Meta pauses worker tracking after AI training data leak

Meta has paused an internal programme that logged employees’ mouse movements, clicks and keystrokes for AI training after finding that some of the data may have been visible inside the company more broadly than planned. The Model Compatibility Initiative had run for about two months, and Meta spokesperson Tracy Clayton told Reuters that “we’re pausing it while we investigate”.

For Meta, the immediate problem is governance. The company gathered a sensitive workplace dataset and then found its controls were too loose. Meta is expected to spend about $US145 billion (about $222 billion) on AI this year, but this episode turns on a narrower issue: whether staff activity data can be collected for model training without exposing details of how people work at their desks. That is a workplace privacy question before it is an AI performance question. It also makes consent and access controls part of the product design, not paperwork after the model is trained.

BBC News reported that the programme collected behavioural data from employees’ day-to-day computer use, including clicks and keystrokes, to help train internal models. Workers were initially given a 30-minute opt-out window, BBC said. About 2,000 employees later signed a petition arguing that the project had crossed from research into surveillance.

The dataset came from Meta’s own workplace systems, rather than from a public web crawl or customer product. That makes access controls, retention and purpose central.

Once work patterns are pulled into a training pipeline, the privacy risk sits inside the organisation before any model is deployed. A log of pauses, clicks and tool changes can reveal habits that are much more personal than a normal product-usage metric.

WIRED earlier reported that Meta moved to lock down the exposed data within about four hours of detecting the problem on 18 June. The programme’s standing with staff had already been damaged. Meta vice president Stephane Kasriel later said the tool would remain off until the company could show its safeguards were working.

“We will only re-enable MCI when we are confident in the effectiveness of our data protection controls.”
Stephane Kasriel, Meta, via WIRED

For employers trialling AI assistants or internal model training, behavioural telemetry is a high-risk input. It can show when staff pause, which tools they open and how they move through internal systems. Stored for model tuning, it starts to look less like routine usage data and more like a sensitive workplace record that needs strict handling rules.

The worker backlash also shows how quickly internal AI projects can become labour and privacy disputes. As BBC’s report and WIRED’s earlier reporting showed, objections centred on the security lapse and on the way the programme gathered behavioural data in the first place. For enterprise teams watching the episode, weak controls and rushed consent can sink an AI project before the technical case is finished.

Meta has not outlined a restart date. Before the company can resume the programme, it has to show the data will stay restricted to the people meant to handle it.