Facebook has assented to keeping the facial recognition feature (“Tag Suggest”) for its European users off until European regulators allow it to be reinstated, and to delete collected templates for those users by 15 October, says in the latest report of a re-audit conducted by Ireland’s Data Protection Commissioner’s Office.
The audit was conducted in order to see whether Facebook has taken to heart the “best practice” recommendations for user data protection given by the Office following an initial audit back in December 2011.
“As with the main audit, FB-I cooperated with the review process, while vigorously defending its point of view, particularly where our recommendation, or the views of other DPA’s, challenged the general philosophy of the company. This was true, for example, in relation to the company’s insistence on maintaining its requirement that users use their real names on the network,” pointed out Deputy Commissioner Gary Davis.
Facebook has implemented most recommendations, particularly when it comes to offering better transparency for the user in how their data is handled, increasing user control over settings, implementing clear retention periods for the deletion of personal data or an enhanced ability for the user to delete items, and enhancing the user’s right to have ready access to their personal data and the capacity of FB-I to ensure rigorous assessment of compliance with Irish and EU data protection requirements.
But one of the main things that the Office asked was the removal or suspension of the “Tag Suggest” – a feature that is currently being investigated by German and Norwegian data protection commissioners – so Facebook decision to suspend it for the time being and until the legislators approve of it has been welcomed by Billy Hawkes, the Irish Data Protection Commissioner.
For the recommendations which have not yet been implemented Facebook has been given a clear timescale for implementation (mostly 4 weeks from now).
“This audit is part of an ongoing process of oversight, and we are pleased that, as the Data Protection Commissioner said, the latest announcement is confirmation that we are not only compliant with European data protection law but we have gone beyond some of their initial recommendations and are fully committed to best practice in data protection compliance,” a Facebook spokesperson commented the report and indicated that they hoped to bring back the tool once an approach on the best way to notify and educate users is agreed upon with the DPC.
The DPC report can be downloaded here.