Meta’s latest internal initiative to track employee computer usage for artificial intelligence training has quickly become a potential legal flashpoint in Europe. The tool known as the Model Capability Initiative or MCI was initially presented as a limited program focused on United States based staff. But internal documentation seen by Reuters reveals that the data collection is far more extensive than first described and could unintentionally sweep up information from employees and contacts across the European Union. This development places Meta on a direct collision course with Europe’s strict privacy framework known as the General Data Protection Regulation or GDPR.
The MCI tool is built to capture how people interact with everyday software including mouse movements, clicks, navigation through dropdown menus, and usage patterns across more than two hundred apps and websites according to an internal list Meta shared with employees. Meta plans to use this behavioral data to train AI agents that can perform routine digital tasks autonomously. That ambition is a central part of Chief Executive Officer Mark Zuckerberg’s broader vision to reshape how the company operates around AI assistants. But the road to that vision is now paved with significant privacy concerns.
Meta spokesperson Dave Arnold confirmed that the tool is installed only on devices belonging to United States based employees. He emphasized that the focus is on how people interact with computers rather than the specific content on their screens. In a statement, Arnold said, “In the interest of transparency, we notified non-U.S. employees that it was deployed on the computers of U.S. colleagues they may email or chat with in the normal course of business.” He also confirmed the approximate number of apps and websites the tool is tracking but declined to answer detailed questions about how much data it is ingesting and its legality. Arnold added, “We carefully considered and mitigated potential privacy risks in both the development and deployment of this tool, and we are committed to complying with applicable laws and regulations.”
Yet the reality inside Meta appears messier. In the weeks since the tool launched, employees have complained internally that MCI was consuming so much data that it caused their home internet usage to spike dramatically. In some cases, the tool used up an entire month’s internet quota within just a few days according to internal posts viewed by Reuters. Those posts paint a picture of a system that is both hungry for data and not entirely under control from a bandwidth perspective. But the bigger problem for Meta lies across the Atlantic.
In an internal question and answer document provided to employees, Meta acknowledged that the tool would capture the contents of any emails or direct messages sent to United States personnel regardless of the sender’s location. That means if a Meta employee in Dublin or Berlin sends a work message to a colleague in California, the content of that message could be ingested by MCI. Privacy advocates warn that even this kind of incidental or limited tracking of European data could violate GDPR. Under that regulation, personal data including the content of communications cannot be transferred or processed outside the EU without clear legal grounds and strong safeguards. Rights groups told Reuters that this situation could draw Meta into a fresh European privacy fight just as the company was recovering from previous high profile fines and enforcement actions.
