Facebook Turns Off Facial Recognition In The EU, Gets The All-Clear On Several Points From Ireland’s Data Protection Commissioner On Its Review

Next Story

Chinese Ecommerce Giant Alibaba Spins Off Aliyun Mobile OS Team, Puts $200M In Their Pockets

The ongoing investigation into Facebook’s transparency on user data and privacy by Ireland’s Data Protection Commissioner has come to a positive conclusion for the social network. The DPC, whose decisions had wider-ranging implications for all of Facebook’s business in Europe, had made several recommendations earlier in the year to bring Facebook’s policies in line with that of data protection regulations in the region. And it has now officially announced that “the great majority of the recommendations have been fully implemented to the satisfaction of this Office.” Key to Facebook’s success is that it is turning off its facial recognition features, also known as “Tag Suggest”: This feature has already been turned off for new users in the EU, the DPC notes, “and templates for existing users will be deleted by 15 October.”

The full, 74-page report is here and also embedded below.

Facebook had been the subject of a months-long investigation into its practices after complaints first raised in 2011 by a user group in Austria. The case has been handled in Ireland because this is the location of Facebook’s international headquarters, and has been through a few turns already where the DPC has laid out terms, and Facebook has responded, more than once.

The DPC says today’s report is the result of evaluations it made through the first half of 2012 and on-site at Facebook’s HQ in Dublin over the course of two days in May and four in July.

The DPC says FB has made just about all of the improvements it requested in five key areas: better transparency for the user in how their data
 is handled; user control over settings; more clarity on the retention periods for the deletion of
 personal data, and users getting more control over deleting things; an improvement in how users can access their personal data; and the ability of Facebook to be able to better track how they are complying with data protection requirements.

There is one area where Facebook is marked as “unchanged” in the list of items up for investigation: in the case of data collected from social plug-ins (apps) for purposes of targeted advertising. (It doesn’t do that.)  And there are a couple of other areas that Facebook says it will have modified in the next four weeks, such as its cookie policy and how it clarifies to users of its Android app that when they stop synching data it doesn’t delete data that had been synched in the past; and still others where the changes are ongoing (eg in how the company complies with new regulations).

But most of all, the Irish Data Protection Commissioner, Billy Hawkes, appeared particularly satisfied with the outcome of the Suggest Tag/facial recognition feature. “I am particularly encouraged in relation to the approach 
[Facebook] has decided to adopt on the tag suggest/facial recognition feature by in 
fact agreeing to go beyond our initial recommendations, in light of
developments since then, in order to achieve best practice,” he said in a statement.

With that feature disappearing for now, however, it will be interesting to see how and whether Facebook implements facial recognition technology in the region in the future from Face.com, the startup it acquired earlier this year, reportedly for up to $60 million.

Update: And here’s a Facebook spokesperson’s positive response to the DPC report:

“As our regulator in Europe, the Irish Office of the Data Protection Commissioner is constantly working with us to ensure that we keep improving on the high standards of control that we have built into our existing tools.

“This audit is part of an ongoing process of oversight, and we are pleased that, as the Data Protection Commissioner said, the latest announcement is confirmation that we are not only compliant with European data protection law but we have gone beyond some of their initial recommendations and are fully committed to best practice in data protection compliance.”

He also notes that FB will be revisiting facial recognition when it figures out how to square it with the regulators:

“It’s worth us reiterating that once we have a agreed an approach on the best way to notify and educate users with the DPC, we hope to bring back this useful tool.”