On 21 April 2026, Fortune reported that Meta Platforms had begun installing software on the work computers of US-based employees to capture mouse movements, keystrokes, clicks, and periodic screenshots. A day later, CNBC revealed the scope of the programme in greater detail: data was being collected across hundreds of websites and applications, among them Google, LinkedIn, Wikipedia, GitHub, Salesforce's Slack, and Atlassian. The programme, known internally as the Model Capability Initiative, or MCI, is designed to generate training data for Meta's AI systems. Specifically, the company wants its models to learn how experienced workers interact with software in ways that are difficult to observe through product usage alone.
What the Programme Actually Captures
The MCI tool runs in the background of employees' work computers, logging mouse movements, clicks, and keystrokes across work-related applications and websites. It also takes periodic screenshots for contextual data. According to CNBC, the full list of sites being monitored had not previously been disclosed to employees.
Meta's stated rationale is targeted. The company told reporters that the data would be used to train AI models on nuanced human-computer interactions, such as navigating dropdown menus, using keyboard shortcuts, and copying content between applications. These are precisely the kinds of actions that are hard to replicate when a model has only observed the inputs and outputs of a task, not the procedural path taken to complete it.
A spokesperson for Meta told outlets that data collected through MCI would not be used for performance evaluations, disciplinary processes, or any purpose other than model training, and that safeguards were in place to protect sensitive content.
Where Consent Meets Complexity
The announcement prompted significant internal pushback. Multiple Meta employees described the MCI programme as "dystopian" in internal messages reviewed by CNBC. The concerns raised were not abstract. Continuous keystroke and screen capture can expose passwords entered in the course of normal work, personal information including health-related searches and immigration status, details about product development not yet made public, and private communications between employees.
Ifeoma Ajunwa, a law professor at Yale University, told Reuters that keystroke logging represents an escalation in employee surveillance, exposing white-collar workers to a level of monitoring more commonly associated with gig economy roles and lower-wage shift work. Her concern is structural: when monitoring is embedded in the tools through which work is done, the practical ability to refuse or opt out is constrained by the employment relationship itself.
The question this raises is one that will outlast Meta's particular programme: when an employer deploys monitoring for a purpose that has nothing to do with performance, what framework governs the data rights of the employee whose activity is being captured?
A Governance Gap in Motion
Meta is not the only technology company drawing on employee behavior to improve its AI systems, though the explicit, software-based character of MCI is unusual in the degree to which it has been made visible. The broader dynamic reflects a structural reality: companies with large, skilled workforces have a significant and accessible source of high-quality behavioral training data. The ethical and legal treatment of that data remains poorly defined in most jurisdictions.
In the European Union, GDPR requires that workplace monitoring be proportionate, transparent, and limited to a stated purpose, with a lawful basis established before data collection begins. The UK data protection framework applies broadly similar principles. But MCI appears to have launched in the United States, where federal employee monitoring law is fragmented and narrower in scope. Several US states have introduced transparency requirements for AI systems that inform employment decisions, but keystroke logging that bypasses decision-making altogether and feeds directly into model training sits in a different legal category.
The data rights frameworks in force today were not designed for this. They were designed for an era in which the things being captured, messages, documents, performance metrics, were already recognisable as outputs of work. The behavioral record of a person navigating software, the rhythm of their keystrokes, the path they take through a task, was not contemplated as a discrete asset to be separated, labelled, and used elsewhere.
Opinion: Training Data Has Rights, Too
Workers are accustomed to their outputs being used commercially. Writing, code, analysis, design: the employment contract typically vests intellectual property in the employer. MCI extends that logic further, treating the physical process of work itself as training material: the way someone's fingers move across a keyboard, which windows they switch between, how they compose a sentence before deleting it.
That is a qualitative shift, and it is one that a salary and an employment contract were not designed to cover. The consent frameworks in place, a staff announcement, a company assurance that data will not be used for performance review, were developed for a different kind of monitoring. They were not designed for the capture of granular behavioral sequences to be fed into a general-purpose AI system at an undefined future date.
The companies building the next generation of AI systems need large quantities of behaviorally rich training data. The individuals whose behavior is most useful are precisely those who have developed expertise through years of practice. The question is whether "not used for performance evaluation" is now sufficient as the governing standard for how that expertise is extracted and used.
If data rights are to mean anything in the workplace, they need to address not just what is decided about a worker, but what is taken from them in the process of doing their job.
Sources
Fortune, "Meta will start tracking employees' screens and keystrokes to train AI tools," 21 April 2026
CNBC, "Meta is tracking employee keystrokes on Google, LinkedIn, Wikipedia as part of AI training initiative," 22 April 2026
The contents of this article are for informational purposes only and do not constitute professional, legal, or financial advice.
