The privacy NGO noyb ("none of your business") filed a complaint against social media giant Meta in 11 European countries, including Belgium. Nyob claims the company plans to use users' data for an artificial intelligence (AI) program.
The Vienna-based NGO on Thursday filed complaints in 11 European countries, including Belgium, in light of Meta's plans to 'illegally" use people's data. Users of Facebook, Instagram and WhatsApp, all owned by Meta, have in recent days received notifications informing them that the privacy policy is once again changing.
While most people will likely have accepted the changes without blinking an eye, nyob warned that the changes pose risks to their privacy. It appears the company plans to use years of personal posts, private images or online tracking data for an undefined 'AI technology' that can take personal data from any source and share any information with undefined 'third parties'.
"Meta is basically saying that it can use 'any data from any source for any purpose and make it available to anyone in the world', as long as it’s done via 'AI technology'," nyob's Max Schrems said. Users aren't given any information about the purposes of the "AI technology" – which according to nyob is against the requirements of the GDPR.
"Meta doesn't say what it will use the data for, so it could either be a simple chatbot, extremely aggressive personalised advertising or even a killer drone. Meta also says that user data can be made available to any 'third party' – which means anyone in the world."
Years of data
Accepting the change would allow Meta to take all public and non-public user data that it has collected since 2007. "This includes the many 'dormant' Facebook accounts users hardly interact with anymore – but which still contain huge amounts of personal data," nyob stated.
It added that, instead of asking users for consent through the opt-in option, Meta has argued that it has a legitimate interest that "overrides the fundamental right to data protection and privacy of European users".
"The European Court of Justice has already made it clear that Meta has no 'legitimate interest' to override users' right to data protection when it comes to advertising," Schrems said. "Yet the company is trying to use the same arguments for the training of undefined 'AI technology'. It seems that Meta is once again blatantly ignoring the judgements of the CJEU."
Additionally, once users' data is in the system, users reportedly have no option of having the data removed (the so-called "right to be forgotten").
Nyob therefore filed complaints against Meta in Austria, Belgium, France, Germany, Greece, Italy, Ireland, the Netherlands, Norway, Poland and Spain, and is asking the data protection authorities (DPAs) in these countries to launch urgency procedures to stop this change to the Meta privacy policy before it comes into force on 26 June 2024.
"The European Data Protection Board has already issued two such urgency decisions against Meta and the Irish Data Protection Commissioner. It is sad to see that this measure seems to be necessary again and again," Schrems concluded. The Norwegian DPA this week already published a statement arguing that it is "doubtful" whether Meta's approach is legal.