September 25, 2012 -
The Irish privacy regulator said late last week that Facebook had agreed to remove biometric facial recognition data collected from its user base within the European Union.
The social networking giant will delete all data collected from its facial recognition feature for its European users by October 15.
Bill Hawkes, Ireland’s Data Protection Commissioner, said he is gratified that Facebook will seek compliance with European Union privacy regulations and said in a statement that Facebook “is sending a clear signal of its wish to demonstrate its commitment to best practice in data protection compliance”.
Facebook’s Irish subsidary, which is responsible for all Facebook operations outside of Canada and the United States, has been working with the Irish privacy regulator on a continuing privacy audit to ensure compliance with Irish and EU data-protection rules.
“The EU has looked at the issue of securing consent for this kind of technology and issued new guidance,” said Richard Allan, Facebook director of policy for Europe, Middle East and Africa. “Our intention is to reinstate the tag-suggest feature, but consistent with new guidelines. The service will need a different form of notice and consent.”
“When you think of the very wide ranging investigation the Data Protection Commissioner carried out into Facebook, they looked at every aspect of our service, and our overall scorecard is very good. In the vast majority of areas the DPC looked into, they found we are behaving in a way that’s not just compliant but a reasonable model for good practice,” Allan added.
The Irish privacy regulator said Facebook had demonstrated “a constructive approach” in responding to its recommendations. Facebook however will still have to contend with other privacy regulators within the EU. Norway’s data regulator said in August that it was reviewing Facebook’s data collection and storage practices. And as reported earlier this summer in BiometricUpdate.com, German data privacy authorities re-opened a probe into Facebook and its use of biometric facial recognition technology to determine whether the company was violating privacy protection laws in Europe.
That country has demonstrated a continued determination to continue its investigation, as the
Commissioner for Data Protection in Hamburg on Friday issued an “administrative order” that Facebook can only create and store biometric profiles with the consent of users, including existing ones, for its facial recognition feature.
The investigation is line with the policy direction of a group of regulators known as the EU’s Article 29 Data-Protection Working Party, who said earlier this year that people must consent to the use of their images. The Hamburg privacy office also affirmed on Friday that Facebook must comply with German law or face sanction.