Germany questions Facebook about facial recognition feature
IDG News Service - Facebook is facing fresh concerns from German data protection officials that its automatic facial recognition feature may violate European privacy regulations.
Hamburg's Data Protection Agency (DPA) sent a letter to Facebook on Tuesday saying the social networking site should get users' consent before their biometric data, used to enable the tagging feature, is stored, said Johannes Caspar, head of the agency, on Thursday. Although users can opt out of the feature, the DPA contends that the process is unclear, he said.
Facebook enabled the facial recognition feature in December in the U.S. and has now rolled it out in most countries. The system makes suggestions for tags based on faces in other photographs that have been tagged. Users are notified only after they've been tagged.
Users can opt out of the facial recognition feature within the privacy settings on their Facebook accounts. To do that, a user would need to go into the "Customize Settings" panel and disable "Suggest photos of me to friends." A person can still be tagged manually but only by their friends.
Caspar said European Union privacy regulations require that users give their consent before their data is stored, including data used to enable tagging.
"It is clear that everybody whose data will be stored has to consent, and consent is something more than not to reject," Caspar said.
Facebook has two weeks to respond to the letter. The DPA has also notified the Article 29 Data Protection Working Party, which advises the European Commission on data protection issues.
In a statement, Facebook said "we will consider the points the Hamburg Data Protection Authority have made about the photo tag suggest feature but firmly reject any claim that we are not meeting our obligations under European Union data protection law."
The company further contended that its users like the photo tag suggest feature, "which makes it easier and safer for them to manage their online identities."
If the two sides can't reach an agreement, Caspar could fine Facebook up to €300,000 (US$426,000). But Caspar said his agency has a good working relationship with Facebook, and the two sides reached agreement earlier this year on Facebook's "Friend Finder" feature.
Friend Finder imports e-mail addresses from user contact lists on other e-mail services and then sends out invitations to non-Facebook users to join the site. The DPA contended Facebook was collecting e-mail addresses without a user's consent and that it was unclear to users why they were receiving an invite.
Under the agreement, Facebook tweaked its systems so that a person who is not signed up with the social networking site can opt out of receiving further invitations from that initial invitation.
"We had a successful negotiation," Caspar said.
Hamburg's DPA has taken a leading role in data protection issues in Europe. In 2009, the agency launched an extensive investigation into Google's Street View imagery program, questioning how the company stored data for users who did not want their properties shown and how thoroughly it censors parts of images such as people's faces.
Google and the DPA eventually reached an agreement on a dozen or so concerns the agency had about Street View.
Send news tips and comments to email@example.com
Changing the Way Government Works: Four Technology Trends that Drive Down Costs and Increase Productivity
This paper discusses four technology-based approaches to improving processes and increasing
productivity while driving down department and agency costs.
- Path Selection Infographic Path Selection Infographic
- Hyperconvergence Infographic A wide range of observers agree that data centers are now entering an era of "hyperconvergence" that will raise network traffic levels faster...
- Preparing Your Infrastructure for the Hyperconvergence Era From cloud computing and virtualization to mobility and unified communications, an array of innovative technologies is transforming today's data centers.
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Gov't Legislation/Regulation White Papers | Webcasts