Facebook discontinues facial recognition software in Europe after a review by the Irish Data Protection Commission.
Facebook has turned off its facial recognition software for European users after an investigation by regulators found that it was a threat to users’ privacy.
The company’s European arm, which handles user data outside the US and Canada, came under review by the Irish Data Protection Commission (DPC) due to concerns raised by the photo-tagging tool last year. Because the company’s European headquarters are based in Ireland, they are required to adhere to Irish law regarding data protection and user privacy.
The facial recognition software is designed to help users identify and tag people they know in photos. The system was introduced for the first time last year on an opt-out basis, meaning it was turned on by default and users had to manually opt out of the system if they didn’t want Facebook to identify them in pictures.
According to British news outlet the BBC, Richard Allan, Facebook director of policy for Europe, Middle East and Africa, said:
“The EU has looked at the issue of securing consent for this kind of technology and issued new guidance. Our intention is to reinstate the tag-suggest feature, but consistent with new guidelines. The service will need a different form of notice and consent.”
“When you think of the very wide ranging investigation the DPC carried out into Facebook, they looked at every aspect of our service, and our overall scorecard is very good. In the vast majority of areas the DPC looked into, they found we are behaving in a way that’s not just compliant but a reasonable model for good practice.”
He also added that the facial-recognition tool didn’t generate revenue for Facebook, nor did it cause many user complaints.
After the service was launched, the Data Protection Commissioner of Ireland issued a number of recommendations regarding Facebook’s changes in December 2011, giving the company six months to comply.
As part of these recommendations, the Data Commissioner didn’t request the total removal of the tool. However, he said he was encouraged by the decision to switch it off completely for users in Europe by 15th October, stating Facebook “is sending a clear signal of its wish to demonstrate its commitment to best practice in data protection compliance”. The service is also now unavailable to new users.
Other recommendations revolved around transparency about how Facebook users’ data is utilized by the company, and how they are targeted by advertisers.
Since Facebook announced it was switching off its facial recognition tool, the DPC announced that there are still some areas Facebook needs to work on, and that they have requested another update from the social networking site in four weeks’ time.
These areas include Facebook’s photo deletion policy, and whether photos marked for deletion were actually being deleted within the 40-day time period as required under Irish Data Protection law. The DPC are also concerned about inactive and deactivated accounts, and believe Facebook should contact inactive users after a certain period of time to see whether they still want their account.
“There were a number of items on which progress was not as fully forward as we had hoped and we have set a deadline of four weeks for these matters to be brought to a satisfactory conclusion,” Deputy Commissioner Bill Hawkes said. “It is also clear that ongoing engagement with the company will be necessary as it continues to bring forward new ways of serving advertising to users and retaining users on the site.”
Facebook could be fined up to £80,000 if it doesn’t comply with the latest recommendations within four weeks.