noyb Urges 11 DPAs to Immediately Stop Meta’s Abuse of Personal Data for AI
Over the past few days, Meta informed millions of Europeans about changes to its privacy policy. Upon closer inspection, it was revealed that the company plans to use personal posts, private images, and online tracking data for an undefined AI technology, which could share any information with third parties. Meta claims a legitimate interest to override data protection and privacy, offering no option for users to remove their data, challenging the right to be forgotten.
noyb has now filed complaints in 11 European countries, asking authorities to urgently stop this change before it takes effect on 26 June 2024. The complaints were lodged in Austria, Belgium, France, Germany, Greece, Italy, Ireland, the Netherlands, Norway, Poland, and Spain.
Meta’s new privacy policy indicates it will use all public and non-public user data collected since 2007 for any AI technology. This includes data from dormant Facebook accounts and additional information from third-party sources. Users have no information about the purpose of this AI technology, which noyb asserts violates GDPR requirements. Meta’s policy could affect around 4 billion users globally.
Max Schrems, a privacy advocate, highlighted that Meta is asserting it can use any data from any source for any purpose, available to anyone worldwide through AI technology. This approach contradicts GDPR compliance.
Normally, processing personal data in the EU is illegal without a legal basis. Meta should rely on opt-in consent but claims a legitimate interest, previously rejected by the Court of Justice for advertising purposes. Now, Meta uses this argument for broader AI data usage, ignoring prior court judgments.
Meta requires users to fill out a complex objection form to opt out, placing the burden on users, which Schrems criticizes as absurd. He noted that the law mandates Meta to get opt-in consent, not use misleading opt-out processes.
The Irish Data Protection Commission (DPC) has been implicated, with past deals allowing Meta to circumvent GDPR, ending in a significant fine. Schrems suggested DPC’s new management continues making illegal deals with big tech, letting misuse of personal data go unchecked.
Given Meta’s AI processing set to start on 26 June 2024, noyb requested an urgency procedure under Article 66 GDPR. Data protection authorities in the 11 nations may issue a preliminary halt with an EU-wide decision via the European Data Protection Board (EDPB).
Schrems hopes for swift action from authorities outside Ireland and noted prior EDPB urgency decisions against Meta and the DPC.
Penalties for failing to distinguish between users protected by GDPR and those not covered could compound the issue. Meta has stated its inability to differentiate between sensitive data, further complicating the lawful basis for its AI-driven data usage.
Source: noyb urges 11 DPAs to immediately stop Meta’s abuse of personal data for AI.