If you're tired of the destruction of civil liberties subscribe to Reclaim The Net.

Nearly 260 contract workers in Hyderabad, India working for the outsourcing firm Wipro said to have combed through millions of photos and status updates on Facebook ever since 2014. These workers categorized the items into “five dimensions” as asked by Facebook for a better understanding of the users, posting patterns and more. By doing so, Facebook aims to build better features and increase ad revenue. However, it isn’t clear about how much of these efforts can be deemed ethical, Reuters is reporting.

“One of the key pieces of GDPR is purpose limitation,” said John Kennedy, a partner at law firm Wiggin and Dana who has worked on outsourcing, privacy and AI. If the purpose is looking at posts to improve the precision of services, that should be stated explicitly, Kennedy said. Using an outside vendor for the work could also require consent, he said.

The details of this project were provided by a few of the contract workers on the project after being guaranteed anonymity. According to this program, the workers categorize the posts into dimensions such as the subject of the post, occasion, author’s intention and so on.

While Facebook confirmed and provided several details about the few among nearly 200 ongoing content labeling projects, Wipro declined to respond and directed all the communication to Facebook.

Double your web browsing speed with today's sponsor. Get Brave.

The company officials said that Wipro was one of the many firms hired for such work and globally, millions of people are hired by Facebook for content labeling services. Several projects such as this are primarily aimed at training Facebook’s software to decide what must appear in user feeds and the most suitable advertisements as well.

Content labeling can raise new privacy concerns on top of the ongoing investigations and charges against Facebook for poor privacy measures and personal data abuse. The outsourcing firm’s employees stated that they gained a window into the user’s life and in a few cases, some posts and screenshots may contain user names as well.

Facebook said that it’s following a recently introduced auditing system to ensure that the privacy measures and expectations are being followed by third-party companies doing the outsourcing work. Using an outside vendor for work might need user consent, and not explicitly stating such facts to the users may land Facebook in legal trouble.

One of Europe’s top data privacy official had declined to comment on this issue. As of now, it remains unclear about how the GDPR will be interpreted and if the regulators would find the content labeling efforts to be problematic.