Meta’s Employee Tracking Tool Faces EU Privacy Risks Amid Data Collection Expansion
New York: Meta Platforms’ initiative to gather detailed records of U.S. employees’ computer usage for training its artificial intelligence models has revealed a broader scope than initially communicated. Internal documents indicate that this initiative, known as the Model Capability Initiative (MCI), is set to capture data from non-U.S. employees as well, raising significant privacy concerns, particularly in Europe.
This development is part of CEO Mark Zuckerberg’s overarching strategy to integrate AI agents into the company’s operations. The tool aims to analyze user interactions with computers, including mouse movements, clicks, and navigation through various software interfaces. The goal is to develop AI agents capable of performing routine tasks autonomously.
Data Collection Scope and Employee Concerns
The MCI is reportedly aggregating data from over 200 applications and websites, as outlined in materials shared with Meta staff. Initially, the company stated that the tool would only affect U.S. employees and that measures were in place to safeguard sensitive information. However, employees have raised alarms about the tool’s data consumption, with reports of home internet usage spiking dramatically—some employees have noted that their monthly data limits were being exhausted within days.
Moreover, Meta has acknowledged that the tool captures the content of emails and direct messages sent to U.S. personnel, regardless of the sender’s location. In a statement, Meta spokesperson Dave Arnold clarified that MCI is installed solely on U.S. employees’ devices and focuses on user interaction with computers rather than the content displayed on their screens. He emphasized that non-U.S. employees were informed of the tool’s deployment on the computers of their U.S. colleagues.
Arnold confirmed the number of applications and websites being monitored but refrained from providing specific details regarding the volume of data being collected or its legal implications. He stated that the company had carefully considered privacy risks during the tool’s development and is committed to adhering to relevant laws and regulations.
Compliance Challenges in the European Union
The findings surrounding the MCI could exacerbate Meta’s regulatory challenges in the European Union, where tech companies are facing intense scrutiny over data collection practices. While U.S. employees have limited protections against workplace surveillance, companies operating under the EU’s General Data Protection Regulation (GDPR) must establish a legal basis for processing personal data, disclose what is collected, and comply with strict conditions for sensitive data.
In a FAQ document related to MCI, the company addressed concerns from non-U.S. employees regarding whether their communications with U.S.-based colleagues would be captured if the tool was enabled. The response indicated that any such interactions would indeed be recorded.
Furthermore, Meta stated that data collected by MCI would be “dissociated” from identifying employee information, making it impossible to trace or delete data for individuals, a requirement under GDPR. Kleanthi Sardeli, a legal expert from the privacy advocacy group NOYB, noted that even incidental capture of EU employee data could lead to violations of GDPR regulations. She highlighted critical issues, such as whether the tool’s data collection is deemed “incidental” or classified as monitoring under GDPR, and whether it meets the “purpose limitation” criteria.
Sardeli pointed out that the data was originally collected for work-related communication and fulfilling employment contracts, arguing that using employee chats for AI model training contradicts that initial purpose. Meta has informed the Irish Data Protection Commission, its primary EU privacy regulator, that neither EU employee data nor screen content recording is part of the tool’s main objectives.
Employee Backlash and Internal Discontent
The MCI initiative is part of a significant restructuring at Meta aimed at delegating substantial tasks to AI agents. This shift has sparked considerable backlash among employees, who have described the company as an “Employee Data Extraction Factory.” Internal discussions have revealed that MCI has been integrated with existing data security software, allowing access to sensitive information, including code changes, computer activity logs, and clipboard contents, which are stored in an unencrypted format.
An internal analysis conducted by an employee, utilizing Anthropic’s Claude AI tool, indicated that MCI could compile a comprehensive behavioral model of how knowledge workers perform their jobs. The analysis suggested that the AI could not only automate simple tasks but also understand complex workflows, raising further concerns about employee privacy and autonomy.
Despite the internal dissent, Arnold characterized the conclusions drawn from the analysis as “fundamentally inaccurate” but did not address specific claims or confirm whether the post had been removed from internal discussions.
Johnny Ryan, director of the Irish Council for Civil Liberties’ Enforce unit, emphasized the importance of a thorough investigation by the Data Protection Commission, arguing that the implications of this situation extend beyond Meta employees and affect workers across various sectors facing potential job displacement.
Source: www.emirates247.com
Read all the latest developments and breaking updates in the Latest News section.
Published on 2026-05-29 20:32:00 • By the Editorial Desk
