Security Experts:

Facebook Halts Facial Recognition in Europe

Facebook Ireland has disabled their tag suggestions, a feature that uses facial recognition technology, in order to comply with Irish Data Protection law, and by extension EU privacy laws. News of the change comes in a report published by the Office of the Data Protection Commissioner in Ireland last week.

The report says that Facebook has implemented several “best practice” recommendations made to them by the Data Protection Commissioner, particularly in the areas of “better transparency for the user, better user control over settings, and clear retention periods for the deletion of personal data or an enhanced ability for the user to delete items.”

Also noted, was the user’s right to ready access to their personal data, and Facebook Ireland’s ability to self-audit their compliance with Irish and EU data protection requirements.

“I am particularly encouraged in relation to the approach it has decided to adopt on the tag suggest/facial recognition feature by in fact agreeing to go beyond our initial recommendations, in light of developments since then, in order to achieve best practice. This feature has already been turned off for new users in the EU and templates for existing users will be deleted by 15 October, pending agreement with my Office on the most appropriate means of collecting user consent,” Irish Data Protection Commissioner, Billy Hawkes said in a statement.

The changes, at least in Ireland, take some of the heat off Facebook after the auto tagging feature sparked privacy fears across the globe when it was initiated last year.

One of the biggest problems with the feature wasn’t its main usage, it was the fact that user’s were automatically opted in to the facial recognition function. In the opinion of several privacy experts, the move forced users to opt out for privacy, instead of being assured of it from the start.

The feature has been taken offline completely in the EU. A full copy of the report is available here.

Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.