Is noyb's Legal Battle Against Meta Over AI Data Usage Justified?
Giulio Coraggio
Solving Legal Challenges of the Future | Head of Intellectual Property & Technology | Partner @ DLA Piper | IT, AI, Privacy, Cyber & Gaming Lawyer
There has been a lot of noise in recent days about noyb's decision to urge 11 data protection authorities to stop Meta's use of users' data for AI training.
Over the past few days, Meta has informed its EU users that its privacy information notice will be updated. According to noyb, the most relevant change pertains to the usage of users' account data for the training of their artificial intelligence, which would happen on the basis of legitimate interest, rather than asking users to opt-in.
I believe that there are two main issues to be addressed:
Should Meta have been more transparent about its intentions?
As already challenged by the Italian antitrust authority in relation to its data monetization practices (Read HERE), regulators expect companies to reach a high level of transparency in their communications to customers when their personal data is used in an invasive manner.
Such information cannot be hidden in complex and consumer-unfriendly privacy information notices. Companies shall not find way to by-pass users' attention to make sure that legal clauses are overlooked; this practice is likely to lead to a boomerang effect not only by regulators, but also consumers that will no longer trust the brand.
Was opt-in a feasible option?
This is going to be one of the hottest topics of the next decade in data protection compliance. Seeking individuals' consent for the usage of their data for AI training would have been considerably burdensome for Meta and would have led to more limited results. At the same time, if the scope of data used for AI training is as vast as represented by noyb, it will be harder for Meta to prove that such interest overrides individuals' interests.
I don't believe that consent should be the sole viable option for the processing of personal data for AI training. I do believe that implementing appropriate solutions to adequately communicate the processing of personal data for AI training, along with easy-to-use opt-out mechanisms, can help businesses argue that a legitimate interest is in place.
Legal Design as the Solution to Ensure Transparency
To ensure transparency, companies should adopt legal design solutions to adequately communicate their data processing practices to their customers both in the privacy notices and in any communication to customers. At my team at DLA Piper per, we have created a dedicated legal design offering led by Deborah Paracchini and Enila Elezi , with clients in different industries who have already appreciated our services. It is not just a question of adding a few icons, but of changing the way communications to clients occur.
Contact us to learn more and read below the other articles of the week from my team at DLA Piper.
Artificial Intelligence
Italian Privacy Authority issues guidelines to prevent AI web scraping
The Italian Privacy Authority, the Garante, recently released an information note with detailed guidelines on how to defend personal data published online by public and private entities from web scraping as part of training AI systems. Read more
领英推荐
Data Protection and Cybersecurity
Italian Privacy Authority issues latest telemarketing fines for phone calls without consent and activating unsolicited contracts
As per its recent decisions, the Italian Data Protection Authority has imposed two fines of EUR100,000 each, on a company operating in the field of electricity and gas supply for unlawful processing of personal data and a call centre for carrying out telemarketing campaigns in violation of the applicable regulations on the processing of personal data. Read more
Patents, genetic resources and traditional knowledge: New WIPO Treaty adopted
On 24 May 2024, the member states of the World Intellectual Property Organization (WIPO) approved the new Treaty on intellectual property, genetic resources and associated traditional knowledge. Read more
Life Sciences
EU Council approves the regulation on substances of human origin
On 27 May 2024, the Council of the European Union approved the Regulation on standards of quality and safety for substances of human origin intended for human application (SoHO Regulation). The SoHO Regulation, repealing Directives 2002/98/EC and 2004/23/EC, outlines a new regulatory framework aimed at ensuring greater safety, quality, and ethical use of such substances in the EU. Read more
Summary of the AI Act in a Legal Design Style
Here is a summary of the main terms of the EU AI Act drafted in a legal design style to immediately spot and easily remember the most relevant provisions of the first legislation on artificial intelligence. Read more
Prisca AI Compliance
Prisca AI Compliance is turn-key solution to assess the maturity of artificial intelligence systems against the AI Act, privacy regulations, intellectual property rules and much more providing a score of compliance and identifying corrective actions to be undertaken. Read more
Transfer - DLA Piper legal tech solution to support Transfer Impact Assessments
This presentation shows DLA Piper legal tech tool named "Transfer" to support our clients to perform a transfer impact assessment after the Schrems II case. Read more