Meta's Mouse-Tracking AI Tool Raises EU Privacy Concerns

Meta Platforms' plan to collect detailed records of U.S. employees' computer usage for training AI models is more extensive than initially described, according to internal documents seen by Reuters. The tool, known as Model Capability Initiative (MCI), captures mouse movements, clicks, and navigation through dropdown menus to build autonomous AI agents.

MCI is pulling data from over 200 apps and websites. While Meta claims it only impacts U.S. employees, internal documents reveal that it captures contents of emails or messages sent to U.S. personnel from non-U.S. senders, potentially implicating European privacy laws.

Employees have complained that MCI consumes excessive data, sometimes exhausting home internet quotas within days. Internal analysis suggests the tool can access code changes, computer sleep cycles, URLs visited, and clipboard content, storing some data unencrypted.

Meta spokesperson Dave Arnold said the tool was installed only on U.S. employees' devices and focuses on how they interact with computers, not screen content. However, Kleanthi Sardeli from privacy advocacy group NOYB warned that even incidental capture of EU employee data could violate GDPR rules.

The Irish Data Protection Commission, Meta's lead EU regulator, was told that EU employee data or screen recording is not the tool's primary purpose. But legal experts argue the data collection may not pass GDPR's "purpose limitation" test.

Employee backlash has been strong, with some labeling Meta an "Employee Data Extraction Factory." One employee's detailed analysis post later vanished from internal systems.