The program, which aims to develop artificial intelligence models by collecting computer usage data of meta employees, has brought about new discussions about the European Union’s strict data protection rules. According to a new report published by Reuters, the company’s employee monitoring system may be collecting more comprehensive data than previously disclosed. This situation may raise legal issues within the scope of the General Data Protection Regulation, known as GDPR, especially in terms of the processing of personal data of European Union citizens.
Reuters reported in the news published in April that Meta would record the keyboard entries, mouse movements and clicks of its employees in the USA. The company confirmed to Engadget at the time that it would roll out an internal tool to collect samples of employees’ daily computer usage habits for certain applications. Meta stated that this data will help artificial intelligence systems better understand real user behavior.
In the new news, it is stated that the scope of the system in question may not be limited only to employees in the USA. According to the question-answer documents obtained by Reuters, the tool called “Model Capability Initiative” (MCI) can also record the contents of e-mails and messages sent or received by employees working in the USA. This can happen regardless of the country in which the person being contacted is located.
For example, it is stated that when a Meta employee in the USA corresponds with a colleague in Europe via Google Chat or sends an e-mail, this communication can be recorded by MCI. In internal company documents cited by Reuters, it is stated that Meta clearly communicated this situation to employees.
Meta’s MCI program monitors over 200 apps and websites
Meta spokesman Dave Arnold told Reuters that employees outside the United States were informed that the tool was active on the computers of their colleagues in the United States. Arnold also stated that the company evaluated potential privacy risks during the development and implementation of the system and took measures to reduce them. The company also emphasized that it is committed to complying with applicable laws and regulations.
However, a legal expert interviewed by Reuters stated that recording data of European Union employees, even to a limited extent, could cause problems in terms of GDPR rules. Under the GDPR, companies must have a valid legal basis for collecting personal data and clearly disclose what data is collected. European Union regulations also include very strict obligations regarding the processing of employee data.
On the other hand, according to Reuters, the MCI system monitors not only messaging and e-mail applications, but also more than 200 applications and websites. Some of the company’s employees claim that the system consumes a high amount of data and that users with monthly internet quotas fill their quotas within a few days. Besides these technical complaints, there are also more fundamental concerns among employees.
Since the program was announced, some Meta employees have expressed discomfort with the data they collect being used to train artificial intelligence systems that can take on their own tasks in the future. According to Reuters, some employees tried to gather support for a petition against the program by distributing leaflets within the company. All this shows that discussions about how employee data will be used in artificial intelligence development processes will remain on the agenda in the technology sector in the coming period. How Meta’s application will be evaluated by regulators in Europe is among the issues that will be watched closely.