Facebook deleting facial recognition: Five reasons to take it with a pinch of salt

Voluntary self-regulation from tech giants is superficial and no replacement for actual legislation

By EDRi · November 4, 2021

On Nov. 2 , the company formerly known as Facebook announced that by the end of the year, it will delete the entire database of facial templates used for automated photo tagging on the Facebook app. Yes, that Facebook – the notorious social media platform most recently in the news for a major whistleblowing scandal and a subsequent change of company name from Facebook to “Meta”.

Early reactions praised Facebook for this bold and surprising move. So, has Christmas come early in the digital rights world? Well, not so fast.

This move seems on the surface to be a good thing because it chips away at the group’s power and control over face data from around 13% of the world’s population. However, the reality is that things are not as rosy as Facebook would like you to think.

The latest Facebook announcement reveals exactly why voluntary “goodwill” self-regulation is superficial, and why we need strong EU rules in future legislation like the AI Act – as the Reclaim Your Face campaign demands.

Here are five pinches of salt for your reality-check on Facebook deleting facial recognition:

  1.  The Facebook app will delete a database containing the face templates (“faceprints”) of over a billion people, which underpin the facial recognition system used to flag when people’s faces appear in photos and videos, for example for tagging purposes. But what about the underlying algorithm (the eerily named ‘DeepFace’) that powers this facial recognition? According to the New York Times, Facebook stated that DeepFace algorithms will be retained, and the company is very much open to using them in future products.
  2. This means that whenever it suits their commercial interests, Facebook can flick the switch to turn their vast facial recognition capacity back on.
  3. The Meta group’s initial statement does not say whether or not the database is the group’s (or even the app’s) only database used for identifying people, or whether they have others. As Gizmodo points out, the commitment doesn’t affect other Meta companies, such as Instagram, which will continue to use people’s biometric data.
  4. Facebook have had a lot of bad press recently. So is this a convenient distraction to get praise from their long-time critics, the privacy community? It is probably also no coincidence that, as the Verge reports, this move comes after Facebook had to pay well over half a billion dollars in the US because the Face Recognition feature had been violating people’s privacy.
  5. Meta’s press release outlines a desire by the company to do more with face authentication. People’s biometric data is always sensitive, and we increasingly see how authentication can pose serious risks to people’s privacy and equality rights as well as to their access to economic and public services. Given Facebook’s sprawling plans for a “metaverse”, their privacy-invading RayBan glasses, and their track record of massive and systemic privacy intrusions, we cannot trust that they will only use face data in benign and rights-respecting ways.

At its core, the Facebook app’s business model is based on exploiting your data. Far from being an all-out win, this move to delete their face recognition database shows more than ever why we simply cannot rely on the apparent ‘goodwill’ of companies in the place of rigorous regulation. When companies self-regulate, they also have the power to de-regulate as and when they wish.

As Amnesty International’s Dr Matt Mahmoudi points out, the truly good news in this story is that the international pressure against facial recognition – thanks to movements like Reclaim Your Face and Ban The Scan – is making companies sweat. Mass facial recognition is becoming less socially acceptable as people become more and more aware of its inherent dangers. Much like IBM’s vague 2019 commitment to end general purpose facial recognition and Amazon’s recently-extended self-imposed pause on the Rekognition facial recognition for law enforcement, it is naive at best to expect that companies will sufficiently rein in their harmful uses of facial recognition and other biometric data.

Our digital future is being shaped as you read this article. #ReclaimYourFace has already influenced the EU’s debate on the AI Act, affecting wording of a “ban on biometric mass surveillance” in the draft law, gathering support from the EU’s top privacy regulators, several political groups in the EU Parliament, over 63.000 people and more than 60 civil society organisations. The movement has even been mentioned in the EU Commission’s AI Act impact assessment.

Will this pressure translate into strong EU laws that prevent companies like Facebook from experimenting with our faces for their financial gain? As negotiations on the AI Act heat up, only time will tell whether European leaders choose to put people or profit first.

The article was first published by Thomson Reuters Foundation News here.

Image credit: REUTERS/Dado Ruvic/File Photo

( Contribution by: )

Ella Jakubowska

Policy Advisor

Twitter: @ellajakubowska1