Meta is preparing to watch a lot more of what its U.S. employees do at their keyboards, including those at its Menlo Park headquarters. The company is rolling out software to staff work machines that will record mouse movements, clicks, keystrokes and, at times, take screenshots of their displays. Internally, Meta has told workers that this firehose of data is meant to feed its in-house AI models so automated agents can learn how people actually navigate apps and use shortcuts. The company has emphasized that the information is meant to improve systems, not to grade individual performance.
According to Reuters, the effort, known as the Model Capability Initiative (MCI), will run on a defined list of work-related apps and websites and "take occasional snapshots" of what employees see on their screens to provide context. An internal memo posted in a Meta research channel told staff, "This is where all Meta employees can help our models get better simply by doing their daily work." The messages surfaced as Meta rebrands parts of its AI-for-work push under a broader program called the Agent Transformation Accelerator.
Meta spokesperson Andy Stone told reporters that the data collected through MCI would be used only for model training and "would not be used for performance assessments," and that safeguards would be put in place to protect "sensitive content," Channel NewsAsia reported. Chief Technology Officer Andrew Bosworth has also urged employees to increase internal data collection as the company leans harder into agents designed to automate routine office tasks.
Privacy and legal questions
Privacy scholars say keystroke logging and screen capture are among the most intensive forms of workplace monitoring and can blur already thin lines between work and personal life. Ifeoma Ajunwa, in The Quantified Worker, documents how such tools can turn everyday office activity into a continuous data stream about employees themselves.
In Europe, watchdogs have tried to get ahead of this kind of technology. The European Data Protection Board requires transparency, proportionality and formal impact assessments for high-risk monitoring systems and has published guidance and templates that companies are expected to follow when planning programs like this, materials on the EDPB site show.
How the rules differ overseas
National laws can go even further. Italy’s worker-protection code, backed by guidance from the Garante privacy authority, requires either trade-union consultation or authorization from the labor inspectorate for intrusive or systematic electronic monitoring, and regulators have restricted long-term logging of employee communications, the Garante notes.
France’s CNIL and several other European regulators treat broad keystroke capture as likely disproportionate under GDPR standards. That stance raises the odds that any multinational rollout of systems like MCI would need country-specific carve-outs or technical limits to pass legal muster, according to guidance from CNIL.
Why Meta says it's doing this
Inside Meta, the stated goal is to teach AI models how humans actually interact with digital interfaces, from picking items in dropdown menus to using obscure keyboard shortcuts. The company says that, over time, those models should power agents that can take over routine, repetitive tasks while people stay in the loop to direct and review what the software is doing.
The timing is not accidental. Meta is preparing cost cuts linked to an AI-first reorganization, and the company is reportedly planning layoffs that could eliminate around 10% of its workforce, with an initial wave expected on May 20, Reuters reported.
What employees should watch for
Regulators tend to care less about whether a tool is "for AI" and more about how clearly it is explained and controlled. Workers are advised to look for specific notices about what types of activity will be recorded, how long the data will be retained and who inside the company can access it. Transparency and documented risk-mitigation steps are central to the legal test for acceptable monitoring under GDPR and national rules, according to the EDPB.
For U.S. employers, the compliance maze looks different but still real. Some states require advance written notice to employees before monitoring, and companies are encouraged to prepare records similar to a formal impact assessment when processing sensitive workplace data, guidance from eMonitor suggests.
Legal implications
Because MCI would capture highly granular behavior data, privacy regulators or works councils in some countries could demand changes, block rollouts outright in certain jurisdictions or levy fines if they conclude the monitoring is disproportionate to its goals. Under GDPR, penalties can climb into the tens of millions of euros.
Employees worried about how these systems might be used can raise concerns with human resources, their union or their national data protection authority. Companies that decide to forge ahead with this type of tracking will likely be required to publish impact assessments and spell out technical safeguards before any broad deployment, according to the Garante.
