noyb urges 11 DPAs to immediately stop Meta's abuse of personal data for AI
Over the past few days, Meta has informed millions of Europeans that its privacy policy is changing once again. Only on closer inspection of the links in the notification did it become clear that the company plans to use years of personal posts, private images or online tracking data for an undefined "AI technology" that can ingest personal data from any source and share any information with undefined "third parties". Instead of asking users for their consent (opt-in), Meta argues that it has a legitimate interest that overrides the fundamental right to data protection and privacy of European users. Once their data in the system, users seem to have no option of ever having it removed ("right to be forgotten"). noyb has now filed complaints in 11 European countries, asking the authorities to launch an urgency procedure to stop this change immediately, before it comes into force on 26 June 2024.
All non-public data for some undefined future "AI technology". Unlike the already problematic situation of companies using certain (public) data to train a specific AI system (e.g. a chatbot), Meta's new privacy policy basically says that the company wants to take all public and non-public user data that it has collected since 2007 and use it for any undefined type of current and future "artificial intelligence technology". This includes the many "dormant" Facebook accounts users hardly interact with anymore – but which still contain huge amounts of personal data. In addition, Meta says it can collect additional information from any "third party" or scrape data from online sources. The only exception seems to be chats between individuals – but even chats with a company are fair game. Users aren't given any information about the purposes of the "AI technology" – which is against the requirements of the GDPR. Meta's privacy policy would theoretically allow for any purpose. This change is particularly worrying because it involves the personal data of about 4 billion Meta users, which will be used for experimental technology essentially without limit. At least users in the EU/EEA should (in theory) be protected from such abuse by the GDPR.
