EU privacy probe looms for Facebook

Earlier today, TG Daily reported on Facebook’s international rollout of a facial recognition feature that allows users to tag friends without their permission – if the appropriate privacy settings aren’t enabled.

Facebook is now facing a privacy probe by watchdogs in the European Union who are criticizing the site for rolling out the capability to an international audience without proper notification.

A group concerned with privacy from the EU’s 27 nations are slated to examine Facebook’s privacy offenses to see if there is anything punishable by law, said Gerard Lommel of the Article 29 Data Protection Working Party. According to spokesperson Ciara O’Sullivan, Ireland’s data protection authority is also examining possible violations stemming from privacy issues with the facial recognition feature.

Many privacy watchdogs believe a feature like facial recognition should only be available to those who would like to use it, rather than the default option for everybody.

“Tags of people on pictures should only happen based on people’s prior consent and it can’t be activated by default,” said Lommel.

Such automatic tagging “can bear a lot of risks for users” and the group of European data protection officials will “clarify to Facebook that this can’t happen like this.”

Facebook quietly announced on its blog that the feature is now available in most countries, after originally launching only in North America last year.

“We launched Tag Suggestions to help people add tags of their friends in photos; something that’s currently done more than 100 million times a day,” Facebook said in an e-mailed statement to BusinessWeek.

“Tag Suggestions are only made to people when they add new photos to the site, and only friends are suggested.”

Of course, Facebook is not the first site to face criticism from privacy watchdogs in the EU for possible privacy breaches. Google, Microsoft and Yahoo have all been pressured to limit the amount of time they store online users’ search records. 

Although Article 29 does not have the power to persecute offenders, the group is closely tied to national data protection agencies who do have the ability to punish companies that break privacy rules.

(Via Business Week)