Meta's plans to use customer data in AI training have resulted in complaints to data protection authorities in 11 European countries.

The complaints were filed by privacy activist group noyb following updates to Meta's privacy policy. The updates are due to take effect on June 26.

The main issue, according to noyb, are proposals by Meta to use years of posts - including images - "to develop and improve AI at Meta." Private messages between the user and friends and family are not used to train the company's AIs.

Rather than Meta asking for consent, users must opt out of the default data slurp. Once the data has been entered into the models, there appears to be no option to extract it. The Register asked Meta how a user would go about removing their data, but the company has yet to respond.

Noyb founder Max Schrems said: "Meta is basically saying that it can use 'any data from any source for any purpose and make it available to anyone in the world,' as long as it's done via 'AI technology.' This is clearly the opposite of GDPR compliance."

He added: "'AI technology' is an extremely broad term. Much like 'using your data in databases,' it has no real legal limit. Meta doesn't say what it will use the data for, so it could either be a simple chatbot, extremely aggressive personalized advertising or even a killer drone. Meta also says that user data can be made available to any 'third party' - which means anyone in the world."

A spokesperson for Meta told The Register: "We are confident that our approach complies with privacy laws, and our approach is consistent with how other tech companies are developing and improving their AI experiences in Europe."

Ah, yes, the old "Well, everyone else is doing it, so why can't we?" defense.

The Register understands that Meta has talked to the Irish Data Protection Commission (DPC) about its plans, which prompted noyb to thunder that the "Irish DPC is complicit (again)."

Schrems said: "It seems that the DPC's new management is just continuing to make illegal 'deals' with big tech companies from the US. It is mind-boggling that the DPC continues to let the misuse of the non-public personal data of about 400 million European users go unchecked."

The 400 million figure comes from the number of European users that would have to opt out via an objection form, based on data published by Statista.

Time is also short for opting out of the slurp. The new policy goes into effect on June 26, and without a clear way of extracting data once it has been ingested, any opt-outs will need to have been actioned by then.

Meta has a long history of travails with the EU over privacy and data collection. The corporation's plans for a "Pay or OK" model, where customers can pay a subscription to avoid targeted ads, have attracted criticism from privacy campaigners and authorities alike. ®

https://www.theregister.com//2024/06/06/meta_ai_complaints/