Meta has launched Muse Image, the first image-generation model from the company's newly established Superintelligence Labs. According to Meta's own announcements, the model is now available in the Meta AI app, on Instagram, and in WhatsApp, with a rollout to Facebook and Messenger to follow. Muse Image is part of a broader family of models that will gradually replace the previous Llama lineup.
But the launch has already put privacy firmly on the agenda — particularly for European and Norwegian users.
It can create images of you without your knowledge
One of the most contested features of Muse Image is the ability to reference public Instagram accounts directly in an AI prompt. This means anyone can use images from your public profile as a source to generate new, hyperrealistic images of you.
According to available information about the system, the original account owner — the person being depicted — will not receive any notification that their content has been used in this way. Critics have described the feature as a form of "face reuse", and privacy experts are warning of the potential for misuse, including the production of deepfakes.
Users of public Instagram accounts can be "tagged" in AI prompts to create hyperrealistic images — without being notified
Meta states that the system includes safety mechanisms that block requests violating the platform's guidelines, and that all AI-generated images are equipped with invisible digital watermarks. Independent experts have previously noted, however, that such filters are far from foolproof.

Trained on 19 years of user data
At the core of Muse Image is a training dataset built from public posts, images, comments, and captions from Facebook and Instagram. Collection is said to have begun as far back as 2007, meaning the model may draw on nearly two decades of user-generated content.
Privacy organisations have highlighted in particular that the dataset likely includes images of children, published by parents or by the children themselves at a time when neither party knew the content would be used to train commercial AI systems.
Opt-out, not opt-in — and that's the problem
Meta operates on a so-called opt-out basis for the use of public content in AI training. This means your content can automatically be used unless you actively choose to exclude it. Private Instagram accounts are exempt, but public accounts — including those of many Norwegian content creators, journalists, and businesses — are included by default.
This creates a direct tension with European data protection law. GDPR in principle requires a clear legal basis for processing personal data. Meta has previously argued that "legitimate interest" constitutes sufficient grounds — an argument that the privacy organisation NOYB has challenged in court. The matter has not yet been finally resolved.
For Norwegian users, GDPR applies directly through the EEA Agreement. The Norwegian Data Protection Authority has previously stated that Norwegian users have the right to access and object to the processing of their personal data — but exercising those rights in practice is complicated when the data has been woven into a large AI model and cannot easily be traced or deleted.
Lack of transparency raises ethical questions
A recurring criticism from privacy experts is that Meta does not communicate clearly enough about exactly which data is used for what purpose. The fact that AI models function as "black boxes" makes it difficult — and in many cases impossible — to demand that specific data be deleted once the model has been trained.
Meta, for its part, has assured users that sensitive categories such as religious beliefs, sexual orientation, and health information are not used for advertising targeting. Privacy organisations remain sceptical, particularly in light of the company's track record on data handling.
It is not yet known whether Norwegian or European supervisory authorities have opened formal investigations specifically related to Muse Image.
