Meta tool to track employee mouse clicks on collision course with EU privacy rules
Meta’s Model Capability Initiative (MCI) tool tracks U.S. employees’ computer usage—including mouse movements, clicks, and email content—to train AI models, but risks violating EU privacy laws by capturing non-U.S. data during cross-border communications. Employees report excessive data consumption, while Meta insists safeguards are in place, though legal experts warn of potential GDPR violations due to indirect data collection on EU workers.
Meta’s AI training tool, called the Model Capability Initiative (MCI), is collecting detailed records of U.S. employees’ computer activity—such as mouse movements, clicks, and navigation—to develop AI agents capable of performing software tasks autonomously. The tool, deployed last month, tracks data from over 200 apps and websites, including email and direct message content sent to U.S. personnel, regardless of the sender’s location. Internal documents reviewed by Reuters reveal the tool’s scope extends beyond initial claims, raising concerns about compliance with European privacy laws. Meta acknowledged in an employee FAQ that if a non-U.S. employee communicates with a U.S.-based colleague using MCI, their activity may be captured. The company states data is ‘dissociated’ from employee identities, but legal experts argue this could still violate the EU’s General Data Protection Regulation (GDPR). Employees have reported excessive data usage, with some experiencing depleted monthly internet quotas within days due to MCI’s activity. Meta spokesperson Dave Arnold confirmed the tool is limited to U.S. devices but declined to detail data ingestion volumes or legal assessments. He emphasized compliance with applicable laws but did not address potential GDPR risks for non-U.S. workers indirectly affected. Privacy advocacy group NOYB warns Meta’s approach may fail GDPR’s ‘purpose limitation’ test, as the tool’s data collection could be deemed excessive or unauthorized. Legal expert Kleanthi Sardeli noted that even incidental capture of EU employee data could trigger regulatory scrutiny, particularly if the tool’s monitoring extends beyond U.S. borders. Meta’s AI ambitions—central to CEO Mark Zuckerberg’s strategy—now face regulatory hurdles, particularly in the EU, where strict data protections clash with aggressive surveillance tactics. The controversy underscores tensions between U.S. tech practices and global privacy standards, with potential legal repercussions for Meta if EU authorities intervene.
This content was automatically generated and/or translated by AI. It may contain inaccuracies. Please refer to the original sources for verification.