The European Union’s new privacy regulations – the General Data Protection Regulation (GDPR) – come into force next month, and Facebook has now provided details of how it will comply. This includes asking for permission to use face-recognition.
It reveals that those in Europe will get the earliest and strongest privacy protections, with a weaker version rolling out in the US and elsewhere at a later date …
GDPR requires positive opt-in to all commercial use of personal data. This means that in Europe, Facebook has to specifically ask users to agree to a number of things it would like to do, and it is not allowed to present pre-selected defaults. European users will be asked whether they agree to three things, the company explains.
- Ads based on data from partners. Ads on Facebook are more relevant when we use data from partners, like websites and apps that use business tools such as our Like button. We’ll ask people to review information about this type of advertising, and to choose whether or not they want us to use data from partners to show them ads.
- Information in their profile. If you’ve chosen to share political, religious, and relationship information on your profile, we’ll ask you to choose whether to continue sharing and letting us use this information. As always, including this information on your profile is completely optional. We’re making it easier for people to delete it if they no longer want to share it.
- Allowing face recognition technology. Our face recognition features help protect your privacy and improve your experiences, like detecting when others might be attempting to use your image as their profile picture and allowing us to suggest friends you may want to tag in photos or videos. We’ve offered products using face recognition in most of the world for more than six years. As part of this update, we’re now giving people in the EU and Canada the choice to turn on face recognition. Using face recognition is entirely optional for anyone on Facebook.
Canada requires opt-in for face-recognition, so users there also have to positively choose to switch it on. In the US and elsewhere in the world, Facebook will simply explain what it does by default and offer a choice between ‘Accept and continue’ and ‘Manage data settings.’ However, the defaults will be to accept the current settings – which include face-recognition being set to on.
The BBC explains that face-recognition is used in three ways.
When a match is found, Facebook prompts both the person posting an image and the people appearing in it to apply the relevant name tags.
In addition, it uses the tech to detect when a scammer is attempting to use a stolen photo as their profile picture. It also helps Facebook to offer new “friends” suggestions.
The deadline for compliance in Europe is May 25, meaning that all Facebook users in EU countries will be presented with the choices before then. Facebook has not yet given a date for rolling them out elsewhere, simply saying that it will be ‘on a slightly later schedule.’
Reuters notes that users will be able to choose to limit the extent to which their personal data is used for ad targeting, but will not be able to opt out altogether. Anyone wishing to do this will be warned that it will result in the closure of their account.
Facebook Deputy Chief Privacy Officer Rob Sherman said […] that opting out of targeted marketing altogether would not be possible. “Facebook is an advertising-supported service,” Sherman said in a briefing with reporters at Facebook’s headquarters.
Sherman said that even offline ads were targeted to some extent, for example by posting in publications read by particular demographics.
Facebook says that it does expect the changes to result in some users choosing to close their accounts.
Facebook Chief Financial Officer David Wehner warned in February the company could see a drop-off in usage due to the EU law.
Facebook has vowed that there will always be a free ad-funded tier, but has not ruled out a paid ad-free tier – though this could prove expensive.