Home > Web > Germany says Facebook facial recognition violates…

Germany says Facebook facial recognition violates EU privacy laws

Facebook suggested tags

Facebook raised some eyebrows when it took its facial recognition and tagging feature global earlier this year, automatically scanning images uploaded to Facebook and tagging them with users’ presumed identities unless users specifically navigate through the site’s myriad private settings and opt out. Now, German says that’s not good enough: Hamburg’s data protection authority Johannes Caspar has issued a warning to Facebook (PDF, German) that it could reportedly face fines of up to €300,000 unless it stops running facial recognition on Germany users by default and deletes biometric data associated with them.

German regulators have no problem if German Facebook users want to opt into the feature voluntarily, but are concerned that the biometric data being amassed by Facebook could be abused or fall into the wrong hands.

The story was first reported by the UK’s The Guardian, which also reports the Hamburg Data Protection Authority has “repeatedly” asked Facebook to stop its facial recognition feature.

Facebook’s facial recognition feature has also drawn fire from the Electronic Privacy Information Center and other consumer advocacy groups concerned about the privacy implications of the feature. They note that the feature likely gives Facebook the largest collection of labeled facial photographs on the planet, and the feature’s opt-out design means the company can be collecting biometric information about members without their informed consent.

Regulators in the United States, European Union, Ireland, and the UK have also indicated concerns with the feature.

Facebook enables users to opt out of letting the site “suggest photos of me to friends.” If users want Facebook to delete biometric data associated with them, they need to to go through Facebook’s automated “contact us” feature.

Facebook has consistently maintained its facial recognition feature does not violate European Union data protection laws.