A D.C.-based privacy group has asked the Federal Trade Commission to examine Facebook's facial-recognition technology.
EPIC wants the FTC to require Facebook to stop using the technology pending an investigation, as well as ultimately make it opt-in.The Electronic Privacy Information Center (EPIC) joined with the Center for Digital Democracy, Consumer Watchdog, and the Privacy Rights Clearinghouse to file a complaint with the agency, arguing that the facial-recognition software is "unfair and deceptive."
"Users could not reasonably have known that Facebook would use their photos to build a biometric database in order to implement a facial recognition technology under the control of Facebook," EPIC argued.
The organization said without FTC intervention, Facebook will "likely expand the use of the facial recognition database it has covertly established for purposes over which Facebook users will be able to exercise no meaningful control."
Back in December,
Last week, security firm Sophos
"We should have been more clear with people during the roll-out process when this became available to them," a Facebook spokesman said in a Tuesday statement.
The news was met with concern overseas, however. Several members of EU's Article 29 Data Protection Working Party—like the U.K., Ireland, and Luxembourg—are
"As with any new technology, we would expect Facebook to be upfront about how people's personal information is being used," the U.K.'s Information Commissioner's Office said in a statement. "The privacy issues that this new software might raise are obvious and users should be given as much information as possible to give them the opportunity to make an informed choice about whether they wish to use it. We are speaking to Facebook about the privacy implications of this technology."
In the EU, the Data Protection Directive of 1995 requires that people give their consent to the use of their data. Companies that process personal data must tell users about how their information is being used and whether it is passed on to other companies or individuals. The data protection agencies within the EU are responsible for monitoring and enforcing this directive, according to a European Commission spokesman.
Though the Article 29 Working Party is independent of the European Commission, the commission will propose a reform of the data protection rules this year. "The challenges on data protection resulting from new technologies, such as cloud computing and social network sites, are one of the central reasons for this reform," the spokesman said.
Here in the U.S., Rep. Edward Markey, a Massachusetts Democrat, expressed support for the EPIC filing. "The Federal Trade Commission should investigate this important privacy matter, and I commend the consumer groups for their filing. When it comes to users' privacy, Facebook's policy should be: 'Ask for permission, don't assume it,'" Markey said in a statement. "Rather than facial recognition, there should be a Facebook recognition that changing privacy settings without permission is wrong. I encourage the FTC to probe this issue and will continue to closely monitor this issue."
Markey and EPIC have both tangled with Facebook in the past. In December 2009, EPIC and other consumer groups
Markey and Rep. Joe Barton, meanwhile, have