While the Cambridge Analytica scandal rumbles on, Facebook is quietly asking users in the EU and Canada to let it use its facial recognition to scan their faces and suggest tags in photos. It isn't the first time Mark Zuckerberg's firm has tried to get access to millions of Europeans' facial data.
Facebook tried to bring facial recognition to people in the EU back in 2011, but it stopped doing so a year later after privacy campaigners raised concerns that the feature was not compatible with data protection laws. Now Facebook is hoping it can bring facial recognition back to the EU, as long as it secures explicit consent beforehand.
This is all part of Facebook’s plan to get ahead of the European General Data Protection Regulation (GDPR) that’s due to come into force on May 25, 2018. As part of the push, Facebook is also explicitly asking for its users’ consent on using their data for targeted advertising, and sharing sensitive information such as political and religious views. Facebook will start asking its users in Europe for these permissions this week.
In a blog post published on April 17, Facebook’s chief privacy officer, Erin Egan, and deputy general counsel, Ashlie Beringer, explained the reasoning behind the company’s decision. “We not only want to comply with the law, but also go beyond our obligations to build new and improved privacy experiences for everyone on Facebook,” they wrote. Although European users are getting these requests a little earlier than the rest of the world – in order to meet the GDPR deadline – Facebook insisted that all of its users will be asked to make the same choices.
But some have criticised Facebook for making it too easy for users to accept the new requests without really understanding how their data is being used – which sounds very similar to how much of Cambridge Analytica scandal started.
On Facebook, users only have to click ‘accept and continue’ to opt-in to facial recognition, targeted adverts and facial recognition, and don’t have to scroll through the information before they accept the terms.
Read more: Congress won’t hurt Facebook and Zuck, but GDPR and Europe could
The Irish data protection regulator, which oversees Facebook in Europe due to its headquarters being based in the country, also has issues with the facial tech plans. "The Irish DPC is querying the technology around facial recognition and whether Facebook needs to scan all faces - ie those without consent as well - to use the facial recognition technology," a spokesperson for the regulator told the BBC. "The issue of compliance of this feature with GDPR is therefore not settled at this point
Elsewhere in the world, things are different. Facebook users in the US have had their facial data tracked since 2011 and if users want to opt out, they have to click ‘manage settings’ and go through another page before changing their privacy settings.
But also in the US, Facebook is being met with resistance over the use of facial recognition technology. The company is facing a class action lawsuit alleging that it gathered biometric information without users explicit consent. On April 16, 2018, District Judge James Donato in California ruled that Facebook users in Illinois are allowed to bring forward a case arguing that Facebook’s collection of face data violates Illinois’ Biometric Information Privacy Act. If it is found to be violating the act, Facebook could be faced with a fine of billions of dollars.
Read more: 'Dear Mark, this is why I hate you.' An open letter to Zuckerberg
Facebook’s facial recognition technology works by analysing images and videos in which a particular person has been tagged, and then generating a unique number called a ‘template’. This template is then compared with other photos and videos on Facebook, and if the algorithm finds a match then that user’s name may appear as a tag suggestion. Facial recognition can also be used to identify accounts that may be impersonating other people.
Despite the backlash against its widespread data collection, Facebook is also exploring other ways of other ways of using facial recognition technology. In a patent published in November 2017, the company described using facial recognition as way of verifying payments in shops. Last year it also tested using facial recognition to allow people to recover their account details just by using their face to verify their identity.
This article was originally published by WIRED UK
