updated 05:28 pm EDT, Wed August 15, 2012
Social network's automatic tagging feature said illegal
German data protection officials have reopened an investigation into Facebook's facial recognition and automatic photo tag suggestion features, claiming that the features are illegal according to European law. The New York Times reports on the regulators claim that Facebook has failed to comply with their suggested changes to the social network's privacy policies, and Facebook could be subject to a fine in the case. The world's largest social network maintains that its methods are legal and that it is simply providing a service to increase the ease of tagging photos.
Facebook uses software to compile and analyze photo archives of human faces, suggesting possible tags when users upload new media. Users are automatically opted-in to the system, as Facebook assumes that they will want to use the facial recognition feature. Users are able to opt-out of the system, but they must actively do so.
Facebook's policy came under fire last year, when German officials opened an investigation into the site's photo collection efforts. The investigators recommended that users be excluded from the feature by default but presented with the option to activate the feature, so long as Facebook notified them and acquired explicit consent to create a digital file based on their faces' biometric data. Regulators closed the investigation earlier this year when it appeared that Facebook was complying with their recommendations.
Now, though, regulators are calling for Facebook to rid its database of any biometric information compiled in Germany and to revise its site to obtain explicit consent. They claim to have spoken several times with Facebook, but apparently no progress has been made in those talks.
Facebook maintains that it is not breaking EU law and that the company's Photo Tag Suggest feature is in compliance with EU data protection laws. The company received permission to proceed earlier from Irish officials, who found that Facebook could be in compliance with EU law simply by informing users of its biometric data collection practices. The German officials, though, have asked the Irish to reconsider their decision, and the Irish regulators are looking into Facebook's policies.
In March of this year, the European Union's top privacy advisory panel released an opinion that the collection of biometric data was illegal if performed absent explicit consent. Violation of this regulation carries a potential fine of up to €25,000, or about $30,000 in Germany, should Facebook refuse to delete its biometric database and change its practices. While this would represent a tiny fraction of Facebook's revenues, the image of the social network could suffer should it be widely publicized that it will not comply with privacy regulators.
Google, too, has brought its own facial recognition technologies on line for its own social layer. German regulators, though, are said to be more comfortable with Google's implementation, as users are required by default to opt-in to the feature.