• by Wendy Davis  @wendyndavis, April 9, 2018

Privacy watchdogs are asking the Federal Trade Commission to investigate Facebook's use of facial recognition technology, which enables the company to identify people based on photos uploaded by their friends.

"Facebook now routinely scans photos for biometric facial matches without the consent of the image subject," the Electronic Privacy Information Center and 13 other groups including The Center for Digital Democracy, The Consumer Federation of America and the Southern Poverty Law Center allege in a new FTC complaint. "Moreover, the company seeks to advance its facial recognition techniques by deceptively enlisting Facebook users in the process of assigning identity to photo images. This unwanted, unnecessary, and dangerous identification of individuals undermines user privacy, ignores the explicit preferences of Facebook users, and is contrary to law in several states and many parts of the world."

EPIC and the others argue that Facebook's deployment of the technology violates the terms of a 2012 consent decree. That decree requires the company to avoid misrepresenting its privacy practices; it also obligates Facebook to obtain users' express consent before sharing their information more broadly than its privacy policy allowed when users uploaded the data.

Facebook originally used facial recognition technology to suggest people's names when they appeared in photos uploaded by friends. Earlier this year, the company also began using facial recognition to tell users when they appear in photos posted by other people. EPIC and the other groups argue that Facebook should have obtained users' opt-in consent to that change.

Facebook deputy chief privacy officer Rob Sherman counters that the technology "helps people manage their identity on Facebook."

"People can choose whether or not to allow this technology and they can change their mind at any time," he says in an emailed statement. "When someone has their setting turned off, we don't use this technology to identify them in photos."

This isn't the first time that Facebook's facial recognition feature, rolled out in 2010, has sparked controversy. Years ago, EPIC filed an FTC complaint over Facebook's use of the software.

More recently, a group of Illinois residents alleged in a class-action lawsuit that Facebook is running afoul of a state privacy law. The plaintiffs in that matter allege that Facebook is violating the Illinois Biometric Information Privacy Act by failing to obtain people's written consent before compiling a database of their "faceprints."

U.S. District Court Judge James Donato in the Northern District of Illinois, who is presiding over the case, reportedly suggested recently that Facebook should try to settle that matter. “With everything going on in the world, maybe it’s time for Facebook to look at all of its privacy practices and not just those in the news,” Donato said at a hearing late last month, according to Courthouse News.

EPIC and the other watchdogs also contend that patent applications filed by Facebook show that it plans to use facial recognition data for commercial purposes. The complaint references four patent applications, including two submitted last November for "Using Facial Recognition and Facial Expression Detection to Analyze In-Store Activity of a User," and “Facial Recognition Identification for In-Store Payment Transactions."

"The two applications detail a customer recognition system which 'intelligently detects and notifies a merchant when a customer is in need of assistance based on the customer's facial expression,'" the groups write. "Facebook’s patent applications attest to the company’s primary commercial purpose in expanding its biometric data collection, and the pervasive uses of facial recognition technology that it envisions for the near future."