According to internal documents obtained by Reuters, Meta Platforms intends to gather more comprehensive records on U.S. employees’ computer usage for the purpose of training its AI models than previously stated. It also plans to collect non-U.S. data during this process.
According to rights groups who spoke to Reuters, the documents present significant challenges for the project, which is a crucial part of CEO Mark Zuckerberg’s larger aim to change the company’s operations around AI agents. These challenges might lead Meta into a new European privacy dispute.
The Facebook and Instagram owner told staff last month it was launching the tool to capture how people use computers, including mouse movements, clicks and navigation through dropdown menus, in order to build AI agents that can perform everyday software tasks autonomously.
The tool, called Model Capability Initiative, or MCI, is pulling in data from more than 200 apps and websites, according to a list Meta shared with staffers. The company said it would impact only U.S. employees and that safeguards were in place to protect sensitive information.
In the weeks since its launch, however, Meta employees have complained that MCI was consuming so much data that it was causing their home internet usage to spike, in some cases using up an entire month’s quota within days, according to internal posts seen by Reuters.
Meta also acknowledged in a question-and-answer document provided to employees that the tool would capture the contents of any emails or direct messages sent to U.S. personnel, regardless of the sender’s location.
In a statement, Meta spokesperson Dave Arnold said MCI was installed only on U.S. employees’ devices and that its focus was on how people interact with computers, not the content on their screens.
“In the interest of transparency, we notified non-U.S. employees that it was deployed on the computers of U.S. colleagues they may email or chat with in the normal course of business,” said Arnold.
He confirmed the approximate number of apps and websites the tool is tracking, but declined to answer detailed questions about how much data it is ingesting and its legality.
“We carefully considered and mitigated potential privacy risks in both the development and deployment of this tool, and we are committed to complying with applicable laws and regulations,” he said.
GDPR Compliance Qusetions Emerge
The findings could deepen Meta’s regulatory troubles in the European Union, where tech companies are facing heated legal clashes over how they collect and deploy data.
While U.S. workers have few protections against employer surveillance, companies operating under the EU’s General Data Protection Regulation must have a legal basis for processing personal data, disclose what is collected and meet strict conditions for especially sensitive data like health information.
In Meta’s FAQ document on MCI, one entry addressed the tracking from the perspective of a non-U.S. employee: “I’m based outside the U.S. Will my conversations or data be captured if I’m communicating with a U.S.-based colleague who has the tool enabled?”
The company’s response: “If a U.S.-based colleague has the tool enabled while gchatting or emailing with someone outside the U.S., that activity would be captured.”
Meta also said in the FAQ that data collected by MCI would be “dissociated” from identifying employee information and therefore could not be looked up or deleted for individuals, a requirement in Europe.
Kleanthi Sardeli, a legal expert at privacy advocacy group NOYB (“none of your business”), told Reuters that even limited or indirect capture of EU employee data could put Meta in violation of GDPR rules.
Key sticking points could include whether the tool’s collection of European data is considered “incidental” or counted as monitoring under the GDPR, and whether the initiative can pass a “purpose limitation” test, she added.
“This data was originally collected for the purpose of work communication and fulfilling an employment contract. Taking an employee’s chat and ingesting it into an AI model is incompatible with that initial purpose,” said Sardeli.
Meta told the Irish Data Protection Commission, its lead EU privacy regulator under GDPR, that neither EU employee data nor the recording of screen content “falls within the primary purpose of the tool,” a DPC spokesperson told Reuters, without elaborating.
Arnold, the Meta spokesperson, declined to comment on the company’s exchanges with regulators.
Employee Backlash Over Data Scope
The MCI project is part of a far-reaching restructuring at Meta aimed at handing large swaths of work over to AI agents, which has prompted an angry backlash among employees, who have likened Meta to an “Employee Data Extraction Factory.”
In an internal post, one employee shared findings of a detailed analysis of MCI log files performed with the aid of Anthropic’s Claude, the type of AI tool Meta has been pushing staffers to incorporate into their workflows.
According to the analysis — replicated by others — MCI was tacked on to the company’s existing data security software, giving it access to additional details including employees’ code changes, their computers’ sleep and wake cycles, URLs visited and any clipboard content they copy and paste, which it then stored less securely in unencrypted form.
Compiling that volume of data would make it possible to build “a complete behavioral model of how a knowledge worker does their job,” the employee wrote.
“Not ‘an AI that clicks a dropdown for you’ but ‘an AI that knows which dropdown to click, what to select, which document to paste it into, and what to do next,’” she wrote.
The employee’s post later vanished, two other employees told Reuters.
Arnold, the Meta spokesperson, called the post’s conclusions “fundamentally inaccurate,” but declined to address questions about its claims or say whether the company had removed it.
Johnny Ryan, director of the Irish Council for Civil Liberties’ Enforce unit, said the exchanges inside Meta reinforced why he considers it “essential” that the DPC investigate the initiative.
“This situation, this case, is not limited to Meta employees. It relates to every employee in every sector where they could be replaced. Everybody cares about this if they understand what it is,” he said.
(Agency)
Syed Ziyauddin is a media and international relations enthusiast with a strong academic and professional foundation. He holds a Bachelor’s degree in Mass Media from Jamia Millia Islamia and a Master’s in International Relations (West Asia) from the same institution.
He has work with organizations like ANN Media, TV9 Bharatvarsh, NDTV and Centre for Discourse, Fusion, and Analysis (CDFA) his core interest includes Tech, Auto and global affairs.
Tweets @ZiyaIbnHameed
