Meta’s controversial employee monitoring program is now facing scrutiny over potential violations of European privacy regulations. The social media giant’s tool, designed to track keystrokes and mouse movements to train AI models, may be capturing data from EU employees without following proper consent procedures.
The company’s Model Capability Initiative (MCI) program, which launched earlier this year to monitor US employees’ computer activities, appears to have a broader scope than initially disclosed. Meta has admitted in internal documents that the tool captures emails and messages involving US personnel, regardless of where the other party is located.
According to internal company documents, when US-based employees use the monitoring tool while communicating with international colleagues through email or chat, those conversations get recorded. This means EU employees’ personal data could be collected without their explicit consent – a potential violation of the General Data Protection Regulation (GDPR).
Meta spokesperson Dave Arnold said the company notified non-US employees about the tool’s deployment on their US colleagues’ computers. He emphasized that Meta “carefully considered and mitigated potential privacy risks” and remains “committed to complying with applicable laws and regulations.” However, legal experts suggest even limited collection of EU employee data could breach GDPR requirements.
The GDPR mandates that companies must have a legal basis for collecting personal data and clearly disclose what information they’re gathering. Companies that violate these rules can face fines of up to 4% of their global annual revenue – potentially billions of dollars for a company like Meta.
The monitoring program tracks data from over 200 apps and websites as part of Meta’s AI training initiative. This extensive surveillance has created practical problems for employees, with some reporting that the tool consumes their monthly data quotas within just a few days.
Employee pushback against the program has been significant since its launch. Workers have expressed concerns about helping train AI systems that could eventually replace them. Some have even distributed flyers and organized petitions protesting the monitoring program.
This controversy highlights the growing tension between tech companies’ AI development needs and employee privacy rights. As companies rush to collect training data for their AI models, they’re facing increased scrutiny over their data collection practices – especially when those practices cross international borders with different privacy standards.
The situation also demonstrates how US tech companies must navigate complex international privacy laws as they expand their operations globally. What might be acceptable under US employment law could violate stricter European regulations, creating compliance challenges for multinational corporations.