Meta announced Monday it is putting the brakes on an internal employee monitoring program while the company looks into concerns about data security.
The program in question, called the Model Capability Initiative, or MCI, was launched in April. It works by capturing mouse movements, clicks, and keystrokes on computers used by U.S.-based employees, with the goal of using that data to train Meta’s artificial intelligence systems.
The decision to pause the program follows a Reuters review of internal documents showing that sensitive employee data — gathered to track digital activity within Meta’s own systems — was viewable by any Meta employee, not just those authorized to see it.
Business Insider was first to report the pause.
Meta confirmed it is investigating the situation, though the company would not say how long the program would remain on hold.
Company spokesperson Tracy Clayton addressed the matter, stating: “We have carefully designed this program with privacy safeguards and while we have no indication at this time that any data was improperly accessed by Meta employees, we’re pausing it while we investigate.”
Despite the announced pause, a source told Reuters the tool was still actively recording as of Monday afternoon. Clayton acknowledged the rollout of the pause would take time to fully reach all employees.
The halt came after a Meta employee filed what is known as an SEV — a high-priority internal security incident report — flagging concerns about the exposure of employee data.
Internal documents revealed that the exposed data included “full prompts and transcriptions, private conversations, people and performance data, DSS sensitivity ratings (1-4).”
Reuters had previously reported in May that the MCI program was collecting more information than employees had originally been told, and that the data was being stored without encryption — raising significant privacy concerns among staff.
According to internal documentation, an employee who weighed in on the security report called for a more thorough look into the problem, writing: “I have accessed both personal tax and medical information through my work computer, as have many thousands of employees. We were told this data would be protected and only used for valid business purposes after aggressive filtering.”
