September 23, 2012 (TSR) – Facebook has suspended the facial-recognition tool that suggests when registered users could be tagged in photographs uploaded to its website.
The move follows a review of Facebook’s efforts to implement changes recommended by the Data Protection Commissioner of Ireland last year.
Billy Hawkes, who did not request the tool’s total removal, said he was encouraged by the decision to switch it off for users in Europe by 15 October.
It is already unavailable to new users.
Mr Hawkes said Facebook “is sending a clear signal of its wish to demonstrate its commitment to best practice in data protection compliance”.
Richard Allan, Facebook director of policy for Europe, Middle East and Africa, said: “The EU has looked at the issue of securing consent for this kind of technology and issued new guidance.
“Our intention is to reinstate the tag-suggest feature, but consistent with new guidelines. The service will need a different form of notice and consent.”
The facial-recognition tool was not part of the company’s commercial activities and did not generate many user complaints, he added.
In December 2011 the Data Protection Commissioner (DPC) gave Facebook six months to comply with its recommendations.
They included more transparency about how data is used and individuals are targeted by advertisers and more user control over privacy settings.
On Friday, Mr Allan said: “When you think of the very wide ranging investigation the DPC carried out into Facebook, they looked at every aspect of our service, and our overall scorecard is very good.
“In the vast majority of areas the DPC looked into, they found we are behaving in a way that’s not just compliant but a reasonable model for good practice.”
Also on Friday, the DPC said there were still some areas where more work was required, and it has asked for another update from Facebook in these areas in four weeks’ time.
Deputy Commissioner Gary Davis told the BBC the DPC remained concerned about whether photos marked for deletion were actually being deleted within 40 days as required under Irish Data Protection law.
“We also want some clarity about inactive and deactivated accounts – we think Facebook should contact those users after a period of time and see whether they want to come back,” he said.
Many people did return to the website after long periods away, Mr David said, but users with inactive accounts should be contacted within two years of their last log-in.
Mr Davis also said he would like Facebook to do more to educate existing users about its privacy policies.
“We would also like more information in relation to advertising – there is the potential for the use of terms that could be sensitive – such as ethnicity, trade union membership, political affiliation – to be used by advertisers to target others based on those words,” he said.
But Mr Davis added: “The discussions and negotiations that have taken place, while often robust on both sides, were at all times constructive with a collective goal of compliance with data protection requirements.”