Meta’s AI Plans Violate GDPR and Our Fundamental Rights
Imagine you are out in public, and a stranger approaches you. He’s developing a new technology, and for it to work, he needs to ingest all data about you that you or anyone else has ever put online. Once you give him permission to do so, you won’t ever be able to change your mind and get it back. And once he develops his new technology, he alone will profit off your data, which he will sell to thousands of companies and governments.
Aug Fri 08 2025
Oh and by the way, he can’t tell you how exactly your data will be used, much less ensure that it won’t be used against you at some point.
Does this sound like a fair deal?
Because this is fundamentally what Mark Zuckerberg is doing right now.
In April, Meta Inc announced that it would begin training its Artificial Intelligence (AI) systems using information published by users in the EU on its platforms, Facebook and Instagram.
Meta said it would be sucking up all sorts of personal information, including names, photos, as well as all content posted to public pages, groups, and channels. The company claimed it would not be absorb-ing data about minors, but acknowledged that children and non-Meta users featured in other people’s content would be vacuumed up by its systems.
The company gave users about a month to opt out, using an onerous, 6-step process that buried the opt-out link in a paragraph. It was so confusing it almost appeared designed to fail.
Several organizations, including SOMI, the foundation I run, moved to block Meta, arguing that the American tech giant is violating European laws, and putting its own commercial interests above the fun-damental right to data privacy of those affected.
In May, the Higher Regional Court of Cologne dismissed an initial cease-and-desist order filed by the Verbraucherzentrale North Rhine-Westphalia, arguing, in effect that Meta’s business interests in develop-ing AI outweighed users’ privacy concerns.
The grounds of the judgment were not published until 13 June 2025. Only at that point did the findings of the Cologne Higher Regional Court disclose to the public that the “AI training,” as of 27 May 2025, would in fact:
• harvest the personal data of a large number of children and minors;
• encompass the personal data of non users who cannot object to this processing or otherwise avoid it;
• suck up a multitude of personal data relating to users and third parties published on institutional accounts, who from the outset would have no possibility to object to such processing and are therefore left entirely without protection; and
• mass-collect personal data revealing racial and/or ethnic origin, political opinions, religious and/or philosophical beliefs, and/or trade union membership.
We at SOMI fundamentally disagree that Meta should be allowed to train its systems off such data, and that what the company has begun doing represents multiple violations of the GDPR.
So even though this is a high-risk claim, we have filed our own injunction.
We took this risk both because the stakes for data privacy and fundamental rights are incredibly high (and not just for Germans and the German tech industry – but for all Europeans) and also because this infringement has now been actually occurring since 27 May 2025. Our hearing is on 5 August in Schleswig.
Fundamentally, we want to understand why a German court moved to protect American corporate in-terests over the privacy rights of people in Europe. Meta, the social media giant company that brought us the Cambridge Analytica scandal, has fueled a spike in teen depression, and whose data privacy practices are so poor they stored user passwords in an unencrypted database, hardly seems like the right tech company to allow to mass harvest our data to train their AI.
There is no doubt that technology has brought immense benefits to society. And of course technology companies need to make profits to innovate. I myself also run an IT company, and I understand this as well as anyone.
However, the EU has established strong, rights-based legal structures governing tech, due to the histor-ic experiences and injustices that happened on this Continent. Our laws protect people – especially children and teens, people acting in good faith, the elderly, people who do not read so well, and people too busy or too tired to read the fine print.
We at SOMI litigate to protect these constituencies. As a European and a businessman, I know we can develop a thriving tech industry that both supports European Values and also prioritizes decency to-wards each other over corporate earnings.
The U.S. has chosen an imperialist approach towards AI. Just this week, U.S. President Donald Trump laid out his vision for American AI dominance, which would “ get the entire world running on the backbone of American technology.”
We’d like to see regulators and courts in Europe focused on upholding our laws that prioritize protect-ing individual rights over corporations, and protecting European technology companies over American and Chinese tech giants.
By Hans Franke
Hans Franke is the founder and director of SOMI, a Qualified Entity authorized by the European Com-mission to file collective action claims in all 27 EU Member States.