In 2023, Meta AI proposed to train a large-scale language model (LLM) with European user data. The proposal aims to improve the LLM’s ability to understand the dialects, geography, and cultural references of European users.
Meta had been looking to expand into Europe to train its artificial intelligence (AI) technology systems to optimize their accuracy using user data, but the Irish Data Protection Commission (DPC) raised major privacy concerns, forcing Meta to halt its expansion.
In this blog, we discuss DPC’s privacy and data security concerns and how Meta responded.
Privacy concerns raised by DCP
The DPC is Meta’s primary regulator in the European Union (EU). Following the complaint, the DPC is investigating Meta’s data practices. The DPC has asked Meta to suspend its plans until the investigation is complete, but additional changes or clarifications may be required from Meta during the investigation.
One such complainant, privacy activist group None of Your Business (NOYB), filed 11 complaints. In these complaints, they alleged that Meta violated several aspects of the General Data Protection Regulation (GDPR). One reason given was that Meta did not explicitly ask for users’ permission to access their data, but only provided an option to opt out.
In a previous case, Meta’s attempt to target advertising to Europeans was stopped when the Court of Justice of the European Union (CJEU) ruled that Meta could not use “legitimate interests” as a justification. This ruling had a negative impact on Meta, as the company had primarily relied on GDPR provisions to defend its practices.
The DPC raised a list of concerns, including:
- Absence of explicit consent: As mentioned earlier, Meta’s intention was not entirely consensual. The practice of sending consent in a notification and potentially letting it slip away made it difficult for users to opt out.
- Unnecessary data collection: GDPR states that only necessary data should be collected. However, the DPC argued that Meta’s data collection was overly broad and unspecific.
- Transparency issues: Users were left with a lack of trust as they were not sure exactly how their data would be used, which was against the GDPR’s principles of transparency and accountability.
These stringent regulations presented a significant obstacle for Meta, and the company responded by refusing to accept the DPC’s investigation and sticking to its compliance stance.
Meta’s response
Meta was disappointed by the outage and responded to the DPC’s concerns, arguing that their actions were compliant, citing the GDPR’s “legitimate interest” clause to justify their data processing practices.
Meta also claimed that it provides users with timely information through various communication channels and aims to improve user experience without compromising privacy in its AI practices.
In response to user concerns about opting in, Meta argued that this approach would limit data volume and make the project inefficient. So notifications were strategically placed to conserve data volume.
However, critics have stressed that relying on “legitimate interests” is not enough to ensure GDPR compliance and is opaque when it comes to explicit user consent. They also see a lack of transparency, with many users left unaware of how their data is being used.
A statement from Meta’s Global Head of Engagement emphasized the company’s commitment to user privacy and compliance. He emphasized in the statement that Meta will address the DPC’s concerns and work to improve its data security measures. Meta is also committed to user awareness, user privacy, and developing responsible and explainable AI systems.
The consequences of Meta’s AI pause
As a result of the suspension, Meta had to re-strategize and reallocate its financial and human capital accordingly, which had a negative impact on operations and led to increased restructuring.
Moreover, it has led to uncertainty about the regulations governing data practices. The DPC’s decision also paves the way for an era in which the tech industry will experience much, if not more, stringent regulation.
The metaverse, which is considered the “successor to the mobile internet,” will also experience a slowdown. Since collecting user data from various cultures is one of the essential elements in developing the metaverse, this disruption will hinder the development of the metaverse.
This outage has had a serious impact on Meta’s public perception. Meta is considering the possibility of losing its competitive edge, especially in the LLM field. The outage will also make stakeholders question the company’s ability to manage user data and comply with privacy regulations.
A broader meaning
The DPC’s decision will have implications for laws and regulations on data privacy and security. In addition, it will prompt other companies in the tech sector to take precautions to improve their data protection policies. Tech giants like Meta will need to balance innovation and privacy so that the latter is not compromised.
This pause also presents an opportunity for ambitious tech companies to capitalize on Meta’s setbacks. By taking the lead and avoiding Meta’s mistakes, these companies can accelerate their growth.
Visit Unite.ai to stay up to date with AI news and developments from around the world.
