Untagged: German official says Facebook tagging system illegal

Photo posted by Facebook user Anton Vinogradov
German officials say Facebook’s facial recognition system violates its privacy laws, as it stores a trove of tagged photos without explicit member consent. The Internet giant faces a fine of $31,000, a drop in the bucket of its billions in annual revenue.

­Hamburg Data Protection Commissioner Johannes Casper is reopening an inquiry originally launched over a year ago into the controversial software. The probe was suspended in June when Casper decided to allow the issue to be resolved in negotiations between Facebook and privacy authorities in Ireland, the base of the social network’s European operations.

In talks with Ireland’s Data Protection Commissioner, Facebook agreed to suspend its photo tagging service for European members joining the network on or after July 1, 2012. However, photos tagged before that date were to be kept in the company’s database.  

This hope has only been partially fulfilled,” Casper said in a statement. “The potential for abuse with a biometric database is immense.

Casper says he wants Facebook to destroy its photographic database of tagged faces obtained from German citizens. He also wants the company to revise its practices so that users would have to explicitly agree to the photo tagging app. Currently, Facebook members give their implicit consent to the software only by not disallowing it.

The commissioner told The New York Times that he plans to end his investigation and file a formal request to Facebook to change its policies in September.

Failing to follow through with Caspar’s orders would mean that the Internet giant would be fined up to 25,000 euros ($31,000), a tiny fraction of what the company makes in just one month. But imposing the fine could prove to be problematic, as German authorities have little jurisdiction over the US company. Facebook has a headquarters in Hamburg, which the company says is only involved in marketing, and is not responsible for software, such as the facial-recognition app.

Facebook maintains that the disputed tagging system complies with European policies.

We believe that the photo tag suggest feature on Facebook is fully compliant with E.U. data protection laws,” a company statement says. “During our continuous dialogue with our supervisory authority in Europe, the Office of the Irish Data Protection Commissioner, we agreed to develop a best practice solution to notify people on Facebook about photo tag suggest.”

In March, the EU’s top advisory panel on privacy, the Article 29 Working Party, issued an opinion stating that the collection of biometric data without users' explicit consent was illegal. The publication prompted Irish officials to start a discussion on the issue with Facebook. Last year, an audit of the company concluded that Facebook had to improve how it informed users of its biometric data collection policies. Ireland is now planning to publish a second audit of the Internet giant’s disputed privacy policies. 

Facebook has already gotten into trouble with German authorities after a member used the social network to organize a party officials say disturbed the peace and amounted to vandalism. Local politicians now want Facebook to share the burden of a 227,000-euro fine imposed on the party's organizer.

This is not the first time Germany has called online companies out over privacy. In 2010, the country’s authorities challenged Google over its Street View app, which presents 360-degree panoramas of most street locations in urban and some rural areas. German experts argued that the practice of taking photos of faces and private property contravened privacy laws. Google eventually stopped taking additional photos of locations in Germany.