When IT Business Edge’s Lora Bentley wrote about privacy concerns raised by Facebook’s facial recognition feature in August, she mentioned that regulators in the European Union were studying the feature to determine whether it violates EU privacy rules.
It didn’t take long for one European regulator to weigh in with an opinion that the feature does violate EU privacy rules because it collects biometric data without users’ consent. As Information Age reports, the office of the Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI) objects to the fact the feature operates on an opt-out rather than an opt-in basis. The lack of “unambigious consent by those affected” means the feature violates both German data protection and EU privacy laws, according to a regulator statement cited in the story.
According to the statement, it is preparing “preliminaries for legal action.” Information Age notes the Irish data protection agency is also investigating Facebook’s privacy policies following an allegation by Austrian law student Max Schrems that the social site retains personal data even after a user deletes an account. Schrems submitted his complaint to the Irish DPA because Facebook’s European headquarters are in Dublin.