On April 6, a coalition of consumer privacy organizations led by the Electronic Privacy Information Center filed a complaint with the Federal Trade Commission, accusing Facebook of violating individual’s privacy via the company’s facial recognition practices. The complaint focuses on changes to Facebook’s policy which went into effect in early 2018, namely the ability to scan user photos for biometric facial matches without consent.
The organizations say that Facebook is deceptively selling the facial recognition technology to users by encouraging them to identify people in photographs. “This unwanted, unnecessary, and dangerous identification of individuals undermines user privacy, ignores the explicit preferences of Facebook users, and is contrary to law in several state and many parts of the world,” the complaint states.
The coalition also claims Facebook’s policy violates the 2011 Consent Order with the Commission, calling the scanning of faces “unlawful.” The organizations are calling on the FTC to reopen a 2009 investigation of Facebook due to recent revelations regarding Cambridge Analytica accessing millions of Facebook users private data. The Electronic Privacy Information Center has called on the FTC to investigate Facebook’s facial recognition practices since 2011.
“Facebook should suspend further deployment of facial recognition pending the outcome of the FTC investigation,” EPIC President Marc Rotenberg said.
This is not the first time Facebook has been under fire for their facial recognition technology. As far back as 2015, The Anti Media reported on a lawsuit involving a man who, despite not having a Facebook account, was fighting to get his “faceprint” from the company. The complaint was filed by Frederick William Gullen of Illinois. Gullen’s complaint stated:
Facebook is actively collecting, storing, and using — without providing notice, obtaining informed written consent or publishing data retention policies — the biometrics of its users and unwitting non-users … Specifically, Facebook has created, collected and stored over a billion ‘face templates’ (or ‘face prints’) — highly detailed geometric maps of the face — from over a billion individuals, millions of whom reside in the State of Illinois.
Although no federal law exists to govern the commercial use and collection of biometrics, Illinois and Texas have passed laws designed to protect the public. Illinois’ Biometric Information Privacy Act made it illegal to collect and store faceprints without obtaining informed written consent. The law also made it illegal for companies to sell, lease, or otherwise profit from a customer’s biometric information. Lawsuits filed against Facebook allege the company is violating BIPA because it makes faceprints without written consent.
With Facebook CEO Mark Zuckerberg facing pressure from the U.S. Congress and public, the company may shift towards privacy oriented practices. However, for the moment, users should be aware that their words and face are owned by Facebook and whoever else they decide to share the data with.