Germany takes data privacy seriously. Having some of Europe’s strictest privacy regulations, American Internet giants such as Facebook and Google had to modify their services to meet Germany’s strict data protection laws.
In January, Facebook was forced to tone down its Friend Finder feature, a function that sends e-mails automatically to nonusers. In April, Google announced it would not take any more photos for its Street View service in German cities after having come into the cross hairs of the country’s regulators.
Germany traditionally takes a stronger stance on data privacy than most Western countries. This strict approach stems partly from its historical experience during the Third Reich and communist East Germany when data collection was misused by the regimes to suppress opposition and persecute individuals.
German data protection officials seek to prevent the storage of data on individuals that can be misused to "enforce domination and social control," says Johannes Caspar, data protection commissioner for the state of Hamburg.
Caspar has been the driving force among German regulators in their latest bid to see Facebook disable its face-recognition function for German users. On Wednesday, Caspar sent a letter to the company informing them that this function violates German and European data protection laws, and legal action would follow unless it switches off the function for users who do not approve.
A dictatorial regime could use the data to identify opposition leaders with a simple photo taken.
To make name suggestions possible, Facebook uses face-recognition software comparing previously stored photos that are tagged with the same names. For all the estimated 75 billion pictures that its users have uploaded, Facebook has created a database to store the necessary biometric information. Biometric information, which Facebook simply calls "photo summary information," is data of biological features, e.g. the distance between the eyes, that can be used to identify individuals.
Caspar sees in this function and the data storage that goes along with it "enormous potential for abuse" and therefore a threat to individual's security.
Caspar fears that the emergence of the "world's largest database for biometric features" has potential for gross misuse. In an interview with The Epoch Times, he describes a possible scenario where a dictatorial regime could use the data to identify opposition leaders with a simple photo taken and obtain more easily information about them.
Instead of approval by default, Caspar says "there has to be a decision" by the user.
At present Facebook defaults auto photo-tagging for all its users. One has to go through several steps in the privacy settings to opt out by switching off the suggest function (Search "photo suggest"). That means that the biometric data for hundreds of millions of users is stored automatically. For the biometric information to be deleted, the user has to contact the company (Search "summary information").
While Germany leads Europe regarding individuals’ data protection, the European Commission, the European Union's civilian service, stressed this month in a press release, "Consent must be given prior … [to] any new use of the data" and that a default setting in a social network site "cannot be inferred that this user has given his or her consent."
In 1998, the European Union enacted a set of strict online privacy rules, which far exceeds current U.S. regulations. With the EU justice commissioner demanding that all online companies operating in Europe comply with EU rules, and increasing calls within Washington to strengthen privacy laws, Europe's strong stance might have a lasting impact on Facebook and other American Internet companies.