Germany questions Facebook about facial recognition feature
IDG News Service - Facebook is facing fresh concerns from German data protection officials that its automatic facial recognition feature may violate European privacy regulations.
Hamburg's Data Protection Agency (DPA) sent a letter to Facebook on Tuesday saying the social networking site should get users' consent before their biometric data, used to enable the tagging feature, is stored, said Johannes Caspar, head of the agency, on Thursday. Although users can opt out of the feature, the DPA contends that the process is unclear, he said.
Facebook enabled the facial recognition feature in December in the U.S. and has now rolled it out in most countries. The system makes suggestions for tags based on faces in other photographs that have been tagged. Users are notified only after they've been tagged.
Users can opt out of the facial recognition feature within the privacy settings on their Facebook accounts. To do that, a user would need to go into the "Customize Settings" panel and disable "Suggest photos of me to friends." A person can still be tagged manually but only by their friends.
Caspar said European Union privacy regulations require that users give their consent before their data is stored, including data used to enable tagging.
"It is clear that everybody whose data will be stored has to consent, and consent is something more than not to reject," Caspar said.
Facebook has two weeks to respond to the letter. The DPA has also notified the Article 29 Data Protection Working Party, which advises the European Commission on data protection issues.
In a statement, Facebook said "we will consider the points the Hamburg Data Protection Authority have made about the photo tag suggest feature but firmly reject any claim that we are not meeting our obligations under European Union data protection law."
The company further contended that its users like the photo tag suggest feature, "which makes it easier and safer for them to manage their online identities."
If the two sides can't reach an agreement, Caspar could fine Facebook up to €300,000 (US$426,000). But Caspar said his agency has a good working relationship with Facebook, and the two sides reached agreement earlier this year on Facebook's "Friend Finder" feature.
Friend Finder imports e-mail addresses from user contact lists on other e-mail services and then sends out invitations to non-Facebook users to join the site. The DPA contended Facebook was collecting e-mail addresses without a user's consent and that it was unclear to users why they were receiving an invite.
Under the agreement, Facebook tweaked its systems so that a person who is not signed up with the social networking site can opt out of receiving further invitations from that initial invitation.
"We had a successful negotiation," Caspar said.
Hamburg's DPA has taken a leading role in data protection issues in Europe. In 2009, the agency launched an extensive investigation into Google's Street View imagery program, questioning how the company stored data for users who did not want their properties shown and how thoroughly it censors parts of images such as people's faces.
Google and the DPA eventually reached an agreement on a dozen or so concerns the agency had about Street View.
Send news tips and comments to firstname.lastname@example.org
- Where You Mitigate Heartbleed Matters Read this article to learn more about why customers must choose the most strategic point in the network at which to deploy their...
- Do More With Less: How CARFAX Consolidated Their Security Solutions Through a consolidated F5 solution, CARFAX cut site downtime to zero, secures its data, and deployed a high-performance infrastructure to support its rapid...
- Fight Malware, Malfeasance and Malingering Every year brings more extreme sets of threats than the last. The good news is that there are a range of mitigation options....
- F5 Data Center Firewall Aces Performance Test F5's BIG-IP 10200v with Advanced Firewall Manager (AFM) can handle traffic at 80-Gbps rates while screening and protecting tens of millions of connections...
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their... All Gov't Legislation/Regulation White Papers | Webcasts