BERLIN â€" bowed to pressure from regulators in Europe on Friday and said it would discontinue an automated photo-tagging feature and delete a face-recognition database in which it had collected pictures of millions of Europeans.
The company, the world’s largest social networking site, said it was responding to legal concerns raised about its collection of data on its European members from regulators in Ireland, where Facebook has its European headquarters.
Facebook’s decision to withdraw the photo-tagging feature in Europe is a victory for the Continent’s privacy regulators, who have been fighting attempts by Google and other big Internet firms, typically American, to impose U.S.-style definitions of privacy on Europeans, who have greater legal control over their personal information.
For now the ramifications appear limited to Europe, though Facebook’s retreat on photo-tagging could embolden other countries to seek similar concessions.
Ulrich Börger, a privacy lawyer in Hamburg with the U.S. firm Latham & Watkins, said he was surprised by Facebook’s reversal because the company had consistently maintained that its practices were legal under European law.
“This definitely strengthens the European definition of online consent,†Mr. Börger said. “For Facebook to discontinue this feature, something that up until now had apparently been very important to them, is a big step.â€
The potential financial impact on Facebook is hard to gauge. But photos and photo tagging have been part of the company’s growth strategy, as evident from its $1 billion acquisition of the Instagram photo-sharing service in April.
The Irish Data Protection Commission had asked Facebook to amend the consent procedures it used in building a facial-recognition database, which allows the online service to recognize individuals in photos uploaded by Facebook users and then identify those individuals in photos elsewhere on the site.
Facebook said it planned to turn off its photo-tagging feature in Europe, and delete its database of facial-recognition files collected on European users, by Oct. 15. The company said it hoped to reintroduce an amended feature with tighter privacy and consent controls in Europe in the future.
In its statement, Facebook said it was going beyond suggestions made by the Irish authorities to shut off the service in Europe. “We will continue to work together to ensure we remain compliant with European data protection law as we innovate and create new products and features,†it said.
It was unclear how Facebook would discern which users of the service were Europeans, but most likely the company would rely on Internet protocol addresses. Facebook has about 235 million users in Europe out of 800 users globally.
Facebook had fought European opposition on photo tagging for more than a year but had been losing ground with national and E.U. regulators. In March, the ’s top privacy advisory panel, the Article 29 Working Party, said Facebook’s practice of collecting data violated E.U. law, which requires people to give explicit, educated consent to the practice.
Facebook had argued that if people did not object to being tagged in a photo â€" the company lets people block photos of themselves uploaded by others â€" then they were giving implicit consent to the postings and to the data collection necessary to do that.
But under pressure, the company began to relent this summer. In negotiations with the Irish regulator, Facebook offered to suspend the photo-tagging feature for new European users who had signed up for the service after July 1.
But the company’s huge database of facial files â€" it has never publicly disclosed how many people that represents â€" remained an issue in Germany, which has some of Europe’s strictest privacy laws. Regulators in the German states of Hamburg, Schleswig-Holstein, Rheinland-Palatinate and Bremen had either initiated or were investigating cases against Facebook over the service.
Given Facebook’s decision to end photo tagging in Europe and delete its database, the Hamburg data protection supervisor, Johannes Caspar, said he would probably revoke his administrative order.
“I frankly don’t think the company could have continued with its position for much longer without risking a serious amount of reputational damage,†Mr. Caspar said. “There was too much pressure on Facebook, not just here in Germany but around Europe.â€
Facebook chose to make its concession on the same day that the privacy regulator in Hamburg ordered the company to discontinue the photo-tagging suggest service or face a possible fine and legal sanctions.
Also on Friday, the Irish regulator released its 74-page audit of Facebook’s privacy practices.
The Irish report concluded that the company had complied with most of the agency’s requests, but said it had yet to fully meet requests for changes in four areas: improved user education, the deletion of a record of which plug-in applications an individual had downloaded or used, the verifiable deletion of Facebook accounts requested by users, and the minimization of targeted advertising based on words entered by users that could be considered personal in nature.
“Full implementation has not been achieved, but it is planned to be achieved by a specified deadline,†the Irish deputy data protection commissioner, Gary Davis, wrote in the report. “It is also clear that ongoing engagement with the company will be necessary as it continues to bring forward new innovations.â€
No comments:
Post a Comment