By EDRi

This article is also available in:
Deutsch: [Facebook gibt Gesichtserkennungsfunktion in Europa auf | https://www.unwatched.org/EDRigram_10.18_%20Facebook_gibt_Gesichtserkennungsfunktion_in_Europa_auf?pk_campaign=twun&pk_kwd=20121008]

Following pressure from Data Protection offices in EU, Facebook has
decided to give up the controversial face recognition feature in EU.
The feature used by Facebook was taking information given by users when
tagging friends’ faces in photo, with the declared purpose to make
suggestions on tags for future images, thus making the process simpler
and faster.

This comes as a result of the work of the Irish Data Protection
Authority (Office of the Data Protection Commissioner of Ireland – DPCI)
which, in December 2011, performed an audit assessing Facebook Ireland’s
(FB-I) compliance with the Irish Data protection law as well as the EU
law and made a series of recommendations to Facebook.

On 21 September 2012, DPCI issued the outcomes of its Review
Implementation of Audit Recommendations finding that most
recommendations by the Audit had been met by the company, most notably
the turning off of the face recognition feature.

At the same time, DPCI gave Facebook four weeks to solve the remaining
issues that are still to be met. Among other things, Facebook has been
asked to provide more detailed information about the use of the “fr”
cookie and to explain the consent collected for this cookie. It has also
been asked to introduce a “robust process” to “irrevocably delete user
accounts and data upon request within 40 days” of being notified and to
address the concerns regarding the possibility of targeted advertising
utilising sensitive data on the network.

“I am satisfied that the Review has demonstrated a clear and ongoing
commitment on the part of FB-I to comply with its data protection
responsibilities by way of implementation or progress towards
implementation of the recommendations in the Audit Report. I am
particularly encouraged in relation to the approach it has decided to
adopt on the tag suggest/facial recognition feature by in fact agreeing
to go beyond our initial recommendations, in light of developments since
then, in order to achieve best practice. This feature has already been
turned off for new users in the EU and templates for existing users will
be deleted by 15 October, pending agreement with my Office on the most
appropriate means of collecting user consent. By doing so it is sending
a clear signal of its wish to demonstrate its commitment to best
practice in data protection compliance,” said Billy Hawkes, the Irish
Data Protection Commissioner.

Facebook declared it intends to re-introduce the tag feature in the
future, but it would do that under new guidelines and, according to
Billy Hawkes, the tool would only return if Facebook agreed on the “most
appropriate means of collecting user consent”.

Report of Review of Facebook Ireland’s Implementation of Audit
Recommendations Published – Facebook turns off Tag Suggest in the EU
(21.09.2012)
http://dataprotection.ie/viewdoc.asp?DocID=1233&m=f

Facebook Ireland Ltd – Report of Re-Audit (21.09.2012)
http://dataprotection.ie/documents/press/Facebook_Ireland_Audit_Review_Report_21_Sept_2012.pdf

Facebook given 4 weeks to FULLY SATISFY Irish data commissioner –
Review mainly leads to whiskey doubles all round (21.09.2012)
http://www.theregister.co.uk/2012/09/21/irish_data_protection_commissioner_facebook_review_following_2011_audit/

Facebook abandons face recognition within the EU (only in French,
updated 24.09.2012)
http://www.01net.com/editorial/573553/facebook-abandonne-la-reconnaissance-faciale-au-sein-de-lue/

Facebook to switch off controversial facial recognition feature
following data protection concerns (22.09.2012)
http://www.dailymail.co.uk/news/article-2207098/Facebook-switch-controversial-facial-recognition-feature-following-data-protection-concerns.html