Facebook’s deputy chief privacy officer Rob Sherman confirmed to the Irish Times last week that facial recognition would be added on an opt-in basis. That means users need to proactively go into their settings and turn the feature on before it starts learning about every inch of their face.
European users, including Metro reporter Jimmy Nsubuga, say they’ve already received privacy notifications about facial recognition from Facebook.
“The flow is not a test, it is part of a rollout we are doing across the E.U.,” a Facebook spokesperson told TechCrunch. “We are asking people for opt-in consent for three things: Third-party data for ads, facial recognition, and the permission to process their sensitive data.”
For users to opt out of the feature, they need to press through a “continue” screen that insists facial recognition is a security feature. It argues allowing users to see all the photos they appear in—not just those they’re tagged in—protects them from impersonators and people posting images without permission.
Sure #Facebook, I'll take a milisecond to consider whether you want me to enable #facialrecognition for my own protection or your #data #tracking business model. #Disingenuous pricks! pic.twitter.com/s7nngaHVSq— Jennifer Baker (@BrusselsGeek) April 20, 2018
Facebook is playing with fire by bringing facial recognition back to Europe. The addition comes just weeks after the strict General Data Protection Regulation (GDPR) goes into effect and days after CEO Mark Zuckerberg took the stand before Congress for a marathon session of questioning about privacy.
The social network warned at the start of last month that a select group of users would be getting notifications for a host of privacy choices they’ll need to make as part of the GDPR. Slipped into these privacy options is the ability to turn on facial recognition, an intrusive feature the social giant turned off in Europe in 2012 after an investigation into its privacy policies. It was even pressured to delete all the facial recognition data it collected from E.U. citizens when the feature was active.
It’s unclear whether facial recognition is allowed under the upcoming GDPR regulations. The privacy watchdog group Data Protection Commissioner told CNN it was still “querying” Facebook to determine whether it needs to scan all faces and didn’t know whether facial recognition technology complies with the E.U. rules. What we do know is Facebook can’t automatically enroll European users in the feature like it does in other parts of the world—including the U.S.