The Hamburg Commissioner for Data Protection and Freedom of Information [official website, in German] said Tuesday that Facebook [website; JURIST news archive] is in violation of European data protection laws [text, PDF, in German] through its feature that automatically recognizes facial features and "tags" users when others upload photos of them. The commission alleged that Facebook has created the largest biometric database in the world:
It is assumed that the biometric data remain stored. For users to delete their previously stored biometric information want, they must first work through the online help system. This is used to erase the biometric data path via the privacy settings. The corresponding function ("delete data from photo comparison database") does not exist. Elsewhere in the help system is a link that allows the user to contact the "Facebook photo team." Only there one can order the removal of all biometric information previously gathered about him. An opt-out possibility, although available, is difficult for the average user to find. In light of this seems particularly concerning that it is the default even for underage users face recognition. But even if Facebook was offering a user-friendly method to opt-out, it would not meet national or European data protection requirements. For storage of biometrics a pre-issued, unambiguous consent by the affected is required.Facebook faces severe fines if they do not comply with the order to shutdown their auto-tagging system in Germany. An anonymous spokesperson said Facebook does not believe they are violating any privacy laws [Bloomberg report].
Facebook has frequently been under scrutiny for violating privacy laws in Germany. In July 2010, The Hamburg Commissioner for Data Protection and Freedom of Information initiated legal proceedings [JURIST report] against Facebook for accessing and saving non-users' personal information. Dr. Johannes Caspar [official profile, in German] stated the social networking site could be fined tens of thousands of euros [AP report] for violating Germany's strict privacy laws [materials, PDF, in German]. Facebook responded by changing the feature for German users. Earlier, he filed a complaint [Boston Globe report] against Google [corporate website; JURIST news archive], joining many in other countries in contending that their Street View feature violates privacy rights. Facebook has also faced privacy complaints in other countries. A South Korean regulator said in December that Facebook was not in compliance with the nation's data privacy laws [JURIST report] and must more earnestly seek consent from users before accessing their personal information. The Canadian Office of the Privacy Commissioner [official website] announced that it would launch a new probe [JURIST report] of Facebook to investigate privacy issues in response to complaints. Before that, five Facebook users sued the company in a California court alleging the site violated their privacy [JURIST report].