[ilyt]

"Concerns about privacy" on just "works at office/remotely" is a weird complaint.

I'd think even under EU and GDPR logging whether user badged in or used VPN would be entirely fine.

[Abroszka]

No, it's not fine. It adds a lot of complications and EU countries are different. It's not an accident that this is US only. The main problem is that while it's fine to collect that data, but to use it to calculate attendance is an another question.

[ilyt]

I think only problem would be not telling the employee that is used as attendance data.

Anyone with full time employment (at least here in Poland) will have attendance data in one or other way because it's required by law