Facebook's new facial-recognition feature is getting some unwelcome attention from privacy groups in the European Union and the U.S., the Los Angeles Times reported.
An EU data-protection and privacy group, the Article 29 Data Protection Working Party, said Wednesday that it was looking into possible privacy rule violations in the new Facebook feature, which uses facial-recognition software to suggest people’s names to tag in pictures without their permission, according to Bloomberg News. Privacy laws are strict in Europe, and the Article 29 group guides the work of national data-protection agencies in the EU, which have the power to punish companies that break them.
Gerard Lommel, a Luxembourg member of the Article 29 group, said: “Tags of people on pictures should only happen based on people’s prior consent and it can’t be activated by default.” Lommel added that automatic tagging suggestions “can bear a lot of risks for users.”
The "Tag Suggestions" software had been in a testing phase, but was rolled out internationally on Tuesday, according to a post on Facebook. When a Facebook user adds a photo to his or her page, the feature uses facial-recognition software to suggest names of people in the photo to tag based on previous identifications in other pictures, Bloomberg explained. Before the feature was rolled out, users could tag pictures manually without permission from their Facebook friends.
The feature made its debut on Facebook in the United States six months ago, according to AFP, but came under scrutiny this week after a blog post by Graham Cluley of the security firm Sophos.
Cluley objected to the enabling of the photo tagging feature without giving users notice. Not only that, he pointed out, it is an automatic opt-in instead of an opt-out process, meaning users were included unless they specifically changed their settings.
"The tagging is still done by your friends, not by Facebook, but rather creepily Facebook is now pushing your friends to go ahead and tag you," Cluley said.
"Facebook does not give you any right to pre-approve tags," he said. "Instead the onus is on you to untag yourself in any photo a friend has tagged you in. After the fact."
"Many people feel distinctly uncomfortable about a site like Facebook learning what they look like, and using that information without their permission," he continued.
"The onus should not be on Facebook users having to 'opt-out' of the facial recognition feature, but instead on users having to 'opt-in,' Cluley said..
The EU data-protection group is not the only one that is scrutinizing Facebook's new feature. Ireland's data-protection authority is looking into privacy aspects of the feature, and the U.K.’s Information Commissioner’s Office is “speaking to Facebook” about the issue, said Greg Jones, a spokesman for that group, Bloomberg News said. And the Electronic Privacy Information Center, based in Washington, D.C., also reacted to the facial-recognition software, saying Wednesday that it planned to file a complaint with the U.S. Federal Trade Commission, according to the Los Angeles Times:
"We think the facial recognition feature raises real questions about what sort of data Facebook is collecting from its users and from its users' photographs," said John Verdi, senior counsel at EPIC. "And it also raises questions about what Facebook does with this user data once it collects it and who else is accessing that data after it's collected."
The social networking site said on Wednesday that it could have handled the launch a lot better, according to PC World. Facebook said that it should have been clearer with users as to when the feature was enabled on their accounts, and it said that it planned to make any future announcements on functionality or rollout on its blog. The feature is active by default on existing users’ accounts, and Facebook explains on its blog how people can disable the function if they don’t want their names to be automatically suggested for other people’s pictures, Bloomberg said.