The Data Protection commissioner for the German state of Hamburg plans to file an injunction against Facebook in a U.S. court. The commissioner claims that Facebook’s facial recognition function, despite recent changes, violates European and German data protection regulations, his office announced Wednesday.
Commissioner Johannes Caspar regards it a violation that Facebook has collected personal biometric information of its users without their consent.
“Due to the immense potentials of misuses of biometric data, the explicit consent is a legal requirement for the collecting and processing of biometric data,” says a press release from the commissioner’s office.
In the summer of 2011, Facebook introduced face recognition technology in Europe on its site. Users have been given only an opt-out option, which is not easy to find on the site. Two months later, Caspar threatened legal steps, unless Facebook disabled the face recognition.
The commissioner is one of the leading forces challenging Facebook’s compliance with European privacy regulations.
The company stores user’s biometric profiles in a database, derived from the approximately 80 million photos that are uploaded by users daily. Biometric information, which Facebook simply calls “photo summary information,” is data on biological features, such as the distance between the eyes that can be used to identify individuals.
Whenever the software recognizes a person in a new photo, it suggests that person’s name to the user. Facebook says the idea is simply to make it easier for users to tag friends on their own photo albums and to share photos.
At then end of 2011, the commissioner had already prepared an injunction. Hoping an agreement could be reached between Facebook and the Irish Data Protection commissioner, who was also investigating the matter, Caspar put it on hold last June.
Facebook recently announced it would stop collecting new biometric data, but said it would not take more action until a final agreement is reached.
Caspar is demanding the company also delete all the existing data.
“Facebook is not entitled to stop their commitment halfway,” he said in the press release.
He would only stop the injunction, planned for the end of August, the moment Facebook complies with his stipulations.
“They are welcome to inform us about an acceptable method obtaining consent by the concerned users or to confirm the deletion of the collected facial data at any time,” Caspar added.
The Irish Data Protection commissioner completed a comprehensive audit (link PDF file) of Facebook’s compliance regarding privacy, published in December 2011. While the report did not find the facial recognition an illegal practice, the Irish commissioner strongly recommended Facebook “take additional steps … to ensure the consent collected from users for this feature can be relied upon.”
The Epoch Times publishes in 35 countries and in 19 languages. Subscribe to our e-newsletter.