Meta's 'legitimate interest' use of personal data for AI challenged by privacy group Noyb

The privacy group noyb has filed complaints against Meta in 11 European countries.

Noyb says Meta wants to use personal data like posts, images, and information from online tracking for an unclear "AI technology" and share it with third parties. Instead of asking users for permission, the company says it has a "legitimate interest" that is more important than the rights of the people affected.

Noyb says this is a clear violation of GDPR rules. The planned use of the data is too broad, and the purpose is not clear.

"Meta is basically saying that it can use 'any data from any source for any purpose and make it available to anyone in the world', as long as it’s done via 'AI technology'," says noyb founder Max Schrems.

In theory, Meta could do anything with it, from chatbots and personalized ads to killer drones, according to Schrems. He says the European Court of Justice has already pointed out that Meta has no legitimate interest in ignoring privacy rights. Now the company is trying to use the same arguments to collect even more data.

It's hard for users to object, Noyb says. Meta has a form, but it makes the process too complicated. Overall, the group sees violations of at least 10 GDPR rules.

Data protection authorities must now decide whether to take urgent action. Noyb says Meta's actions are based on an agreement with the Irish Data Protection Commission, which regulates the company. The agency previously let Meta off the hook for GDPR violations, resulting in a fine of 395 million euros.

Noyb has already triggered over $1.5 billion in fines due to complaints against Meta. More lawsuits from groups and users are likely as the company moves forward with its AI plans.