Meta's Data Privacy Dilemma: Unethical Ad-free Subscription Practices and Celebrity AI Chatbots

Meta, the champion of user privacy and data protection, or so they'd like you to believe, is currently facing a growing battle with EU data protection regulators concerning its practices in the region yet again. According to the EU's top court, Meta, the parent company of several widely-used social media platforms, including Facebook, Instagram, Threads, and WhatsApp, has been running ads that violate data protection laws by tracking and profiling users without a valid legal basis. 

The European General Data Protection Regulation (GDPR) mandates that consent for data processing must be informed, specific, and freely given. However, Meta's approach to offering users a choice between paying a fee for privacy protection and accepting personalized ads, which involves tracking and profiling, has raised questions about the "freely given consent" principle. Key concerns related to this situation include:

1. Lack of Freely Given Consent & Manipulation: Meta's proposal to offer an ad-free subscription option in exchange for tracking and profiling users' online activity has raised questions about whether such consent would be "freely given" as required by the General Data Protection Regulation (GDPR). Users may feel pressured to choose between paying for privacy and allowing their data to be tracked.
2. Inequality and Access to Data Protection: Introducing a paid subscription model for privacy protection could create a digital divide. Users who cannot afford the subscription fees may have to relinquish their data privacy, which could lead to unequal access to data protection. 
3. Power Imbalance: According to the European Court of Justice (ECJ), Meta holds a dominant position in the digital landscape and, as a result, may affect users' freedom of choice and create an imbalance between them and the data controller. Users may find it difficult to opt out due to the network effects and their extensive digital investments. This power imbalance can affect users' freedom to choose and may impact the validity of their consent.
4. Data Protection for Profit: Meta's actions to introduce a subscription fee for data protection could be seen as a way to continue profiting from data tracking while appearing to offer an alternative. 

The GDPR asserts every individual's entitlement to personal data protection. Therefore, presenting users with a dilemma between paying for privacy or relinquishing it to Meta seems to contradict the GDPR's foundational tenet of ensuring equal access to data privacy within its framework.

The Digital Markets Act (DMA) was created by The European Commission to provide a more efficient and timely solution to address issues related to Big Tech platforms. Therefore, should Meta succeed in exploiting an existing EU regulation to sustain its business model that is damaging to user privacy, it may indicate a failure in the EU's regulatory structure. 

Related blog: Super Apps: Is the Future of Social Media a Danger to Data Privacy?

Lack of End-to-End Encryption

One of the most significant concerns is that messages with these AI personas on Instagram are not end-to-end encrypted. End-to-end encryption is essential for protecting the privacy of users' conversations, as it ensures that only the intended recipients can read the messages. Without this level of encryption, there is a risk that the messages could be intercepted or accessed by unauthorized parties.

Data Collection and Use 

Meta's use of AI chatbots collects significant data from users. This data includes the messages users send to the chatbots, which are used to train and improve the AI models. While Meta claims that personal messages are not sent to the company, the data privacy policy is vague and leaves room for concerns about how this data is handled, stored, and potentially used.

Lack of Transparency 

The information provided by Meta regarding how data is collected, used, and stored is not always clear or detailed. The vague generative AI privacy policy may leave users uncertain about the extent to which their data is safeguarded.

The data privacy concerns surrounding Meta's celebrity AI chatbots stem from the lack of end-to-end encryption, potential data collection, and use, and a history of privacy issues that have eroded trust in the company's commitment to user privacy. Users should be cautious and consider these concerns before engaging with these AI personas on Instagram, Messenger, or WhatsApp.

Related blog: OpenAI's GDPR investigations and the growing importance of Data Privacy in the AI era.

With these data privacy concerns in mind, organizations can take proactive steps, such as policies, guidance, or training on the appropriate use of consumer AI tools, to mitigate risks when using AI systems and chatbots in the workplace. Different organizations may have varying approaches to this, from completely banning AI tool usage to some organizations choosing to educate employees on the risks and identifying suitable applications. Some of the best practices include: 

Related topic: heyData employee compliance training 

The ongoing battle between Meta and EU data protection regulators highlights the complexities and challenges surrounding data privacy in the digital age. Although Meta is constantly trying to position itself as a data privacy-friendly tech giant, recent controversies surrounding the violation of data protection laws continue to cast a shadow on its claims.