Facebook facial recognition software violates privacy laws, says Germany

Facebook is threatened with legal action in Germany over its facial recognition software, which critics say violates privacy and data protection laws.

The tool runs all photos uploaded to the social networking site through a programme and identifies the user’s friends on each picture. There was an outcry when it was rolled out in June to more than 500m members worldwide, though users can opt out of the automatic tagging, Facebook can still gather and store (indefinitely) all photos added to the site.

Now Hamburg’s data protection official has written to Facebook to demand it stops running the facial recognition programme on German users and deletes any related data. Johannes Caspar said the German authorities would take action if Facebook did not comply and could face fines of up to €300,000 (£262,000).

“Should Facebook maintain the function, it must ensure that only data from persons who have declared consent to the storage of their biometric facial profiles be stored in the database,” he said. The software offered potential for “considerable abuse” and was illegal.

It’s not the first time multinational technology firms have hit problems in Germany, which takes online privacy much more seriously than many other countries. In April, Google said it would not be collecting any more pictures for its German Street View project. The decision followed a series of objections after the mapping of 20 German cities for the service, which takes pictures of every street and property within a municipality. Germany’s privacy laws generally restrict photographs of people and property except in public places, such as a sporting event, without a person’s consent.

“The legal situation is clear in my opinion,” Caspar told Wednesday’s Hamburger Abendblatt. “If the data were to get into the wrong hands, then someone with a picture taken on a mobile phone could use biometrics to compare the pictures and make an identification,” he said. Such a system could be used by undemocratic governments to spy on the opposition or by security services around the world. “The right to anonymity is in danger,” he said.

Caspar is backed by the federal consumer protection ministry. “We expect Facebook to comply with all European and German data protection standards and for it to respond to the request from the Hamburg regional data protection officer,” said a spokeswoman.

A Facebook spokeswoman told Spiegel Online the company was looking at Caspar’s request, but that it “firmly rejected any accusations that we are not complying with our obligations to European Union data protection laws”.

An estimated 75bn photos have been uploaded to Facebook since it was set up by Mark Zuckerberg as an online directory for Harvard University students in 2004.

Share and Enjoy

Germany Investigating Facebook Tagging Feature

BERLIN — A German regulator said Wednesday that he had asked Facebook, the social networking leader, to disable its new photo-tagging feature, which he warned could violate European privacy laws.

Johannes Caspar, the data protection supervisor in Hamburg, who has been aggressive in investigating the online practices of companies like Google and Apple, said he was concerned that Facebook’s facial recognition feature amounted to the unauthorized collection of data on individuals.

The software, called “suggested automatic tagging,” lets Facebook users assign digital name tags to people in their photographs. Photos that are uploaded later are scanned for physical features and can be tagged and stored.

In a letter sent Tuesday, Mr. Caspar said he had asked Facebook to disable the feature in Germany and respond in two weeks to his concerns. Under German law, the regulator could fine Facebook, which is based in Menlo Park, California, up to €300,000, or $426,000.

Mr. Caspar also confirmed that the Article 29 Working Party, the European Commission’s data privacy advisory panel, will determine whether tagging itself violates a user’s privacy. Mr. Caspar said he was coordinating his investigation with Jacob Kohnstamm, the chairman of the panel and the Dutch data protection authority.

Through a spokesman, Facebook rejected the regulator’s claim, saying the tagging feature, which ultimately gives the person in the photograph the final right to accept, reject or remove a tagging, conforms with European privacy law.

“We will consider the points the Hamburg Data Protection Authority have made about the photo tag suggest feature but firmly reject any claim that we are not meeting our obligations under European Union data protection law,” said a Facebook spokesman in Berlin, who declined to be identified, citing Facebook’s own company policy on not identifying its spokespeople.

The dispute is the latest between leading U.S. technology companies and European privacy regulators, especially in Germany, over the privacy ramifications raised by social networking, online mapping and location services tied to mobile advertising.

Last year, Google apologized to privacy officials around the world, and paid some fines, after it was revealed that Google’s roving Street View mapping vehicles were also collecting private data from unencrypted Wifi routers.

The disclosure was made during a German inquiry led by Mr. Caspar. Google attributed the systematic, unauthorized collection of individual data to a programmer’s error.

Apple, the maker of the iPhone, came under scrutiny in April in Germany after a computer expert revealed that the iPhone was compiling logs of user locations. The inquiry, which was led by privacy officials in Bavaria, was closed in June after Apple agreed to redesign the feature to address German privacy concerns, said Thomas Kranig, the head of the Bavarian data protection agency.

Mr. Kranig, in an interview, said Apple had attributed the unauthorized data collection to a programmer’s error and had redesigned iPhone software to give Germans the option to allow collection of location data.

In July 2010, Mr. Caspar started an investigation into Facebook over its Friends Finder feature, which allows Facebook to copy names and details from a user’s e-mail address book to find friends who are also on Facebook. Mr. Caspar said Facebook, besides finding friends, was also targeting non-Facebook users culled from the lists with solicitations to join its network.

That inquiry was closed, Mr. Caspar said, after Facebook agreed to change the Friends Finder application to let anyone contacted through the function decide in advance whether their data can be used by Facebook.

Despite its run-ins with privacy officials, Facebook has continued to grow in Germany, where it has more than 20 million users who log in at least once a month.

In a statement Tuesday, Mr. Caspar said that Facebook had built an archive of more than 75 billion photos, and 450 million people have been tagged worldwide.

“If they are collecting the data to build a digital archive of individual faces, then this is clearly a violation,” Mr. Caspar said.

The Facebook representative in Berlin said Facebook did not permanently store data on individual faces. But he could also not say how long Facebook kept the data.

Share and Enjoy