Facebook's face recognition raises privacy complaints

By EDRi · June 15, 2011

This article is also available in:
Deutsch: [Besorgnis über Facebooks Gesichtserkennung | http://www.unwatched.org/EDRigram_9.12_Besorgnis_ueber_Facebooks_Gesichtserkennung?pk_campaign=edri&pk_kwd=20110623]

Facebook has again been criticised by privacy advocates for its facial
recognition feature that has recently been added to the social networking
service, world-wide, without any previous announcement to its users.

Facebook users have the possibility to ‘tag’ themselves and their friends in
the photos they upload to the site with pop-up captions that identify the
people in the respective pictures. The new face recognition feature, which
was launched in 2010 in US, now suggests automatically the names of people
featured in photos uploaded by users.

“Once again, Facebook seems to be sharing personal information by default,”
said Graham Cluley of IT security firm Sophos who added: “Many people feel
distinctly uncomfortable about a site like Facebook learning what they look
like, and using that information without their permission. (…) Most
Facebook users still don’t know how to set their privacy options safely,
finding the whole system confusing. It’s even harder though to keep control
when Facebook changes the settings without your knowledge. (…) The onus
should not be on Facebook users having to ‘opt-out’ of the facial
recognition feature, but instead on users having to ‘opt-in’. Yet again, it
feels like Facebook is eroding the online privacy of its users by stealth.”

Facebook replied that the users could alter their settings so that their
name would not be suggested for tagging. Beth Givens, director of the
Privacy Rights Clearinghouse, considered that Facebook should have rather
included an “opt-in” system for its users rather than applying an automatic
tagging, letting them decide if they wanted the feature in the first place.

The Electronic Privacy International Center (EPIC) has organised a complaint
to the Federal Trade Commission in the US and asked several other privacy
groups to sign it. Marc Rotenberg, president of EPIC, said the system raised
questions related to personally identifiable information, such as email
addresses, that would be associated with the photos in Facebook’s database.

The UK Data Protection Authority (Information Commissioner’s Office – ICO)
also made an official statement on the matter asking Facebook to tell users
how they use personal information stored about them. “The privacy issues
that this new software might raise are obvious and users should be given as
much information as possible to give them the opportunity to make an
informed choice about whether they wish to use it. We are speaking to
Facebook about the privacy implications of this technology,” the ICO said.
Facebook’s new feature will be studied by ICO, but also by the Article 29
Working Party.

“Tags of people on pictures should only happen based on people’s prior
consent and it can’t be activated by default,” said Gérard Lommel, a
Luxembourg member of the Working Party who added that automatic tagging
suggestions “can bear a lot of risks for users” and the European data
protection officials would “clarify to Facebook that this can’t happen like

Having in view the reactions, Facebook admitted it had not handled the
situation properly. “We should have been more clear with people during the
roll-out process when this became available to them,” was the company
statement of 8 June. The company has added an option letting users opt out
of the new feature, though it did not alert them when the new feature took
effect or when the option was added.

Facebook hit by privacy complaints (9.06.2011)

Data protection watchdogs to probe Facebook about its use of facial
recognition technology (9.06.2011)

Facebook ‘Face Recognition’ Feature Draws Privacy Scrutiny (8.06.2011)

Facebook criticised for not telling users about new facial recognition
feature (8.06.2011)

Facebook in new privacy row over facial recognition feature (8.06.2011)