Facebook forced to forget European faces over privacy fears

Under fire from data protection regulators across Europe, Facebook is killing off its Photo Tag Suggest feature for users in the EU. It hopes to bring the biometric functionality back at some point in the future.

Facebook has stopped recording the facial characteristics of its users in EU, following pressure from privacy regulators around the union.

The abandonment of the Photo Tag Suggest feature was announced on Friday by Irish data protection commissioner (DPC) Bill Hawkes, who said it showed Facebook was "agreeing to go beyond [the DPC's] original recommendations " regarding adherence to European data protection law (PDF). Facebook confirmed that it had stopped recording the facial features of new users in the EU, and would destroy the templates it had created for existing users in the region by mid-October.

Facebook facial recognition

However, the Irish DPC was not the only privacy regulator on Facebook's case over biometric technology. The Article 29 Working Party, a group of regulators from around the EU, said in June (PDF) that sites should not use such technology without the explicit permission of the person doing the tagging and the person being tagged.

Data protection officials in Norway were also probing Facebook over the issue, as were those in Germany — indeed, Friday's announcement came just after the Germans said the technology posed "an immense risk and potential for misuse".

Not gone for good

Although it has stopped doing it for now, Facebook has not given up completely on Photo Tag Suggest in Europe. The social network said it hoped to reintroduce the feature at some point, "when we have agreed a holistic approach on the best way to notify and educate users".

The issue of proper privacy notifications was central to the Irish DPC's report, and to much of the regulatory interest around Facebook's action in Europe.

A group of Austrian law students kicked off the Irish DPC's action last year when it complained about Facebook's lack of compliance with EU data protection law. The complaint was launched in Ireland as that is the headquarters for all of Facebook's non-North American operations.

The DPC rapped Facebook over the knuckles last December, but then reopened its probe in May over concerns that Facebook was not complying with recommendations regarding data retention periods and facial recognition.