Meta halts its employee mouse-tracking initiative due to concerns about data security.

      The Model Capability Initiative, which records mouse movements and keystrokes to train Meta’s AI, has been suspended after sensitive employee information was made accessible to everyone in the company.

      On Monday, June 22, 2026, Meta announced it would pause the internal tool that monitors employee digital activity and mouse movements to train its AI models while investigating how a substantial amount of sensitive employee data became publicly readable within the company.

      Launched in April 2026, the Model Capability Initiative (MCI) tracks the mouse movements, clicks, and keystrokes of US employees, along with occasional screenshots, feeding this data into Meta’s models as training material. The aim was to teach AI systems how human workers perform tasks, but it inadvertently created a considerable pool of personal information that was left exposed.

      This decision to pause the program followed revelations from documents reviewed by Reuters, indicating that sensitive employee data was unintentionally accessible to all Meta employees. The exposed information reportedly included private conversations, performance metrics, and transcriptions—types of records that are concerning enough when managed by HR, let alone exposed to the entire workforce.

      The irony is striking. A program designed to meticulously gather data on employee activities failed to protect that same data from the employees it was observing. The exposure resulted not from an external breach but from an internal permissions issue—an instance of misconfiguration that allowed surveillance data to become an open filing cabinet, for which Meta is responsible since it developed and operated the data collection.

      Meta has not disputed these facts. “We have carefully designed this program with privacy safeguards and while we have no indication at this time that any data was improperly accessed by Meta employees, we’re pausing it while we investigate,” said spokesperson Tracy Clayton.

      The company did not specify the duration of the pause, leaving the program without a defined reopening timeline. MCI has faced internal contention since its inception, not just regarding security but also due to pushback from employees who objected to being monitored by software designed to learn from them, especially during a time of impending job cuts.

      To ease discontent, Meta later introduced a pause option allowing employees to disable tracking for 30 minutes at a time, a gesture that highlighted the ongoing nature of the monitoring.

      However, the legal risks have overshadowed employee dissatisfaction. Recording keystrokes and taking screenshots of identifiable employees clashes with Europe’s data protection regulations, raising concerns about potential violations of the GDPR, which imposes strict requirements on processing personal data and views workplace consent as tenuous due to power imbalances between employers and staff.

      A leak that renders sensitive records widely accessible exemplifies the kind of failure these rules are designed to prevent.

      For now, mouse movements are no longer being recorded by MCI. Meta has stated it will conduct an investigation, but has not indicated how long it might take or whether the program will continue as is, be redesigned, or be discontinued entirely. Those answers, like the data that led to the pause, remain undisclosed.