Facebook accused of facial recognition privacy violations in EU and US
Facebook is facing privacy challenges on both sides of the Atlantic, as the launch of limited tests of an opt-in system for its facial recognition technology in Europe has drawn criticism, while a coalition of privacy advocacy groups in the U.S. has filed a complaint against the technology’s use with the Federal Trade Commission (FTC), which is investigating the company’s practices, Politico reports.
The company previously said it would roll out facial recognition opt-in tests ahead of the launch of GDPR on May 25, as the company seeks to establish a uniform set of controls and settings for users around the world, but the feature’s legality has not been established. European regulatory authorities have asked Facebook whether facial images of all European users would be scanned, and not have not yet received a reply from the company, according to Politico.
“The issue of compliance of this feature with the GDPR is therefore not settled at this point,” said a spokesperson for the Irish privacy regulator, Graham Doyle.
According to Simon McGarr, director of consultancy Data Compliance Europe, it is clear how it will eventually be settled. “Facebook is, by design, running facial recognition on people who have explicitly not given their consent. They have no legal basis for doing that.”
More than a dozen groups including the Electronic Privacy Information Center (EPIC) have filed a complaint with the FTC (PDF) alleging that Facebook’s facial recognition practices threaten user privacy and violate its 2011 Consent Order from the FTC demanding “affirmative express consent before sharing their previously-collected information with third parties in any way that materially exceeds the restrictions imposed by their privacy settings.”
“The scanning of facial images without express, affirmative consent is unlawful and must be enjoined,” the groups wrote.
The FTC has confirmed that it has begun “an open non-public investigation” into Facebook.
Facebook recently won a legal victory over a non-user alleging privacy violations under Illinois’ BIPA, but faces an upcoming trial in a separate BIPA suit.