Privacy watchdogs are asking the
Federal Trade Commission to investigate Facebook's use of facial recognition technology, which enables the company to identify people based on photos uploaded by their friends.
"Facebook now
routinely scans photos for biometric facial matches without the consent of the image subject," the Electronic Privacy Information Center and 13 other groups including The Center for Digital Democracy,
The Consumer Federation of America and the Southern Poverty Law Center allege in a new FTC complaint. "Moreover, the company seeks to advance its facial recognition techniques by deceptively enlisting
Facebook users in the process of assigning identity to photo images. This unwanted, unnecessary, and dangerous identification of individuals undermines user privacy, ignores the explicit preferences
of Facebook users, and is contrary to law in several states and many parts of the world."
EPIC and the others argue that Facebook's deployment of the technology violates the terms of a 2012
consent decree. That decree requires the company to avoid misrepresenting its privacy practices; it also obligates Facebook to obtain users' express consent before sharing their information more
broadly than its privacy policy allowed when users uploaded the data.
Facebook originally used facial recognition technology to suggest people's names when they appeared in photos uploaded by
friends. Earlier this year, the company also began using facial recognition to tell users when they appear in photos posted by other people. EPIC and the other groups argue that Facebook should have
obtained users' opt-in consent to that change.
Facebook deputy chief privacy officer Rob Sherman counters that the technology "helps people manage their identity on Facebook."
"People
can choose whether or not to allow this technology and they can change their mind at any time," he says in an emailed statement. "When someone has their setting turned off, we don't use this
technology to identify them in photos."
This isn't the first time that Facebook's facial recognition feature, rolled out in 2010, has sparked controversy. Years ago, EPIC filed an FTC
complaint over Facebook's use of the software.
More recently, a group of Illinois residents alleged in a class-action lawsuit that Facebook is running afoul of a state privacy law. The
plaintiffs in that matter allege that Facebook is violating the Illinois Biometric Information Privacy Act by failing to obtain people's written consent before compiling a database of their
"faceprints."
U.S. District Court Judge James Donato in the Northern District of Illinois, who is presiding over the case, reportedly suggested recently that Facebook should try to settle that
matter. “With everything going on in the world, maybe it’s time for Facebook to look at all of its privacy practices and not just those in the news,” Donato said at a hearing late
last month, according to Courthouse News.
EPIC and the other watchdogs also contend
that patent applications filed by Facebook show that it plans to use facial recognition data for commercial purposes. The complaint references four patent applications, including two submitted last
November for "Using Facial Recognition and Facial Expression Detection to Analyze In-Store Activity of a User," and “Facial Recognition Identification for In-Store Payment Transactions."
"The two applications detail a customer recognition system which 'intelligently detects and notifies a merchant when a customer is in need of assistance based on the customer's facial expression,'"
the groups write. "Facebook’s patent applications attest to the company’s primary commercial purpose in expanding its biometric data collection, and the pervasive uses of facial
recognition technology that it envisions for the near future."