Read our journalism Meta Instagram Facebook messenger WhatsApp

Brazilian regulator orders Meta to stop using user data to feed AI, says practice puts people at risk

Personal data protection agency ANPD issued a ruling suspending Meta's new privacy policy in Brazil, where it has 102 million active users, for allegedly putting users, including children, at risk
Sofia Schurig Sérgio Spagnuolo
Sofia Schurig e Sérgio Spagnuolo
3 min leitura
Brazilian regulator orders Meta to stop using user data to feed AI, says practice puts people at risk
Illustration by Rodolfo Almeida/Nucleo
Receba nossas newsletters de graça
Show de bola! Verifique sua caixa de entrada e clique no link para confirmar sua inscrição.
Erro! Por favor, insira um endereço de email válido!

Meta has put Brazilian users at risk, including children, by allowing their personal data to be used in the training of its large language models, according to an unprecedented decision by the National Data Protection Authority (ANPD).

STOP ORDER. The agency, which regulates the use of personal data by companies and other organizations, ordered the “immediate suspension” of Meta’s new privacy policy in Brazil on Tuesday (July 2, 2024). This new policy, which came into effect at the end of June, included the use of data such as photos, videos, and posts to train AI tools.

“Such treatment may impact a substantial number of people, as, in Brazil, Facebook has about 102 million active users,” said the ANPD.

Meta informed Núcleo by email that it is “disappointed” with the ANPD's determination, repeating the mantra they used in Europe, where similar decisions were also made:

“We are disappointed with the ANPD's decision. AI training is not unique to our services, and we are more transparent than many participants in this industry who have used public content to train their models and products. Our approach complies with privacy laws and regulations in Brazil, and we will continue to work with the ANPD to address their concerns. This is a setback for innovation and competitiveness in AI development, and delays the arrival of AI benefits to people in Brazil.”

RISK OF SERIOUS HARM. The ANPD issued a harsh statement on the case, saying there are "serious" risks to users.

"ANPD became aware of the case and initiated an inspection process — that is, without third-party provocation — due to indications of violations of the General Data Protection Law (LGPD),” says the agency's statement.

“After preliminary analysis, given the risks of serious and difficult-to-repair damage to users, the Authority provisionally determined the suspension of the privacy policy and data processing operation.”

The list of potential violations presented by the ANPD is severe:

  • use of an inadequate legal basis for the processing of personal data;
  • lack of clear, precise, and easily accessible information disclosure about the privacy policy change and the processing performed;
  • excessive limitations on the exercise of data subjects' rights;
  • processing of personal data of children and adolescents without proper safeguards.
ℹ️
Brazil's General Data Protection Law (LGPD) defines that the processing of children's and adolescents' data must always be carried out with safeguards and risk mitigation measures, which, according to the ANPD, were not identified in the preliminary analysis of Meta's case. Recently, a report by Human Rights Watch identified 170 images of Brazilian minors in LAION-5B, a dataset that feeds databases such as the one used by the Stable Diffusion image generator.

Read the ANPD's decision here

The measures apply to Meta's main products, such as Facebook, Instagram, and the Messenger messaging system. Meta also owns WhatsApp, but its messages are protected by encryption.

WILL COST REAIS. In the preventive measure, the ANPD also establishes a daily fine of R$50,000 (around USD8,800) for non-compliance with the decision.

What is unclear is what will happen if personal and sensitive data has already been collected or processed by Meta. The deadline set by the company for users to express their non-consent for this new policy was last Wednesday (June 26).

TRANSPARENCY ISSUES. One of the main problems, according to the ANPD, was that Meta did not adequately inform Brazilian users of this change in the guidelines.

This lack of communication and transparency was one of the points addressed in the notification sent by the Consumer Defense Institute (Idec) to ANPD, as well as the National Consumer Secretariat (Senacon) and the Administrative Council for Economic Defense (Cade).

RATIONALE. Marina Siqueira, a lawyer for Idec's Telecommunications and Digital Rights Program, explained to Núcleo that the notification is based on three arguments:

  1. Meta did not communicate the policy change efficiently and correctly to Brazilian users;
  2. The lack of transparency about how, where, and why this data will be used violates current Brazilian legislation;
  3. The form for people to oppose data collection had a predatory design, requiring eight steps to be completed and not offering a platform tutorial.
“They say it is for training generative AI, but which generative AI? What is the purpose of this? What would be the benefits for consumers? What would be the safeguards for consumers? How to ensure the security of this data?”
Marina Siqueira, IDEC
Report by Sofia Schurig
Edited by Sérgio Spagnuolo

Translated with the help of ChatGPT, and revised by human editors

Quer benefícios? Torne-se assinante por só R$10/mês e receba vantagens exclusivas. Clique aqui para assinar.

selo do legislatech

Outras coisas no site

Receba nossas newsletters e traga felicidade para sua vida.

Não perca nada: você vai receber as newsletters Garimpo (memes e atualidades), Polígono (curadoria de ciência nas redes sociais) e Prensadão (resumo semanal de tudo o que o Núcleo fez). É fácil de receber e fácil de gerenciar!
Show de bola! Verifique sua caixa de entrada e clique no link para confirmar sua inscrição.
Erro! Por favor, insira um endereço de email válido!