Facebook Inc. (FB) agreed to delete data collected from users within the European Union for its facial- recognition feature by Oct. 15, the Irish privacy regulator said.
The owner of the biggest social-networking site has faced several European reviews over concerns a facial-recognition program that automatically suggests people’s names to tag in pictures breaches privacy rights.
Facebook Ireland “agreed to delete collected templates for EU users by Oct. 15†and to seek regulator consent “if it chooses to provide the feature to EU users again,†the Irish Office of the Data Protection Commissioner said in the conclusions to a review today.
Data-protection regulators from the 27-nation EU have been looking into Facebook’s facial-recognition feature. Norway’s data-protection regulator said in August it was reviewing how the feature worked and what information Facebook was storing. Earlier this year, a group of regulators known as the EU’s Article 29 Data-Protection Working Party, said people must consent to the use of their images.
The Irish audit “is part of an ongoing process of oversight, and we are pleased that, as the data-protection commissioner said, the latest announcement is confirmation that we are not only compliant with European data-protection law, but we have gone beyond some of their initial recommendations,†Facebook said in an e-mailed statement.
Hamburg Order
The Commissioner for Data Protection in Hamburg, Germany, today issued an “administrative order†that Facebook can only create and store biometric profiles with the consent of users, including existing ones, for its facial recognition feature.
The continued retention of user biometrics “is now fully dealt with as Facebook is agreeing to delete all such data†by Oct. 15, Gary Davis, Ireland’s deputy data-protection commissioner, said today. “From that date, there will be no data processed in the EU in relation to this feature.â€
Data protection is currently policed by separate regulators across the EU. The bloc’s executive body wants to simplify the system so companies deal with only one data-protection regulator in the region.
The company’s progress on “a wide range of best-practice improvements†was reviewed as part of on-site audits by the Irish regulator in May and July. An agency report in December urged Facebook to increase transparency and controls on using personal data for advertising and to delete user data sooner.
The Irish agency today said Facebook had demonstrated “a constructive approach†in responding to its recommendations.
Reviewing Compliance
Facebook Ireland provides service to the Palo Alto, California-based company’s users outside the U.S. and Canada, according to the agency, which in 2011 began reviewing Facebook’s compliance with Irish and EU data-protection rules.
The German watchdog in August resumed a separate probe into the social network’s facial-recognition features after suspending it two months earlier pending the Irish audit.
Johannes Caspar, the Hamburg regulator, said in a phone interview today that Facebook must comply with German law, regardless of any agreement with the Irish regulator. He added that his office hadn’t been told of the agreement with the Irish agency and that if Facebook’s concessions to the Irish are enough to fulfill the Hamburg order, “then all is fine.â€
The Irish data regulator’s capabilities were put to the test last year when an Austrian law student made 22 complaints about Facebook’s compliance with EU privacy rules, such as the company keeping photos on its servers after they’d been deleted. The Irish agency conducted the investigation because Facebook’s European headquarters are located in Dublin.
The agency said today’s report “does not involve formal decisions by the office on the complaints it has received in relation to†Facebook Ireland. “The audit has taken account of the substantive issues raised in these complaints and it can be expected that at least some of these issues will have been dealt with to the satisfaction of the complainants.â€
To contact the reporter on this story: Stephanie Bodoni in Luxembourg at sbodoni@bloomberg.net
To contact the editor responsible for this story: Anthony Aarons at aaarons@bloomberg.net
No comments:
Post a Comment