Germany reopens proceedings against Facebook's facial recognition

Facebook either has to delete its database with faces or ask for explicit user consent, the data protection watchdog said
  • Loek Essers (IDG News Service)
  • — 15 August, 2012 15:06

The Hamburg Commissioner for Data Protection and Freedom of Information reopened proceedings against Facebook's facial recognition technology on Wednesday, the commissioner said.

"We stopped the investigation two months ago," said Johannes Caspar, the commissioner for Data Protection and Freedom of Information in Hamburg. The proceedings were stopped pending negotiations between Facebook and the Irish Commissioner for Data Protection, Facebook's supervisory authority in Europe, about the use of facial recognition.

Facebook uses facial recognition technology to suggest whom users should "tag" in photos.

The German data protection authority asked Facebook last Thursday what the outcomes of the negotiations with the Irish data protection commissioner were, Caspar said. While Facebook said it would refrain from creating facial profiles of new users for the moment, the company still stores data of existing users that was gathered without the users' explicit consent, Caspar said. Because Facebook still stores this data, further proceedings against Facebook are inevitable, the data protection watchdog said.

Facebook now has to decide if it wants to get the explicit consent of users, delete the data or face a lawsuit, said Caspar. The data protection authority will prepare a formal order to force Facebook to delete the data or to ask users' permission, he added. This order could be finished at the end of August or at the beginning of September since the case against Facebook was already fully prepared in June and not much has changed since then, Caspar said.

If Facebook refuses to comply with the data protection requirements, the data protection authority will file a lawsuit with the Administrative Court of Hamburg, Caspar said. Facebook is, however, welcome to inform the authority of an acceptable method for obtaining consent by concerned users or to confirm the deletion of the collected data at any time.

"We believe that the photo tag suggest feature on Facebook is fully compliant with EU data protection laws," a Facebook spokeswoman said in an email.

Loek covers all things tech for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to loek_essers@idg.com

Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Security Solutions-GigaVUE-420

In partnership, Newgen provides innovative network monitoring and security solutions based upon Gigamon’s GigaVUE-420 systems.

more »

Submit your own security event

Submit your training courses

Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.

Read More
more »