• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Google fined $314M for misusing idle Android users' data

 | 

A flaw in Catwatchful spyware exposed logins of +62,000 users

 | 

China-linked group Houken hit French organizations using zero-days

 | 

Cybercriminals Target Brazil: 248,725 Exposed in CIEE One Data Breach

 | 

Europol shuts down Archetyp Market, longest-running dark web drug marketplace

 | 

Kelly Benefits data breach has impacted 550,000 people, and the situation continues to worsen as the investigation progresses

 | 

Cisco removed the backdoor account from its Unified Communications Manager

 | 

U.S. Sanctions Russia's Aeza Group for aiding crooks with bulletproof hosting

 | 

Qantas confirms customer data breach amid Scattered Spider attacks

 | 

CVE-2025-6554 is the fourth Chrome zero-day patched by Google in 2025

 | 

U.S. CISA adds TeleMessage TM SGNL flaws to its Known Exploited Vulnerabilities catalog

 | 

A sophisticated cyberattack hit the International Criminal Court

 | 

Esse Health data breach impacted 263,000 individuals

 | 

Europol dismantles €460M crypto scam targeting 5,000 victims worldwide

 | 

CISA and U.S. Agencies warn of ongoing Iranian cyber threats to critical infrastructure

 | 

U.S. CISA adds Citrix NetScaler flaw to its Known Exploited Vulnerabilities catalog

 | 

Canada bans Hikvision over national security concerns

 | 

Denmark moves to protect personal identity from deepfakes with new copyright law

 | 

Ahold Delhaize data breach affected over 2.2 Million individuals

 | 

Facebook wants access to your camera roll for AI photo edits

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Security
  • Meta plans to train AI on EU user data from May 27 without consent

Meta plans to train AI on EU user data from May 27 without consent

Pierluigi Paganini May 16, 2025

Meta plans to train AI on EU user data from May 27 without consent; privacy group noyb threatens lawsuit over lack of explicit opt-in.

Meta plans to use EU user data for AI training starting May 27 without explicit consent. Austrian privacy group noyb threatens a class action lawsuit if the social network giant does not desist.

In April, Meta announced it will start training its AI models using public data from adults in the EU, after pausing the plan last year over data protection concerns raised by Irish regulators.

In June 2024, the social media giant announced it was delaying the training of its large language models (LLMs) using public content shared by adults on Facebook and Instagram following the Irish Data Protection Commission (DPC) request.

Meta was disappointed by the DPC request, the company pointed out that this is a step “backwards for European innovation, competition in AI development and further delays bringing the benefits of AI to people in Europe.”

The company explained that its AI, including Llama LLM, is already available in other parts of the world. Meta explained that to provide a better service to its European communities, it needs to train the models on relevant information that reflects the diverse languages, geography and cultural references of the people in Europe. For this reason, the company initially planned to train its large language models using the content that its European users in the EU have publicly stated on its products and services.

Meta now confirmed it is going to resume training its AI models with public data from EU individuals.

“In the EU, we will soon begin training our AI models on the interactions that people have with AI at Meta, as well as public content shared by adults on Meta Products.” reads a post published by the company. “This training will better support millions of people and businesses in Europe, by teaching our generative AI models to better understand and reflect their cultures, languages and history.”

The company pointed out that users based in the EU can choose to object to their public data being used for training purposes. Starting this week, EU users will get notices about their data being used to improve AI, with an option to easily object at any time.

Meta remarked that they do not use people’s private messages with friends and family to train their generative AI models. It also added that public data from the accounts of people in the EU under the age of 18 is not being used for training purposes.

This week Noyb sent a cease-and-desist letter to Meta as a formal settlement proposal, while other consumer groups are also taking action against the company.

“Meta has announced it will use EU personal data from Instagram and Facebook users to train its new AI systems from 27 May onwards. Instead of asking consumers for opt-in consent, Meta relies on an alleged ‘legitimate interest’ to just suck up all user data. The new EU Collective Redress Directive allows Qualified Entities such as noyb to issue EU-wide injunctions. As a first step, noyb has now sent a formal settlement proposal in the form of a so-called Cease and Desist letter to Meta. Other consumer groups also take action.” reads the post published by noyb. “If injunctions are filed and won, Meta may also be liable for damages to consumers, which could be brought in a separate EU class action. Damages could reach billions. In summary, Meta may face massive legal risks – just because it relies on an “opt-out” instead of an “opt-in” system for AI training.”

The Austrian privacy group states that Meta’s AI training practices likely breach GDPR. Instead of requiring opt-in consent, Meta claims a ‘legitimate interest’ to use EU user data, limiting users to an opt-out option. This undermines key GDPR rights like data access, correction, and deletion. Once Meta’s AI models are released as open-source, they can’t be recalled or updated, further complicating compliance with GDPR obligations.

“The European Court of Justice has already held that Meta cannot claim a ‘legitimate interest’ in targeting users with advertising. How should it have a ‘legitimate interest’ to suck up all data for AI training? While the ‘legitimate interest’ assessment is always a multi-factor test, all factors seem to point in the wrong direction for Meta. Meta simply says that it’s interest in making money is more important than the rights of its users.” said Max Schrems. “This fight is essentially about whether to ask people for consent or simply take their data without it. Meta starts a huge fight just to have an opt-out system instead of an opt-in system. Instead, they rely on an alleged ‘legitimate interest’ to just take the data and run with it. This is neither legal nor necessary. Meta’s absurd claims that stealing everyone’s person data is necessary for AI training is laughable. Other AI providers do not use social network data – and generate even better models than Meta.”

The GDPR solution for Meta is straightforward: ask users for opt-in consent to use their personal data for AI training. Despite Meta’s claims, even if just 10% of users consented, that would be enough to train effective AI models, especially for EU languages. Most competitors like OpenAI or Mistral succeed without access to social media data, proving Meta doesn’t need to use the personal data of everyone who’s used Facebook or Instagram over the past 20 years.

Meta dismissed NOYB’s claims, stating its AI data practices align with European Data Protection Board guidance and Irish privacy regulator discussions.

“NOYB’s arguments are wrong on the facts and the law,” a Meta spokesperson told Reuters. “We’ve provided EU users with a clear way to object to their data being used for training AI at Meta, notifying them via email and in-app notifications that they can object at any time.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)


facebook linkedin twitter

AI Artificial Intelligence Hacking hacking news information security news IT Information Security Meta Pierluigi Paganini privacy Security Affairs Security News

you might also like

Pierluigi Paganini July 04, 2025
Google fined $314M for misusing idle Android users' data
Read more
Pierluigi Paganini July 04, 2025
A flaw in Catwatchful spyware exposed logins of +62,000 users
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Google fined $314M for misusing idle Android users' data

    Laws and regulations / July 04, 2025

    A flaw in Catwatchful spyware exposed logins of +62,000 users

    Malware / July 04, 2025

    China-linked group Houken hit French organizations using zero-days

    APT / July 03, 2025

    Cybercriminals Target Brazil: 248,725 Exposed in CIEE One Data Breach

    Data Breach / July 03, 2025

    Europol shuts down Archetyp Market, longest-running dark web drug marketplace

    Cyber Crime / July 03, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT