Facebook faces facial feature scrutiny in Germany

Data protection authorities in the German city of Hamburg have warned Facebook to change its facial-recognition data-retention policies, while dropping a previous complaint against the social network over its Friend Finder feature.

Data protection authorities in Hamburg, Germany are scrutinising Facebook's introduction of facial-recognition tech to suggest name tags in photos. Photo credit: Facebook

The city's data protection chief, Johannes Caspar, said Facebook might have to pay a €300,000 (£262,000) fine over the facial-recognition functionality. The feature, which scans users' photos in an attempt to recognise and tag their contacts, has also caused concern at the UK Information Commissioner's Office.

Caspar told ZDNet UK on Thursday that he was worried about the fact the facial-recognition feature was turned on by default, but more concerned that Facebook might be retaining the biometric information it gathers even when the user opts out. He said this was not compliant with EU and German data protection laws.

"We told Facebook that they should decide within two weeks whether to execute our request to delete the data or not," Caspar said. "If they say 'We won't delete the data and we will collect further biometric data', then we will come to a decision about what legal measures we will take."

Caspar noted that the maximum fine the Hamburg data protection authority can levy for such breaches is €300,000.

However, Caspar also revealed that he had dropped another complaint against Facebook in the same letter to the social network. That legal procedure was in connection with the company's Friend Finder feature, which lets people send invitations to others to join them on the network.

"We didn't think the Friend Finder feature met the standard of German data protection law [but] we told Facebook [on Tuesday] that we would not levy a fine because they said they would co-operate and changed their system," Caspar said. "They gave an opt-out to people who don't want any invitations to join Facebook."

Caspar also pointed out that Facebook users now have more control over the invitations they send. "At first, the user didn't know when Facebook was sending an invitation from their account, nor what the content of the invitation was," he said.

A Facebook spokesman told ZDNet UK that the company "will consider the points the Hamburg Data Protection Authority have made about the photo tag suggest feature but firmly [rejects] any claim that we are not meeting our obligations under European Union data protection law". He added that the facial recognition data "is deleted" when the user opts out. 

"We have also found that people like the convenience of our photo tag suggest feature which makes it easier and safer for them to manage their online identities," the spokesman said.