Under fire from regulators, Facebook agreed to switch off its face recognition feature for its users in the European Union, the Irish Data Protection Commissioner announced in a press release Friday.
“This feature has already been turned off for new users in the EU and templates for existing users will be deleted by 15 October,” Commissioner Billy Hawkes said in the release.
Face recognition allows Facebook to suggest name tags to users for photos uploaded on the site.
Following 22 complaints by an Austrian group against Facebook in August 2011, the commissioner conducted a comprehensive audit of the social networking site’s compliance with Irish and EU law, that was released in December 2011.
On Friday, Hawkes released a progress report examining how well Facebook has implemented the recommendations made by his office.
Since Facebook Europe headquarters are based in Dublin, the company is under jurisdiction of Irish law.
After Facebook introduced face recognition in Europe in 2011, data privacy regulators in Europe, notably in Germany, saw violations with EU regulations.
Johannes Caspar, the commissioner for data protection of the German state of Hamburg, threatened legal action for non-compliance several times unless Facebook switched off the function and deleted existing data.
The key demand by data regulators on a European level concerning facial recognition has been that Facebook had to ensure that users’ “consent can be relied upon,” the Irish report stated.
For its face recognition function to work, Facebook has been collecting users’ biometric profiles, derived from the approximately 300 million photos that are uploaded by members on a daily basis.
Biometric information, which Facebook simply calls “photo summary information,” is data on biological features, such as the distance between the eyes that can be used to identify individuals.
Whenever the software recognizes a Facebook-friend in a new photo, it suggests that person’s name to the user. Facebook says that the technology is designed to make it easier for users to share photos with each other.
According to European Union privacy rules, users need to have the right to actively opt-in, but when Facebook introduced the face recognition function users were not told that their biometric data was being collected.
Informed, active consent is a legal requirement, since face recognition poses “immense potential of misuses,” Caspar said in a press release in August.
“Additionally, users have to be informed about risks of the practice in advance,” Caspar said in a Friday’s press release.
The professional IT magazine CIO said, already in 2011, considering Facebook’s record of sharing private information with third parties, there is a concern that such a massive volume of biometric data could be utilized by government authorities to identify citizens.
Facebook had acquired Face.com, a company that specialized in face recognition in 2009, in order to build this feature into the social networking giant’s feature set.
Facebook has not yet announced when and how it will reintroduce face recognition in the EU. “We hope that we can soon make this great tool available to our European users,” the company said according to the German newspaper Das Handelsblatt.
While the review by the Irish Data Protection Commissioner found that that the “majority of the recommendations have been fully implemented to the satisfaction of this Office,” there is still work to be done. Within the deadline of four weeks, Facebook has to improve in areas of transparency, control settings, and retention of personal data, among others.