“The first day after rollout — panic in the team. ‘They can see our passwords!' ‘They're reading our personal messages!' ‘They know what I was Googling about salaries!' I gathered everyone and projected exactly what a manager sees: a list of applications, time spent in them, categories. That's it. No passwords, no text, no content. ‘This is everything I see. If you like, I'll show you my own screen in the system.' The panic was gone in 20 minutes. It turned out the fear wasn't about computer activity tracking itself — it was about not knowing what exactly was being recorded.”
There are more myths than facts surrounding computer activity tracking. Employees imagine total surveillance of every pixel on their screen. Managers sometimes believe they “see everything.” The reality sits somewhere in between — and it's far more mundane. This article gives an honest breakdown of what computer activity tracking technically records and what it doesn't, where the line is drawn, and why understanding this matters for both teams and businesses.
In this article, we'll cover what computer activity tracking actually records, which widespread myths don't hold up to scrutiny, and where the legal and technical boundary of privacy lies. Straight talk, no marketing, in full compliance with Ukrainian law.
The main fear: “they see everything”
The most common reaction to news of computer activity tracking is panic over imagined “total surveillance.” Employees picture:
- Someone reading their personal messages
- Seeing the passwords they type
- Knowing the contents of every document
- Recording their every move as a video
In 95% of cases, all of this is myth. Real computer activity tracking captures far less — and far more mundane data. But the fear is real, and it stems precisely from not knowing what is actually happening.
“I understood the paradox: the team wasn't afraid of computer activity tracking itself — they were afraid of their own fantasies about it. When I showed them reality — a list of apps and time, with zero content — the relief was visible. One person said: ‘I thought you were reading my chat with my wife.' No. The system has no interest in content whatsoever. The fear lived in the gap between imagination and fact.”
James Clear in Atomic Habits reminds us that uncertainty breeds more anxiety than an unpleasant truth. The unknown around computer activity tracking is scarier than the specific — and quite harmless — facts about what's actually recorded. Transparency, then, is not just an ethical requirement but a practical tool for relieving fear.
What IS actually recorded by activity tracking
Let's get specific about what a typical business computer activity tracking solution technically captures:
What is recorded:
- ✅ The name of the active application (Word, Chrome, Figma)
- ✅ The domain of the website visited (github.com, facebook.com)
- ✅ Start time and duration of work in each application
- ✅ Active and idle periods
- ✅ Activity category (productive / neutral / unproductive)
- ✅ Number of switches between applications
This is metadata — information about activity, not its content. Think of it like a phone bill: it shows who you called, when, and for how long — but it doesn't record the conversation itself. Computer activity tracking works the same way.
| What is recorded | Analogy |
|---|---|
| Application name | “Called this number” |
| Time and duration | “At 2:00 PM, for 12 minutes” |
| Website domain | “Visited this site” |
| Category | “Work / personal call” |
“The best analogy I found for the team: computer activity tracking is like an itemized phone bill. You can see that someone was in Figma for 2 hours (like ‘the call lasted 2 hours'). But you can't see what they were designing (just as you can't hear what was said). That cleared up 90% of the anxiety — people understood the scale and nature of what's being recorded.”
→ About activity data — in the article Computer monitoring software: 12 features and how they work
What is NOT recorded (and shouldn't be)
Now the most important part for dispelling fears — what computer activity tracking does not record (and in many cases has no legal right to):
NOT recorded by a compliant system:
- ❌ The content of your messages and emails
- ❌ Passwords (recording keystrokes = keylogger = Art. 163 of the Criminal Code)
- ❌ The text of documents you are writing
- ❌ The content of personal chats
- ❌ What you do at home on a personal device
This isn't a matter of a vendor's goodwill — it's a legal boundary. Article 31 of the Constitution of Ukraine guarantees the confidentiality of correspondence. Article 163 of the Criminal Code punishes its violation. Keyloggers (keystroke recorders) are illegal. A compliant system therefore deliberately does not record content.
| What is NOT recorded | Why |
|---|---|
| Content of correspondence | Art. 31 of the Constitution (confidentiality) |
| Keystrokes / passwords | Art. 163 of the Criminal Code (keylogger is illegal) |
| Text of documents | Outside the scope of time tracking + privacy |
| Personal devices outside of work | Boundary of the employment relationship |
It's important to understand: if a system promises to record the content of correspondence or keystrokes, it's not a “more powerful tool” — it's an invitation to break the law, with criminal liability for the employer.
