Facebook is dropping its controversial facial recognition feature, for European users at least, following a privacy backlash from users and regulators.
But it may not be long before it returns..
The social networking giant has agreed to suspend facial recognition in Europe, following demands by the European Union on the social network to improve its customer privacy protection.
Facebook removed access to its “Tag Suggest” feature at the request of Ireland’s Data Protection Commissioner (DPC).
That controversial feature matches the faces in photos posted to Facebook with users, making it easier for Facebook users to identify individuals pictured in photographs they upload to the site.
The DPC was charged with reviewing Facebook’s privacy practices to determine whether they were in-line with EU data privacy laws. An audit completed by the agency in December, 2011, recommended 45 changes to the social network’s features to improve user privacy protections.
The audit followed a public uproar after an Austrian student, Max Schrems, requested a copy of the data that Facebook stored about him.
Schrems received a 1,200 page document that suggested the company was collecting awide range of information about users without their consent, and holding onto information – photos and comments – that users had been led to believe were deleted.
Among the data retained by Facebook were photo tags – many attributed without the subject’s consent using automated facial recognition technology embedded in Facebook’s service.
That feature, dubbed “Tag Suggest” came under scrutiny in the DPC audit, with the Irish agency arguing that Facebook needed to give users the option of opting out of the Tag Suggest feature.
During negotiations, the European Commission further issued Article 29, a ruling on the use of facial recognition and other biometric technology in mobile devices.
During negotiations with the DPC, Facebook disabled the feature for EU users.
In a report issued Friday, the DPC said that Facebook had relented on Tag Suggest: adding prominent notices to users about the feature and giving them the option of easily disabling use of it with their facial profile. Further, the DPC asked Facebook to delete collected facial profiles on EU users by October 15.
The 74 page report, signed by DPC Deputy Commissioner Gary Davis, found that Facebook had largely complied with the DPC’s recommendations on a range of issues: making its privacy policies more transparent, limiting the extent to which user-generated data can be used in targeted advertising and making it easier for users to permanently delete data such as tags, wall posts, friend requests and pokes from the network.
A statement given by the social network to TechCrunch makes clear that it’s unlikely to be long before facial recognition returns for European users, with agreement from European regulators:
"It's worth us reiterating that once we have a agreed an approach on the best way to notify and educate users with the DPC, we hope to bring back this useful tool."
Meanwhile, German regulators have demanded that Facebook complies with laws in the country, and can only create and store biometric profiles (such as those used by its facial recognition feature) with the consent of users:
"The company has to make sure that biometric profiles of its already registered users will only be created and stored with their active consent. Additionally, users have to be informed about risks of the practice in advance."
In June 2011, Naked Security revealed how Facebook had changed the privacy settings for millions of its users, without requesting prior permission – enabling facial recognition.
Facebook has run afoul of privacy advocates in both the United States and the European Union before, of course.
In November, 2011, the social network reached a settlement with the US Federal Trade Commission over charges that it deceived users about how data they stored on Facebook’s servers would be shared and made public.
That settlement also required Facebook to make its data sharing practices more transparent to users.
However, the EU generally has stronger consumer protections than the US and regulators there were wary of a number of practices, including how data might be shared between applications running on Facebook’s platform.
In its agreement with the EU, Facebook – in almost every case – agreed to comply with EU best practices, at least for data held about EU customers.
Mannequin image from Shutterstock.