacy tools.

“When you use Facebook’s Workplace, you need to be sure you’re not sharing things in Workplace that you’d never share in your consumer Facebook feed,” Antonipilla told Digital Privacy News. “There’s nothing inherently wrong about Workplace.

“It’s a tool for collaboration — but as an employee, you have to make sure you use the tool in only in a professional way.

“When people come into Workplace, they’re worried about how information is collected about them, because they know how Facebook works.”

Employee Monitoring

Antonipillai and other consultants who work with employers on collaboration platforms and privacy issues told Digital Privacy News that all employees realized that platforms like Slack, Asana and Trello were controlled and monitored by employers.

The difference, they said, is that those platforms are not owned by a company that also operates the world’s biggest social network — and that is notorious for violating its own privacy standards. 

“When people come into Workplace, they’re worried about how information is collected about them, because they know how Facebook works.”

Justin Antonipillai, Wirewheel.

“People approach Workplace with trepidation because they know they’ll definitely have to manage the privacy issues,” said Joe Hartsel, the national enterprise collaboration practice lead for Centric Consulting in Columbus, Ohio.

“One of our financial-services clients piloted Workplace and dropped it because people didn’t want to use it, for concern about managing separate identities.

“The company’s thinking was that they wouldn’t have to spend time training employees on how to use it,” Hartsel continued. “But employees were concerned about managing two (Facebook) identities and about preserving personal privacy.”

Functional Communications

Workplace is mainly intended for far-flung workforces — in such industries as transportation, delivery, retail and field operations, which need workers to stay in touch with bosses and peers — but mainly for functional communication.

Collaboration-platform consultants, who typically integrate privacy guardrails into their client recommendations, said field workers usually don’t need deep collaboration and project management tools for virtual collaboration.

For instance, such workers need to communicate about traffic conditions, shift-staffing and daily operations — rather than work together for long periods on, say, computer coding or solving complex problems. 

Launched in 2019, Workplace now claims five million users. The platform costs $4 to $8 per worker, per month, depending on the level of support.

“People didn’t want to use it, for concern about managing separate identities.”

Joe Hartsel, Centric Consulting.

But employers have a hard enough time ensuring that personal information is not shared on protected, stand-alone collaborative platforms, Centric Consulting’s Hartsel said.

Because Facebook’s consumer platform is so easy to use, and because Workplace does not include some privacy and security checkpoints that are standard in other platforms, it’s easy for individuals to simply use Workplace the same way they do Facebook.

If that results in an employee sending sensitive data — a Social Security number, for instance — over Workplace instead of through a more secure platform, employers now face security and privacy risks they can avoid by using other platforms.

And while individuals are aware that all collaboration platforms, and their own employers, are tracking content and use patterns, they don’t have to worry about their personal information escaping that platform to be used by social media sites, which essentially are open to the public, said Rahul Singh, CEO of Anant in Washington.

The data and analytics firm specializes in how employers use collaboration platforms.

“Even though Slack isn’t ‘gaining insights’ on your data, they’re at least getting insights from how the system is used,” Singh explained to Digital Privacy News.

“Even though Slack isn’t ‘gaining insights’ on your data, they’re at least getting insights from how the system is used.”

Rahul Singh, Anant analytics firm.

Employers, he said, typically monitor use patterns — such as busy periods — as well as flag problematic content.

But it’s standard for individuals on platforms like Slack to use a professional email address or identity — and to be vigilant in keeping personal and professional identities separate, Singh said.

“It’s especially dangerous if you are working on client projects,” he observed. “You don’t want to intermix client data.”

Inviting Confusion

While Workplace is a dedicated platform, its similarities to consumer Facebook invite confusion that could compromise business security.

For Singh and for Susan Morrow, Facebook’s consumer platform and Workplace are too close for comfort.

“Facebook has a very poor track record of being respectful towards individual’s privacy,” said Morrow, head of research and development for Avoco Identity, a U.K. firm that creates identity and security tools.

“There is some evidence this attitude has bled over into the corporate-user world too,” she added. “See CERN’s rejection of the Workplace platform.”

Morrow referenced last year’s decision by CERN, the European Organization for Nuclear Research, to disable Workplace because Facebook then was in the process of requiring payment for levels of user security that the Geneva-based group deemed essential.

“Facebook has a very poor track record of being respectful towards individual’s privacy.”

Susan Morrow, Avoco Identity.

CERN’s decision was widely viewed as a strong rebuke to Workplace’s credibility, Morrow said.

“If a company chooses to use Workplace, they should be made fully aware by Facebook at the time of opening an account exactly what data is available to Facebook,” she told Digital Privacy News.

“This awareness should not be shrouded in a privacy policy that is pages long.

“Instead, this should be a separate abstract that has clearly marked information around data-collection and sharing.”

Similarly, said Anant’s Singh: “Facebook, as a website, is not allowed at banks or government operations.

“These are highly regulated networks — and I can’t imagine Facebook as a domain being adopted.”

Thursday: Workplace and Facebook’s ecosystem.

Joanne Cleaver is a business writer in Charlotte, N.C.