Meta records employee keystrokes and mouse movements to train AI - no opt-out available
What it really says
Meta has launched an internal program called the 'Model Capability Initiative' (MCI) that captures keystrokes, mouse movements, and screen recordings from employee computers. The collected data is intended for training agentic AI models - AI systems that can autonomously execute complex tasks, navigate software, and handle multi-step processes. The tracking covers hundreds of websites and applications, including Google, LinkedIn, Wikipedia, GitHub, Slack, and Atlassian products, as well as Meta's own services like Threads. Employees cannot opt out of the program. Many employees expressed discomfort when asking about opt-out options. Meta emphasises that data is anonymised and stripped of personally identifiable information before being used for training. According to CNBC, the capture of activities in AI apps like ChatGPT and Claude was originally also on the list, raising questions about whether competitor models would be indirectly analysed.
Our assessment
This story warrants serious attention. Workplace keystroke monitoring is one of the most invasive forms of employee surveillance. The inability to opt out significantly amplifies concerns. The claim that data is anonymised should be treated with caution when it comes to keystroke logging: typing patterns are highly individual and can allow re-identification even after anonymisation. The broader concern extends beyond Meta: if one of the world's largest tech companies uses its own employees as a training data source, it could set a precedent for other companies. The question is whether employers will routinely capture digital workflows to improve AI models in the future. On the positive side, European employees are likely not affected due to GDPR and national labour protection laws - the programme is expected to be limited to US locations.
Relevance for Germany
Highly relevant for the German debate on AI and workplace surveillance. In Germany, employer keystroke logging is generally only permitted when there is concrete suspicion of serious criminal activity - and even then only under strict conditions. GDPR also requires a legal basis, purpose limitation, and data minimisation, which would hardly be met by blanket keystroke logging. European Meta employees are reportedly not affected, according to legal experts. Nevertheless, the news is important for Germany: it shows where AI training data practices could head without clear legal boundaries. Works councils (Betriebsrat), a powerful co-determination instrument in Germany, would typically not approve such a programme. The example underscores the value of European workers' rights and data protection standards.
Fact check
Core facts - the MCI programme, keystroke and mouse movement capture, the list of hundreds of websites and apps, the lack of an opt-out option - are consistently reported by TechCrunch (initial report 21.04.), CNBC (expanded report 22.04.), t3n, and Euronews. CNBC provides the most detailed listing of affected websites and apps. The assessment that European employees are protected by GDPR comes from multiple legal experts cited in the reports. Meta's statement about data anonymisation is documented but has been critically questioned by data protection experts. Caveat: The programme became known through internal documents - a full official confirmation of all details by Meta is not entirely available.
Source
- • t3n 22.04.2026 (t3n.de/news/ueberwachung-meta-maus-tastatur-mitarbeiter-aufgezeichnet-1739386/)
- • CNBC 22.04.2026 (cnbc.com/2026/04/22/meta-tracks-employee-usage-on-google-linkedin-ai-training-project.html)
- • TechCrunch 21.04.2026 (techcrunch.com/2026/04/21/meta-will-record-employees-keystrokes-and-use-it-to-train-its-ai-models/)
- • Euronews 23.04.2026 (euronews.com/next/2026/04/23/meta-to-track-staffs-keystrokes-and-clicks-to-train-its-ai-report)