“I specifically asked a computer activity tracking vendor: ‘Is it possible to see what people are writing?' The answer was the right one: ‘No, and you shouldn't want to — that's a keylogger, Article 163 of the Criminal Code. You don't want a criminal case.' A vendor offering content recording is a red flag. A compliant system deliberately limits itself to metadata, because it knows the law.”
→ About illegal practices — in the article Computer surveillance: what it is, types, and how it works
Myths vs. reality: a point-by-point breakdown
Let's line up the most common myths about computer activity tracking and compare them with reality:
| Myth | Reality |
|---|---|
| “They can see my passwords” | No — that would be a keylogger, which is illegal (Art. 163 of the Criminal Code) |
| “They read my messages” | No — only the fact of using a messenger is recorded, not its content |
| “They record video of my screen” | Typically no — it's a structured timeline, not a video recording |
| “They monitor me at home” | No — only the work device during work hours |
| “They know every click I make” | They see applications and time, not every action within them |
| “It was installed secretly” | Illegal without consent (Art. 6 of the Law on Personal Data Protection) |
| “The data will be used against me” | Depends on company culture; it should be used for development |
Most fears relate to things that are either not technically recorded by a compliant system or are outright illegal. Real computer activity tracking is far more modest than people imagine.
“We made a myth/reality table like this and distributed it to the team when rolling out computer activity tracking. It was the single most effective step. Instead of vague fears — concrete answers. ‘Can they see passwords?' — no, here's why. ‘Do they read chats?' — no, here's why. Specifics kill panic. Transparency about boundaries is 80% of a successful rollout.”
Why boundaries benefit the business too
It might seem that the limits of computer activity tracking are a concession to employees at the expense of the business. In reality, boundaries benefit the business as well. Here's why:
1. Legal protection
Tracking within the bounds of metadata is legal. Accessing content is a criminal risk (Art. 163 of the Criminal Code) and exposes the employer to regulatory fines. The boundaries protect the employer themselves.
2. Preserving trust
A team that understands clear boundaries (“we track work activity, not content”) works without anxiety. Unlimited surveillance destroys trust and drives away top performers.
3. Sufficient for management
Metadata provides 90%+ of management value. Knowing that someone spent 3 hours on social media instead of working is enough. Reading what exactly they wrote there is excessive and counterproductive.
4. Focus on what matters
Content pulls attention to trivialities and invites micromanagement. Metadata keeps focus on what actually matters — how time is distributed.
| Aspect | Unlimited surveillance | Metadata-based tracking |
|---|---|---|
| Legal risk | High (Art. 163 of the Criminal Code) | Minimal |
| Team trust | Destroyed | Preserved |
| Management value | Overload + noise | Sufficient for decisions |
| Focus | On trivial details | On time distribution |
“At first I wanted to ‘see everything' through computer activity tracking. I thought boundaries were a concession. My lawyer and practical experience convinced me otherwise: boundaries are protection for my business. Metadata gives me everything I need to manage. Content would bring legal risk, eroded trust, and a flood of useless information. Boundaries benefit both sides. This isn't a compromise — it's the optimum.”
Greg McKeown in Essentialism reminds us that more information isn't always better — what matters is having the right information. The metadata from computer activity tracking is the right information for management. Content is noise that creates risk without adding value.
