Facebook is involved in at least two instances of U.S. litigation defending its facial and biometric recognition practices. Privacy advocates filed a complaint with the Federal Trade Commission (FTC) saying that Facebook gives itself “the ability to scan user photos for biometric facial matches without consent,” and thereby violates the user’s privacy.
The advocates say that “Facebook is deceptively selling the facial recognition technology to users by encouraging them to identify people in photographs.” A more compelling reason for facial recognition lies in its commercial advertising value, and perhaps future products. For example, personalized models suitable for apparel sales might be developed using your digital body and face.
Facebook and the FTC have been through a similar process that led to a 2011 Consent Decree deeming facial recognition to be “unlawful.’
A second instance of litigation involves the Ninth Circuit, which in late May 2018 agreed to take up a Facebook challenge to a ruling that certified a class of Illinois users claiming Facebook’s face recognition practice violated Illinois law.
Germany plans to probe Facebook in 2019, searching for any privacy violations of German residents. This is after “finding that the social media giant abused its market dominance to gather data on people without their knowledge or consent.” Unlike earlier searches and fines imposed on American social media companies, the probe is not focused on anti-trust or tax avoidance.
The German Federal Cartel Office objects to how Facebook acquires data on people from third-party apps – including its own WhatsApp and Instagram services – and its online tracking of people who aren’t even members. True to its nature, the Cartel Office can be expected to look for instances of Facebook mistreating a competitor.
The German probe is one of the earliest investigations aimed at assuring that American e-commerce and social media are compliant with the privacy provisions of GDPR (which became effective in May 2018). From the EU’s perspective, the General Data Privacy Rule (GDPR) applies across the EU and even to EU citizens living in the U.S. The EU regards facial recognition and other biometrics as a privacy violation if its done without the customer’s explicit consent.
Insofar as EU citizens living in the U.S. would be subjected to Facebook facial recognition practices in the U.S., the EU would have a stake in the outcome of both pieces of U.S. litigation and separately in apparent violations of GDPR.
In our society, it is common practice to walk around in public (e.g. public sidewalk or park) and in commercial areas (in a store or enclosed mall) with your face exposed for all to see. When others recognize who you are, are they violating your privacy? Of course not. If others use a camera to capture an image of your face among those exposed, have they suddenly crossed the privacy line? Presumably not, but in some locations, processing that image to determine who it might be is a crime.
The right time for setting reasonable boundaries for privacy rights occurred a few decades ago. Since then, the Internet has provided an echo chamber for strident privacy advocates who feel unfettered by pragmatic restraints. For some observers, any assertion of privacy is treated as justified, especially if it is convenient and feels good (consider the self-indulgent “right to be forgotten”). The public safety consequences of overly broad privacy entitlements are being ignored. Facebook and others may have to abandon the wholesale application of facial recognition and not because it is intrinsically evil or a threat to genuine privacy. An expansive suite of privacy rights has gained political favor. That will persist until enough people are physically harmed by criminals hiding behind an official cloak of privacy.