Tech giant Meta has snubbed a ‘cease and desist’ request from the European digital rights watchdog over their use of personal data to train AI systems, countering that the company is “fully compliant with EU data protection rules”.
In a letter sent on May 14, the European Centre for Digital Rights – known as NOYB (None Of Your Business) – accused Meta of breaching the EU data privacy rules by planning to use personal data from EU Facebook and Instagram users’ accounts to train AI models starting May 27 without asking for “opt-in consent” which would require user permission before their data could be used.
NOYB stated that Meta is instead relying on a different legal basis called “legitimate interest”, which allows data processing without consent. Privacy advocates argue that using this justification for AI training is a stretch, as it bypasses users’ right to choose.
Instead of offering a simple yes-or-no choice, Meta places the burden on users to opt out, and even restricts that right by saying it only applies before data is used for training.
A Meta spokesperson told Brussels Signal on May 14: “NOYB’s arguments are wrong on the facts and the law.”
The spokesperson continued: “We’ve provided EU users with a clear way to object to their data being used for training AI at Meta, notifying them via email and in-app notifications that they can object at any time.”
Meta also accused the EU privacy group of sabotaging AI innovation within the EU.
“NOYB’s copycat actions are part of an attempt by a vocal minority of activist groups to delay AI innovation in the EU, which is ultimately harming consumers and businesses who could benefit from these cutting-edge technologies.”
NOYB has threatened a class action lawsuit against the US company if it fails to comply with the demand.
“We are currently evaluating our options to file injunctions, but there is also the option for a subsequent class action for non-material damages”, said NOYB co-founder Max Schrems.
He warned that if NOYB’s injunctions were filed and won, Meta may be liable for damages to consumers, which could be brought in a separate EU class action in which damages could amount to billions of Euros.
“If you think about the more than 400 million European Meta users who could all demand damages of just €500 or so, you can do the math. We are very surprised that Meta would take this risk just to avoid asking users for their consent,” Schrems added.
NOYB also criticised the EU regulators and Data protection authorities for being lenient in their enforcement of the GDPR.