→ About the sufficiency of metadata — in the article Computer monitoring software: why “surveillance” is the wrong frame
Legal boundaries: what Ukrainian law permits
Let's summarize the legal framework for computer activity tracking in Ukraine:
Permitted (legal with consent):
- Recording working hours (Art. 30 of the Labour Code — even mandatory)
- Logging the applications and websites used
- Categorizing activity
- Productivity analytics based on metadata
Prohibited:
- Recording keystrokes / passwords (keylogger — Art. 163 of the Criminal Code)
- Reading the content of correspondence (Art. 31 of the Constitution)
- Covert tracking without consent (Art. 6 of the Law on Personal Data Protection)
- Monitoring personal devices outside of work
Mandatory conditions:
- Internal order + internal labour regulations (Art. 142 of the Labour Code)
- Written consent (Art. 6 of the Law on Personal Data Protection)
- Employee access to their own data (Art. 24 of the Law on Personal Data Protection)
- Transparency
| Aspect | Legal norm |
|---|---|
| What is permitted | Metadata (Art. 30 of the Labour Code) |
| Content of correspondence | Prohibited (Art. 31 of the Constitution) |
| Keyloggers | Prohibited (Art. 163 of the Criminal Code) |
| Consent | Mandatory (Art. 6 of the Law on Personal Data Protection) |
| Covert tracking | Prohibited |
“My lawyer summed up the boundaries of computer activity tracking simply: ‘You can record WHAT and WHEN — applications, time, websites. You cannot record CONTENT — what was written, which passwords were used. The first is time tracking (legal). The second is a violation of confidentiality (Art. 163 of the Criminal Code). Stay on the right side of that line and you're always within the law.'”
→ About legal implementation — in the article Time tracker: how to choose and implement one in compliance with Ukrainian law
Conclusions
Computer activity tracking is surrounded by myths that are scarier than the reality. In practice, a compliant system records metadata (applications, time, websites, categories) but not content (correspondence, passwords, text). This boundary isn't a matter of goodwill — it's a legal requirement (Art. 31 of the Constitution, Art. 163 of the Criminal Code). And it benefits both sides: businesses get everything they need to manage effectively without legal risk, while teams gain peace of mind through clear, understandable limits. Transparency about what is recorded is the most effective way to eliminate fear.
Key takeaways from this article
- Fear comes from not knowing what exactly is being recorded
- What is recorded is metadata: application, time, website, category (like an itemized bill)
- What is NOT recorded is content: correspondence, passwords, text (Art. 31, Art. 163 of the Criminal Code)
- Most fears relate to practices that are either illegal or technically not used by compliant systems
- Boundaries benefit the business: legal protection + trust + sufficient data
- Transparency about boundaries = 80% of a successful rollout
“Computer activity tracking is not a ‘big eye' that sees everything. It's an itemized record of working time: when and what people were doing, without any intrusion into content. Once teams understand the real limits, the fear disappears — and businesses get exactly what they need to manage effectively. No more, no less.”
FAQ
Can an employer see my passwords through computer activity tracking?
No, not through a legal system. Recording passwords means recording keystrokes (a keylogger), which violates Art. 31 of the Constitution and falls under Art. 163 of the Criminal Code. Compliant computer activity tracking records that you were in a particular application or on a website — not what you typed into it. If a system records passwords, it is illegal, and the risk lies primarily with the employer.
Does computer activity tracking monitor my activity on my personal phone or at home?
No. Tracking applies to work devices in a work context. Monitoring personal devices or activity outside of work goes beyond the scope of the employment relationship and violates privacy. If you work on your own device (BYOD), the boundaries must be clearly defined — typically only the work profile or work hours are tracked, not personal use.
How can I verify that computer activity tracking in my company is lawful?
Three signs of legality: (1) you were informed and gave written consent; (2) it records metadata (applications, time), not the content of correspondence or passwords; (3) you have access to your own data (Art. 24 of the Law on Personal Data Protection). If tracking is covert, records content, or you are denied access to your own data — these are signs of a violation. You have the right to ask your employer about the exact boundaries of what is being recorded.
