Loek Essers
PC World
August 30, 2013
A German privacy regulator is astonished that Facebook has added facial recognition to a proposed new privacy policy it published on Thursday.
“It is astonishing to find the facial recognition again in the new proposed privacy policy that Facebook published yesterday. We therefore have directly tried to contact officials from Facebook to find out if there is really a change in their data protection policy or if it is just a mistake of translation,” Hamburg Commissioner for Data Protection and Freedom of Information Johannes Caspar said in an email on Friday.
The Hamburg data protection commissioner, already at odds with Facebook over its use of face recognition technology, reopened its proceedings against the company in August last year, telling the company to either obtain explicit consent for face recognition from users, delete the data, or face a lawsuit, Caspar said at the time.
Facebook turned off facial recognition for all European users in September last year, and said it would delete all face recognition templates for existing users in Europe.
The German commissioner stopped its proceedings against Facebook in February, when it confirmed that the company had deleted the facial recognition data gathered on German users without their consent.
Turning on facial recognition again in Germany might be illegal, Caspar said, adding that it depends on how Facebook implements it. The social network should ask for the explicit and informed consent of the user, Caspar said.
“That means that there has to be offered an opt in for users,” he added.
Facebook initially deleted the face recognition data in response to recommendations from the Irish Data Protection Commissioner that it adjust its privacy policy. The company’s Irish subsidiary is responsible for the data of users outside the U.S. and Canada, and therefore falls under the jurisdiction of the Irish DPC, which also confirmed independently that Facebook had deleted the face recognition data .