The irony reached a new peak in Silicon Valley this week. Meta, the company that built itself on collecting and analyzing data from billions of users around the world, was forced to freeze an ambitious internal project after failing at the most basic task: protecting the privacy of its own employees.
Under heavy pressure and after an embarrassing security breach, the company temporarily halted its intrusive digital monitoring program, which had become a major data-protection nightmare for Meta workers.
The training project that became a security failure
The affair, exposed by leading media outlets in the United States and Europe, centers on an internal system launched in April and previously reported here. The system was designed to track every movement, mouse click and keyboard stroke, as well as random screenshots, from Meta employees and contractors in the United States.
Unlike standard “bossware” tools used by companies to measure productivity, Meta’s goal was different: to use the human behavior of its engineers as high-quality raw data for training AI models. Meta CEO Mark Zuckerberg defended the move in internal conversations, arguing that models learn best when they “watch very smart people work.”
But the training effort quickly became a serious SEV 2 security incident, the company’s second-highest severity level. A major permissions failure in Meta’s database systems, which include about 45,000 data tables, allowed employees free and unsupervised access to the keystroke and click data of their colleagues.
The exposed information included transcripts, private conversations, employee evaluation data and even sensitive medical and financial information entered by workers on their personal computers. Meta moved quickly to reassure employees, saying there was no indication that the information had been exposed outside the company or misused internally. But internal anger reached a boiling point.
The breach gave employees a pointed opportunity to say they had warned the company. Even before the system was shut down, more than 1,600 employees had signed an internal petition warning of security and privacy risks, as well as the burden the tool placed on computer resources.
The exposed information included transcripts, private conversations, employee evaluation data and even sensitive medical and financial information
(Photo: Dan Kitwood/Getty Images)
That early pressure forced management to offer some compromises, including the option to pause monitoring for 30-minute windows. But those steps did not prevent the mass internal exposure of data across the corporate network.
A deepening trust crisis between Meta and its employees
Over the past decade, many companies have begun using systems that track mouse movements and keystrokes to ensure that remote employees are working, a trend that expanded significantly during the COVID-19 pandemic. But Meta took the technology one step further: not to supervise employees, but to extract their human expertise in order to develop tools that could one day replace them, especially against the backdrop of the company’s broad waves of layoffs.
Meta’s attempt to sidestep copyright problems and legal claims tied to scraping data from the open internet by using its own employees ran into a hard regulatory wall. Legal experts in Europe warn that such a program appears to clash sharply with the European Union’s privacy regulations, known as GDPR.
European regulators define employee consent inside an organization as not entirely “freely given” because of the inherent power imbalance between employer and worker, especially when the data being collected includes highly sensitive biometric and behavioral information.
Now, with the system offline and no target date for its return, Meta faces a deep internal crisis of trust. The basic technical failure that exposed some of its employees’ most sensitive materials across the organization shows that even the world’s most advanced technology giants struggle to manage the massive data stores they create.
The incident could serve as a warning sign for other companies in the industry seeking to turn their own workforce into a testing ground for artificial intelligence.