Meta terminates contract with Sama following sensitive data revelations from smart glasses

Meta has ended its contractual relationship with Sama, a Nairobi-based outsourcing company, following serious revelations concerning the handling of sensitive data. The news, which emerged in February 2026 and was reported by Swedish newspapers Svenska Dagbladet and Gรถteborgs-Posten, highlighted practices of reviewing footage captured by Meta's Ray-Ban smart glasses that raise profound concerns about user privacy and data sovereignty.

Sama's workers were tasked with labeling these video clips, a seemingly innocuous job that, in this specific context, revealed problematic data management. The content viewed included extremely private and personal moments, such as individuals engaged in sexual acts, using toilets, undressing, or handling bank details. This scenario underscores the inherent complexities and risks involved in entrusting third parties with the management of such delicate data streams.

Implications for privacy and data sovereignty

The incident raises fundamental questions about data governance and the chain of custody for personal information. When companies outsource processes involving sensitive data, diligence in partner selection and the implementation of rigorous security protocols become crucial. The nature of the footage, captured by wearable devices like smart glasses, amplifies the risk, as users may not be fully aware of the extent of data collection and subsequent processing.

For organizations evaluating AI solution deployments, particularly those managing Large Language Models (LLM) or other data-intensive workloads, this case highlights the importance of direct control over infrastructure. Data sovereignty, regulatory compliance (such as GDPR), and the ability to operate in air-gapped environments are often key motivations for opting for self-hosted or on-premise solutions. Outsourcing, while potentially offering benefits in terms of TCO or scalability, introduces an additional layer of complexity and potential vulnerability in privacy management.

Managing external vendors and associated risks

Meta's decision to terminate the contract with Sama reflects the seriousness of the allegations and the need to restore user trust. However, the episode serves as a warning for the entire tech industry. Delegating data labeling or analysis tasks to external vendors, often located in different jurisdictions, requires constant oversight and contractual agreements that guarantee security and privacy standards equivalent to internal ones.

Companies must carefully consider the trade-offs between the operational efficiency offered by outsourcing and the risks associated with losing control over data. This is especially true for data feeding artificial intelligence systems, where the quality and confidentiality of information are essential parameters. A thorough Total Cost of Ownership (TCO) evaluation should include not only direct costs but also potential reputational and legal costs arising from privacy breaches.

Future perspectives on data governance

The Meta-Sama incident highlights a growing challenge in the era of AI and connected devices: how to balance technological innovation with the protection of individual privacy. Companies are called upon to develop more robust data governance policies, including regular vendor audits, end-to-end encryption, and transparent mechanisms to inform users about the collection and use of their data.

For CTOs and infrastructure architects, the lesson is clear: the choice between on-premise deployment and cloud solutions is not just a matter of performance or cost, but also of control and responsibility over data. AI-RADAR offers analytical frameworks on /llm-onpremise to evaluate these trade-offs, providing tools for informed decisions that prioritize data sovereignty and compliance, increasingly critical elements in today's technological landscape.