Meta’s controversial bid to train its artificial intelligence on the data of Facebook and Instagram users could be about to hit another snag.
Under scrutiny from European regulators, the social media giant pressed pause on the divisive plans in mid-June, but now it’s facing pressure to scrap the policy altogether.
A digital rights organisation called the Open Rights Group (ORG) has filed a formal complaint against Meta with the UK’s data regulator, the Information Commissioner’s Office (ICO).
In it, the group states that nothing short of a legally binding decision will prevent Meta from making good on its plans to feed user data to its large-language model, a move it claims violates the UK GDPR “on a number of levels”.
Meta, meanwhile, said they “remain highly confident that our approach complies with European laws and regulations”.Introduced in the EU and the UK in 2018, the General Data Protection Regulation (or GDPR) is designed to bolster online privacy and give individuals more control over their personal info.
Specifically, the ORG says that, despite Meta’s pleas to the contrary, its AI policy has no “legitimate interest” under GDPR.
Legitimate interest was the legal justification Meta was leaning on to process user data without explicit consent. The company’s revised privacy policy, including the updated rules on AI training, was slated to come into effect on June 26 before Meta put the brakes on it.
The ORG also reels off several additional reasons why Meta’s plan isn’t up to snuff. It alleges that Meta doesn’t specify the purpose of its AI data processing; deters users from backing out by “pretending” to only offer the option to “object” to data collection instead of an opt-out mechanism; and isn’t transparent enough about why and how it will use user data, among other GDPR-infringing reasons.
The Standard has reached out to Meta for comment.
“Meta’s plans to ingest its users’ data, posts and pictures will impact more than 50 million Instagram and Facebook users in the UK,” said Mariano delli Santi, complainant and legal and policy officer at ORG.
“It’s not acceptable that the company are making a half-hearted attempt to enable people to opt out rather than give their consent to such intrusive data processing.”
What is Meta changing in its privacy policy?
Meta ruffled feathers with its revised privacy policy in May, which would have seen it collect a wide range of user data for AI training purposes, including Facebook and Instagram photos and content from private messages with its as-yet unavailable chatbots.
The plans prompted not-for-profit privacy activist organisation NOYB (“none of your business”) to file 11 complaints with constituent EU countries, arguing that Meta was falling short of various articles of the GDPR.
Both the Irish Data Protection Commission (Meta’s lead regulator in Europe) and the ICO requested that Meta pause its plans until it could address the concerns raised.
What has Meta said?
At the time, Meta said it was “disappointed” by the decision. With its AI tools already available in the US, Meta said the setback would further delay their release in Europe.
“We remain highly confident that our approach complies with European laws and regulations. AI training is not unique to our services, and we’re more transparent than many of our industry counterparts,” Meta’s Stefano Fratta, global engagement director of privacy policy, wrote in a blog post on June 10.
What is the ORG?
The Open Rights Group (ORG) has a history of legal action promoting digital privacy. It has challenged government surveillance powers in the Investigatory Powers Act, fought for migrants' data access rights, and opposed measures seen as harmful to free speech, such as age verification for adult websites and automated upload filters in copyright law.
The ORG has also taken on the advertising technology industry and the ICO, pushing for stricter enforcement of data privacy rights.