Facebook facial recognition breaks EU law – regulator
- Reduce text size Decrease text size
- Increase text size Increase text size
- Print article Print
- Jump to comments Comment
- Share this article Share
- Email article to a friend Email
State of Hamburg's data protection regulator is preparing legal action against social networking giant over its use of facial recognition without consent
Facebook's use of facial recognition software break EU privacy laws because it collects biometric data without user consent, according to the state of Hamburg's data protection regulator
The site uses facial recognition software to identify people in uploaded photographs and make suggestions for name tags to be associated with those photos.
The office of the Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI) has argued that this function requires a comprehensive database containing the biometric characteristics for every user. As it operates on an opt-out basis, Facebook does not have explicit consent to collect this data, it said.
"Facebook has introduced this function in Europe without informing users and acquiring the necessary consent. Unambiguous consent from those affected is required by the European as well as the German data protection law," the regulator said in a statement.
The HmbBfDI said that Facebook has not complied with its demands to bring their automatic face recognition function in line with European and German data protection regulations.
"For users whose biometric facial characteristics have already been incorporated into the database operated by Facebook, this consent needs to be acquired retrospectively," said commissioner Johannes Caspar. "Facebook is obviously not prepared to take this step/"
"The preliminaries for legal action are now being prepared," the HmbBfDI said.
Facebook has denied the allegations. "We believe that any legal action is completely unnecessary," the company told German newspaper Deutsche Welle. "[The] tag suggest feature on Facebook is fully compliant with EU data protection laws."
Facebook's privacy practices are also under investigation by Irish data protection agency following a complaint made by an Austrian law student about the company's privacy practices. Max Schrems claims to have discovered that Facebook holds personal data even after the user has deleted. He took his complaint to the Irish DPA as Facebook's European headquarters are located in Dublin.
