A D.C.-based privacy group has asked the Federal Trade Commission to examine Facebook’s facial-recognition technology.
The Electronic Privacy Information Center (EPIC) joined with the Center for Digital Democracy, Consumer Watchdog, and the Privacy Rights Clearinghouse to file a complaint with the agency, arguing that the facial-recognition software is “unfair and deceptive.”
EPIC wants the FTC to require Facebook to stop using the technology pending an investigation, as well as ultimately make it opt-in.
“Users could not reasonably have known that Facebook would use their photos to build a biometricdatabase in order to implement a facial recognition technology under the control of Facebook,” EPIC argued.
The organization said without FTC intervention, Facebook will “likely expand the use of the facial recognition database it has covertly established for purposes over which Facebook users will be able to exercise no meaningful control.”
Back in December, Facebook announced plans for facial-recognition technology intended to make it easier for people to tag photos of friends. Facebook said it would examine newly uploaded photos and compare them to other photos in which you or your friends are tagged in order to make tagging suggestions.
Last week, security firm Sophos expressed concern that facial recognition had been turned on by default. Users must go in and disable the service if they do not want to show up as “suggested tags” in their friends’ photos. Facebook acknowledged that it should have been more communicative about the service.
“We should have been more clear with people during the roll-out process when this became available to them,” a Facebook spokesman said in a Tuesday statement.
“As with any new technology, we would expect Facebook to be upfront about how people’s personal information is being used,” the U.K.’s Information Commissioner’s Office said in a statement. “The privacy issues that this new software might raise are obvious and users should be given as much information as possible to give them the opportunity to make an informed choice about whether they wish to use it. We are speaking to Facebook about the privacy implications of this technology.”
In the EU, the Data Protection Directive of 1995 requires that people give their consent to the use of their data. Companies that process personal data must tell users about how their information is being used and whether it is passed on to other companies or individuals. The data protection agencies within the EU are responsible for monitoring and enforcing this directive, according to a European Commission spokesman.
Though the Article 29 Working Party is independent of the European Commission, the commission will propose a reform of the data protection rules this year. “The challenges on data protection resulting from new technologies, such as cloud computing and social network sites, are one of the central reasons for this reform,” the spokesman said.
Here in the U.S., Rep. Edward Markey, a Massachusetts Democrat, expressed support for the EPIC filing. “The Federal Trade Commission should investigate this important privacy matter, and I commend the consumer groups for their filing. When it comes to users’ privacy, Facebook’s policy should be: ‘Ask for permission, don’t assume it,’” Markey said in a statement. “Rather than facial recognition, there should be a Facebook recognition that changing privacy settings without permission is wrong. I encourage the FTC to probe this issue and will continue to closely monitor this issue.”
Markey and EPIC have both tangled with Facebook in the past. In December 2009, EPIC and other consumer groups filed another complaint with the FTC arguing that Facebook’s recent privacy update violated federal consumer protection law. It also expressed concern with Facebook allowing developer access to users’ phone numbers and addresses, a feature it is now revamping.
For more from Chloe, follow her on Twitter @ChloeAlbanesius.