Meta has confirmed that it will halt plans to start training AI systems using data from its users in the European Union and the United Kingdom
The move follows a push from the Irish Data Protection Commission (DPC), Meta’s main regulator in the EU, which acts on behalf of several data protection authorities across the bloc. UK Information Commissioner’s Office (ICO) was also requested that Meta halted its plans until it could address the concerns it had raised.
“The DPC welcomes Meta’s decision to halt its plans to train its large language model using public content shared by adults on Facebook and Instagram across the EU/EEA,” the DPC said in a statement. statement Friday. “This decision followed intensive engagement between DPC and Meta. The DPC, in cooperation with its fellow EU data protection authorities, will continue to work with Meta on this matter.”
While Meta already uses user-generated content to train its AI in markets like the US, Europe’s strict GDPR regulations have created obstacles for Meta — and other companies — looking to improve their AI systems. including large language models with user-generated training materials.
However, Meta has started alerting users to one upcoming change to its privacy policy last month, one it said would give it the right to use public content on Facebook and Instagram to train its AI, including content from comments, interactions with companies, status updates, photos and related their captions. The company argued that he should do this to reflect “the different languages, geography and cultural references of people in Europe”.
These changes were set to take effect on June 26, 2024 — 12 days from now. But the plans pushed non-profit organization of privacy activists NOYB (“none of your business”) to file 11 complaints in EU countries, arguing that Meta is violating various aspects of the GDPR. One of these relates to the issue of opting in versus opting out, opposite where processing of personal data takes place, users should first be asked for their permission rather than requiring an opt-out action.
Meta, for its part, relied on a provision of the GDRP called “legitimate interests” to claim that its actions were in line with the regulations. It is not the first time Meta has used this legal basis in defence, having previously done so to justify processing European users for targeted advertising.
It always seemed likely that regulators would at least put Meta’s planned changes on hold, particularly given how difficult the company had made it for users to “opt out” of its data usage. The company said it sent more than 2 billion notifications informing users of the upcoming changes, but unlike other important public messages stuck at the top of users’ feeds, such as exhortations to get out and vote, these notifications appeared alongside to users ‘ standard notifications — friends’ birthdays, photo tag notifications, group announcements, and more. So if one doesn’t check their notifications regularly, it was very easy to miss this.
And those who saw the notice wouldn’t automatically know there was a way to object or opt-out, as it simply invited users to click to learn how Meta would use their information. There was nothing to suggest there was a choice here.
Furthermore, users were technically unable to “opt out” of the use of their data. Instead, they had to fill out an objection form setting out their reasons for not wanting their data to be processed — it was entirely at Meta’s discretion whether this request was granted, although the company said that will honor any request.
Even though the complaint form was linked from the notification itself, anyone who proactively looked for the complaint form in their account settings was out of a job.
On Facebook’s website, they had to click on theirs first The profile picture up and right? Rap settings and privacy; puncture Privacy Center; scroll down and click on Generative AI in Meta Unity; scroll down again, past a bunch of links to a titled section more resources. The first link under this section is called “How Meta uses insights for Generative AI models,” and they had to read about 1,100 words before reaching a distinct link to the company’s “right to object” form. It was a similar story on Facebook’s mobile app as well.
Earlier this week, when asked why this process required the user to file an appeal rather than opt-in, Meta’s policy communicator Matt Pollard pointed TechCrunch to it existing blog postwhich says: “We believe this legal basis [“legitimate interests”] is the most appropriate balance for processing public data at the scale needed to train artificial intelligence models, while respecting people’s rights.”
To translate that, making this opt-in probably wouldn’t create enough “scale” in terms of people willing to volunteer their data. So the best way to deal with this was to issue a lone notification among other user notifications. hiding the appeal form behind half a dozen clicks for those independently searching for the ‘exemption’. and then make them justify their objection, rather than giving them an outright exception.
In one updated blog post Today, Meta’s global director of privacy engagement Stefano Fratta said he was “disappointed” by the request he received from the DPC.
“This is a step backwards for European innovation, competition in AI development and further delays in bringing the benefits of AI to people in Europe,” Fratta wrote. “We are very confident that our approach complies with European laws and regulations. AI training is not unique to our services and we are more transparent than many of our peers in the industry.”
AI arms race
None of this new of course, and Meta is in an AI arms race that has thrown a huge spotlight on the vast arsenal of data that Big Tech has in store for us all.
Earlier this year, Reddit revealed that it has entered into a contract to make $200 million over the next few years for licensing its data to companies such as OpenAI developer ChatGPT and Google. And the last of these companies is already facing massive fines for relying on copyrighted news content to train its generative AI models.
However, these efforts also highlight the lengths to which companies will go to ensure they can leverage this data within the constraints of existing law – “opt-in” is rarely on the agenda and the opt-out process is often unnecessarily arduous. Just last month, someone spotted some dubious wording in an existing Slack privacy policy that suggested it could leverage user data to train its AI systems, with users only able to opt out by emailing the company.
And last year, Google finally gave online publishers a way to opt their sites out of training its models by allowing them to insert a piece of code into their sites. OpenAI, for its part, is building a proprietary tool to allow content creators to opt out of training the smart AI they create — this will be ready by 2025.
While Meta’s efforts to train its AI on public user content in Europe are currently frozen, it will likely come back in another form after consultation with the DPC and ICO — hopefully with a different user license process.
“In order to make the most of productive artificial intelligence and the opportunities it brings, it is important that the public can trust that their privacy rights will be respected from the start,” said Stephen Almond, ICO’s executive director of regulatory risk. one statement today. “We will continue to monitor the major developers of genetic artificial intelligence, including Meta, to review the safeguards they have put in place and ensure that the information rights of UK users are protected.”
