A privacy advocacy group in the UK, Open Rights Group (ORG), has challenged Meta’s recent privacy policy update. They claim it allows the tech giant to scrape user data for AI training without proper consent.
This policy adjustment, made public on June 26, potentially impacts the personal data of approximately 50 million Facebook and Instagram users in the UK.
Privacy policy concerns
According to ORG, Meta’s revised privacy terms state that the company will use a legal basis termed “legitimate interests” to process users’ personal information to develop its AI technologies. This change, ORG argues, does not sufficiently respect user rights or their ability to consent actively.
The group has officially expressed its concerns to the UK’s Information Commissioner’s Office (ICO), urging an in-depth investigation into Meta’s practices. ORG’s complaint highlights issues such as the vague definitions of AI use, the lack of a straightforward opt-in and opt-out process, and the irreversible nature of data usage once processed.
Inadequate opt-out measures
Mariano delli Santi, legal and policy officer at ORG, criticized Meta’s approach to user data, pointing out that while the company informed users of their right to object to data use, it did not guarantee that such objections would be respected.
“The irreversible impact of data usage once applied means that consent, which should be explicitly given, cannot be meaningfully withdrawn,” said delli Santi. He argues that Meta’s method of handling user data objections and subsequent data processing is inadequate and likely contravenes the General Data Protection Regulation (GDPR) of the UK.
ORG’s action against Meta reflects a broader discontent with the company’s data practices across Europe. In the European Union, a similar complaint by the privacy advocacy group None of Your Business led to Meta pausing its plans to use European user data for training AI systems. Although the UK’s GDPR laws align closely with the EU’s, decisions within the EU do not directly influence Meta’s operations in the UK following Brexit.
Meta’s defense
Despite the complaints, Meta maintains that its data practices comply with legal standards. Following the EU complaint, Stefano Fratta, the global engagement director of Meta Privacy Policy, affirmed the company’s compliance with European laws. “We believe our data usage for AI training is legally sound, and we are committed to transparency, setting us apart from others in the industry,” stated Fratta.
As the debate over user data privacy continues, the ICO’s forthcoming decisions could set significant precedents for AI data usage and privacy rights in the UK. Meta, for its part, seems prepared to defend its practices while facing increasing scrutiny over its handling of user data for AI development.