Meta faces multiple complaints in Europe over plans to train AI on user data

Opt out, if you can, or prepare for your posts to be ingested

Meta's plans to use customer data in AI training have resulted in complaints to data protection authorities in 11 European countries.

The complaints were filed by privacy activist group noyb following updates to Meta's privacy policy. The updates are due to take effect worldwide on June 26.

The main issue, according to noyb, are proposals by Meta to use years of everyone's posts – including images – "to develop and improve AI at Meta." Private messages between the user and friends and family are not used to train the corporation's AIs.

Rather than Meta asking for consent, users must opt out of the on-by-default data slurp, though not everyone can opt out. And once the data has been entered into the models, there appears to be no option to scrub it. The Register asked Meta how a user would go about removing their data, and the mega-biz has yet to respond to that point.

As we understand it, users in Europe will get the ability to opt out, due to GDPR, by going to the Privacy Policy page in their Facebook and Instagram apps, via the Settings and About screens, and checking out the Right to Object box. People outside of Europe are out of luck: There is no opt out coming.

Noyb founder Max Schrems said: "Meta is basically saying that it can use 'any data from any source for any purpose and make it available to anyone in the world,' as long as it's done via 'AI technology.' This is clearly the opposite of GDPR compliance."

He added: "'AI technology' is an extremely broad term. Much like 'using your data in databases,' it has no real legal limit. Meta doesn't say what it will use the data for, so it could either be a simple chatbot, extremely aggressive personalized advertising or even a killer drone. Meta also says that user data can be made available to any 'third party' – which means anyone in the world."

A spokesperson for Meta told The Register: "We are confident that our approach complies with privacy laws, and our approach is consistent with how other tech companies are developing and improving their AI experiences in Europe."

Ah, yes, the old, "Well, everyone else is doing it, so why can't we?" defense. Also, in Europe? So, screw everyone else? It seems so.

The Register understands that Meta has talked to the Irish Data Protection Commission (DPC) about its plans, which prompted noyb to thunder that the "Irish DPC is complicit (again)."

Schrems said: "It seems that the DPC's new management is just continuing to make illegal 'deals' with big tech companies from the US. It is mind-boggling that the DPC continues to let the misuse of the non-public personal data of about 400 million European users go unchecked."

The 400 million figure comes from the number of European users that would have to opt out via an objection form, based on data published by Statista.

Time is also short for opting out of the slurp, for those who can. The new policy goes into effect by the end of the month, and without a clear way of removing data once it has been ingested, any opt-outs will need to have been actioned by then.

Meta has a long history of travails with the EU over privacy and data collection. The corporation's plans for a "Pay or OK" model, where customers can pay a subscription to avoid targeted ads, have attracted criticism from privacy campaigners and authorities alike. ®

More about


Send us news

Other stories you might like