1 Comment

Summary:

The social network has bowed to the demands of privacy regulators across the EU and axed its facial recognition features for European users. However, it plans to bring the functionality back once it’s figured out how to give its users real privacy choice.

f8 great zuckerberg media photo

Facebook has axed its facial recognition functionality for users in the EU, in order to satisfy the concerns of privacy regulators.

The Irish data protection commissioner (DPC) issued his assessment (PDF) on Friday of Facebook’s compliance with recommendations the regulator made last December. The DPC had been forced into the issue following complaints by a group of Austrian law students calling themselves ‘Europe v Facebook’, and had told Facebook that it had to be more upfront about giving users privacy choices.

The review suggested that Facebook had “fully implemented” most of the DPC’s recommendations, and those that had not been implemented would be taken care of “with a clear timescale” in place.

And one of those moves is apparently to stop recording people’s facial characteristics in order to automatically suggest photo tags.

“I am particularly encouraged in relation to the approach it has decided to adopt on the tag suggest/facial recognition feature by in fact agreeing to go beyond our initial recommendations, in light of developments since then, in order to achieve best practice,” DPC Billy Hawkes said in a statement. “This feature has already been turned off for new users in the EU and templates for existing users will be deleted by 15 October, pending agreement with my Office on the most appropriate means of collecting user consent.”

Facebook, which was targeted in Ireland because that’s where all its non-North American business is based, is also crowing about going beyond the call of duty:

“The latest announcement is confirmation that we are not only compliant with European data protection law but we have gone beyond some of their initial recommendations and are fully committed to best practice in data protection compliance.”

But guess what? That’s not the end of the story.

Facebook’s been under fire over precisely the same feature in Germany, where privacy chiefs have accused the social network of “illegally compiling a vast photo database of users without their consent” – remember, this is the home of data protection law we’re talking about here.

When that last bit of bother struck just one month ago, Facebook insisted that:

“We believe that the Photo Tag Suggest feature on Facebook is fully compliant with EU data protection laws.”

So what gives?

Essentially, Facebook has found itself fighting on too many fronts. What began as an obscure concern of people in German-speaking countries has spread: the Norwegian data protection regulator also started probing the feature, and – crucially – so did the Article 29 Working Party (WP29).

The WP29 is a group of privacy regulators from all over the EU, and its recommendations get taken very seriously indeed. In July it said facial recognition features such as photo-tag suggestions should only be allowed when the user gives their explicit consent (and that means the user being tagged, as well as the one doing the tagging).

So yes, Facebook has just gone beyond the Irish DPC’s original recommendation, but only because a higher authority is waving a bigger stick at it, and because the company’s realized it’s not going to win this one.

In any case, even though Facebook is wiping the facial recognition templates it’s already recorded for its EU users, it intends to bring the system back once it’s figured out a “holistic approach” to properly informing those users.

As for Europe v Facebook, they’re still not happy (no surprise there) but tell me this victory is “totally going in the right direction”.

To give Facebook its due, here are the areas in which the DPC says the company has fully implemented its recommendations:

• The provision of better transparency for the user in how their data is handled,
• The provision of increased user control over settings,
• The implementation of clear retention periods for the deletion of personal data or an enhanced ability for the user to delete items,
• The enhancement of the user’s right to have ready access to their personal data and the capacity of FB-I [Facebook Ireland] to ensure rigorous assessment of compliance with Irish and EU data protection requirements.

  1. Christopher William Crawley Saturday, September 22, 2012

    Gee, if they had a reason to use facial recognition like public/private cloud based big data total overall solution commerce and logistics management platforms then maybe the governments could actually use this tech in positive ways perhaps regulate/utilize this type of personal branding to actually do some good like create a stronger public and private gov/company infrastructural enterprising economy and inflation fight or eradicate the terrorism card for all entities and locations, and allow free safe travel and trade to flow like ONLY our Apollios.com
    will do in 2013. And why cant they just create restrictions and security policies on this tech?
    Makes no sense to squelch innovating technology COMPLETELY even if its off shoots can be defined as a breach of privacy.Find a way or let them trample you!
    If someone has something to hide then they are obviously guilty of something and or insecure and these paranoid fools will realize this like it or not they will never stop the Apollios.com
    So whats it gonna be ? the public and private security industries? Zuck you want a solution to this or you wanna waste more money and time on your acquisition >?
    The Apollios is your ONLY solution and it will just steamroll and go viral through the many geographic masses and companies until it even overtakes your market! step up step out or step off~ cuz the this is the real deal~Better recognize~CWC

    Share

Comments have been disabled for this post