In 2025, an unexpected player is stepping into the world of social media – OpenAI. The company is reportedly prototyping a new social feed tied to its image generator, as part of a broader move to scale multimodal AI by doing what competitors like Meta and X have already been doing for a while now.
What may appear to be a community-driven platform for generating trendy avatars and sharing AI art, could potentially be a highly effective data funnel. It leverages user excitement and creativity to capture one of the most valuable and sensitive commodities in the AI arms race: facial data.
As we’ve covered in our articles on facial recognition technology before, the collection and use of sensitive biometric information like facial images often constitute breaches of data protection laws and privacy rights. But what if this information is being provided voluntarily?
The Ghibli Effect: A Trojan Horse for Training Data
When OpenAI launched its new image generator with a Studio Ghibli-style prompt feature, it ended up taking over the world. However, what it also did was expand the AI v. copyright debate to a large extent (something which we’ve covered in a previous article), and also feed OpenAI a global, labelled dataset of human faces, emotions, and styles – all voluntarily given.
In other words, it allowed OpenAI to collect the kind of training data that’s become increasingly difficult to scrape and reproduce due to copyright law and litigation. Instead of battling regulations or licensing costs, OpenAI flipped the script, and let the users come to them.
This is what makes OpenAI’s vision for a social feed so powerful. It’s not just about sharing art, it’s about building a legally defensible, high-quality dataset, rich in biometric and social signals.
Legal Concerns with the AI Social Network Playbook
Meta’s early rise was powered by people uploading real names, real faces, and real locations. Facebook did not need to extract this data, users gave it up willingly through their posts. Even now, Meta is doubling down on AI-driven avatars and metaverse integrations that make use of personal data.
OpenAI is using a similar blueprint with their social feed, which can become a powerful UX honeytrap: a way to keep people engaged, sharing, and generating the kind of personal content that’s ideal for training next-gen AI models. However, this also raises privacy concerns about individuals’ rights with respect to their facial data, and how it is being used.
OpenAI’s privacy policy states that they use user content from ChatGPT, Sora and Operator to train their models for improvement, and this includes images uploaded to these platforms. This can be opted out of through their privacy portal, but the default setting is opt-in, meaning users are effectively giving consent for the use their images for training purposes.
Meta’s Legacy Approach to User Data
Meta’s long-standing strategy has operated on similar terms. Facebook’s early usage policies allowed the company to use user-uploaded photos for various purposes, and even now their policies allow for the use of data to improve services and train models.
There are some legal guardrails in place that users can rely on, but these have not been developed enough to meet these new challenges. The U.S. has only a handful of state biometric privacy laws specifically focussed on the protection of facial data. Perhaps the most notable one, the Illinois’ Biometric Information Privacy Act, requires informed, written consent before collecting or using biometric data like facial images. This law has led to significant lawsuits, including a $650 million settlement with Meta in 2021 for its facial recognition practices on photos uploaded to Facebook.
GDPR: A Stricter Global Standard
The General Data Protection Regulation (GDPR) has slightly more stringent consent requirements; it requires freely given, specific, informed, and unambiguous consent (also stating that silence and pre-ticked boxes do not constitute consent). In other words, companies can’t bury consent in fine print, there needs to be active acceptance by the user for the use their data. Consequently, if OpenAI were to deploy its social feed in the EU, it would need to adhere to stricter user guidelines.
New Legal Challenges
If OpenAI enters the race with its own social network powered by user-generated images, prompts, and conversations, it may become less about building community and more about dominating the future of multimodal AI. As these systems grow more advanced, personal images and data will only increase in value, and what better way to collect them than by letting users play with AI’s capabilities?
But as the lines between content generation and biometric data harvesting blur, so do the boundaries of voluntary and informed consent prescribed by various data protection laws. Most users engaging with these tools have no idea that their faces, voices, and expressions may become part of training datasets, which creates legal issues about whether consent is being given freely and voluntarily.
The EU’s AI Act
The EU’s AI Act offers some guidance (such as higher compliance requirements for high-risk systems, transparency obligations, and human oversight) which can help in regulating the activities of AI companies in tandem with the GDPR. However, while these EU legislations do foresee and protect against the potential risks associated with AI, most countries around the world are still lacking the legal framework required to protect individual privacy rights.
Until now, much of the legal scrutiny around AI has focused on copyright infringement. But now, with the rise of face-forward, user-generated AI content, it’s clear we’re heading straight into the next major front: privacy. And unlike copyright, there are no collective licensing structures or royalties for the use of your face.
Authors: Shantanu Mukherjee, Varun Alase
