Facebook’s facial recognition and the legal implications

August 9, 2011

Facebook facial photoEarlier this summer, Facebook quietly unveiled a new feature that recognizes who’s in an uploaded photo.

The feature accomplishes this by use of facial recognition software and Facebook’s massive photo database.

It isn’t as bad as it seems (yet).

The program is currently only about 31% effective, only a user’s friends are automatically tagged in photos upon upload, and users may opt out of the service.

Nevertheless, the feature is creating new Facebook privacy concerns, especially considering that the site turns on the program for all users by default, and continues to store the data collected by the program even after opt-out.

In fact, German data protection officials have requested that Facebook discontinue use of the software and delete any previously stored data.

Americans may be a bit perplexed as to how the German government can legitimately make this request.

This is because U.S. privacy law is quite undeveloped, at least on a national scale.

In Europe, however, this is not the case.

Europe’s history with fascist and communist governments has taught it to regard the protection of personal privacy highly, and European Union laws reflect that sentiment.

The E.U.’s Data Protection Directive is a major law in the area, and it requires that individuals consent to the use of their data.

It also requires companies that process personal data to inform users about how their information is being used and whether it is transmitted to other individuals or companies.

German officials equate the facial recognition software to biometric data, which is a fairly accurate assessment.

While the software is relatively inaccurate now, it will inevitably become increasingly precise.

Likewise, the ability to opt out doesn’t mean that Facebook can’t continue to analyze your photos after opt-out, it just means that you won’t be automatically tagged in photos.

Conceivably, it would be possible to be identified from a photo taken by anyone – from a random creep on the sidewalk to surveillance cameras at the grocery store.

No doubt Facebook will keep assuring its users that this data will be kept under lock and key; nonetheless, this data, like the rest of Facebook’s user data, will look extremely appetizing to law enforcement at all levels.

And just like the rest of Facebook’s user data, it won’t be difficult to obtain.

This kind of data is a bit different in one respect, though: the personal identifier isn’t one’s name, but his face.

Thus, law enforcement could potentially identify individuals from a single photograph, or even a police sketch.

Regrettably, the possible applications extend beyond areas of law enforcement.

Specifically, it could be used for marketing.

The software could be conceivably used to identify products, stores, restaurants, and brand logos that appear in photos with certain individuals, who could then be associated with the identified place or product.

Naturally, all of this information could easily be obtained by law enforcement.

Unfortunately, only so much of this could be controlled by a Facebook abstention.

Unless you want to constantly refuse to be photographed or incessantly tell your friends to not tag you like some kind of fanatic, it’s unavoidable to have your facial data collected to some degree.

So either Americans must make peace with the fact that more and more of their personal information will be collected and used by various corporate and government entities, or they follow Europe’s example and take steps to protect their privacy.

My guess is that Americans will eventually choose the latter.

The question is, how invasive will things get before that choice is made?