German Regulators Shake Fist at Facebook Over Privacy
Facebook is back to its face-off with European regulators. Officials in Germany say the opt-out nature of the network's facial recognition features puts it in violation of European law. But Facebook doesn't have much incentive to comply with the overseas demands, especially since it's not the company's first battle with regulators, said blogger Max Schrems.
08/16/12 7:00 AM PT
German data protection regulators reopened an investigation into Facebook's facial recognition technology Wednesday, claiming the social network failed to comply with official requests to alter its policies to match European regulations.
The Hamburg Commissioner for Data Protection and Freedom of Information wants Facebook to delete the facial data it has on users or face further action from European officials.
Facebook uses analytic technology to compile facial recognition data that it then uses to suggest which users should be tagged in photos. In Europe, users must give their explicit consent in order for Facebook to collect such material.
Facebook gives the users the chance to opt out of the feature rather than asking them to agree to the practice first. The social network maintains that is legal in Ireland, where the company runs its European operations.
Following a year-long look into the company's policies, German authorities closed their investigation in June after negotiations between Facebook and the Irish Commissioner for Data Protection stalled.
"Germany is much stricter about data protection, and the Irish aren't enforcing anything, so this is kind of a case of the Germans looking for ways to have jurisdiction over some of these policies," Max Schrems, founder of the blog Europe vs. Facebook, told TechNewsWorld.
Since Facebook failed to alter its policies, however, the case will be re-opened to propel further cooperation from the social network, according to the Hamburg Commissioner for Data Protection and Freedom of Information.
Neither Facebook nor the Hamburg Commissioner responded to our request for further details on the story.
Making a Point
Although German regulators might public support to crack down on privacy issues, the investigation doesn't carry much weight as a true legal threat, said Schrems.
"The data protection commissions in Europe have some legal possibilities," said Schrems. "But they're more there to inform and question corporations and gather support from the public sphere rather that having real legal enforcement duties."
Given that, Facebook doesn't have much incentive to comply with the overseas demands, especially since it's not Facebook's first battle with regulators, said Schrems.
"The bottom line is that Facebook knows they're not complying with the laws right now, at least not outside of Ireland, but they can kind of play with time and push it off for a few years," he said.
If Facebook does give in to European officials, the company could change its policies worldwide or for a particular jurisdiction, said Venkat Balasubramani, lawyer and cofounder of a boutique law firm focused on tech and Internet clients.
But the social network has obviously held off on switching its global practices, and it probably wants to avoid the practical costs that a local switch would incur, he said. That means Facebook might opt to screen out users in local jurisdictions, he said. Either way, he noted, it's probably not one of the company's largest concerns right now.
"Companies have dealt with this over the years and they take their own time complying with local culture and rules and not getting pushed around by the local jurisdictions," he said.