Hamburg Data Protection Authority Urges Users to Object to Meta's AI Data Use

Written By CAIDP Europe HQ

The Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI) has issued a warning to Facebook, Instagram, and Threads users regarding Meta's new privacy policy. The policy plans to use personal data from these platforms to develop and improve AI technologies. With billions of users affected worldwide, the Commissioner, Thomas Fuchs, emphasises the urgency for users to object to this data processing by 26 June 2024.

Meta's recent announcement outlined its intention to utilise posts, photos, and captions from Facebook and Instagram for AI training. Users who wish to prevent their data from being used in this manner must exercise their legal right to object. This can be done through the settings on their profile page under Privacy Policy or by following instructions in notifications from Meta. Once a large language model has been trained with personal data, reversing the process is not feasible.

"Users who are concerned about a large AI model being trained with personal data from their profiles should - also in view of many unresolved legal and factual questions - better object now"

Thomas Fuchs

Even individuals without accounts on Meta services might be impacted, as Meta also uses data from third-party providers for AI training. This data may have already been used, and Meta only offers the option of subsequently objecting to its use.

Meta's new privacy policy aims to leverage public posts, comments, and photos from its users to enhance its AI applications, including generative AI features and AI-supported creative tools. The company cites legitimate interests under Art. 6 (1) (f) GDPR as the legal basis for this data processing. However, European data protection authorities are assessing whether explicit consent from data subjects is required.

The Hamburg Data Protection Authority has contacted the lead European supervisory authority in Ireland (IDPC) to address the complaints and coordinate actions. The IDPC has the authority to enforce measures across the European Union, potentially suspending or prohibiting the planned data processing if it fails to comply with GDPR.

With millions of data subjects across member states, a uniform Europe-wide assessment is deemed necessary. The Hamburg Data Protection Authority is working closely with its European counterparts, particularly the IDPC, to ensure a cohesive approach.

CAIDP Europe HQ
Previous

Meta Pauses Launch of AI Models in Europe Amid Privacy Concerns
Next

Italian Competition Authority: a sanction of EUR 3.5 million to Meta for unfair commercial practices