When Facebook quietly turned on its friend photo identification feature for European users in June, it sparked off a panic among European regulators.
Compounding the problem, Facebook turned on the feature as a default, not clearly explaining it, and left it up to the public to figure it out for themselves. As a British security blogger Graham Cluey noted on his Sophos Naked Security blog in June, Facebook account holders in Europe could find themselves showing up identified in photographs in their friends’ Facebook accounts without having any say over the matter.
The software feature automatically scans uploaded photographs and tries to match faces and tag them with names plucked from account holders’ lists of friends. It’s been a feature in the United States since December 2010, but was just recently rolled out in Europe.
European regulators flew off the handle and vowed to investigate whether the social networking giant had violated any of the European Union’s strict privacy laws. But many prominent privacy advocates, like Jules Polonetsky, a long-time consumer advocate and now director for the Future of Privacy Forum in the United States, yawned and chalked the reaction down as “mass hysteria,” over the concept of facial recognition.
Nevertheless, the Commissioner For Data Protection for the four-million strong city state of Hamburg in Germany charges that Facebook’s facial recognition technology might run afoul of European and German data protection laws.
In a Tuesday letter to Facebook, Hamburg’s Data Protection Commissioner John Caspar charged that Facebook is sitting on what is likely “the world’s largest database of biometric information given that users have uploaded an estimated 75 billion photos to the social-networking site and tagged 450 million people,” according to PCMag.
PCMag’s Chloe Albanesius:
In the EU, the Data Protection Directive of 1995 requires that people give their consent to the use of their data. Companies that process personal data must tell users about how their information is being used and whether it is passed on to other companies or individuals. The data protection agencies within the EU are responsible for monitoring and enforcing this directive, according to a European Commission spokesman.
But what if the entity doing the uploading is your friend, and Facebook is merely providing an automated tool to help them identify you, so that they can show all their friends that you helped them celebrate their birthday?
It’s not clear how EU privacy laws are going to be able to allow the peer-to-peer world of social networking flourish, and as the networks grow and add more features, this clash between innovative new services and apparently dated regulations is sure to become a recurring theme.
For its part, facial recognition on the web seems to be gaining traction, with Google buying facial recognition technology company PittPatt last week.
So this is an issue — whether based on substance or perception — that any other social media company will watch closely.
TPM asked Andrew Noyes, a Facebook spokesman, how the company intends to respond to the Hamburg Data Commissioner’s charges. He said they’re looking into it.
“We will consider the points the Hamburg Data Protection Authority have made about the photo tag suggest feature, but firmly reject any claim that we are not meeting our obligations under European Union data protection law,” he wrote in an e-mail. “We have also found that people like the convenience of our photo tag suggest feature which makes it easier and safer for them to manage their online identities.”
