Facebook's facial recognition technology may not meet strict new EU data rules, a top watchdog says

Key Points
  • Ireland's data protection watchdog told CNBC it has raised a number of questions with Facebook about its reintroduction of facial recognition technology in Europe.
  • The social network was pressured to close its facial recognition feature in 2012 by regulators.
  • The Irish Data Protection Commissioner said that if Facebook were to reintroduce this technology in the EU, it would need to discuss with the regulator how to do so.
  • The data protection authority said there are "outstanding issues" in relation to the technology.
Mark Zuckerberg testifies before the House Energy and Commerce Committee in the Rayburn House Office Building on Capitol Hill April 11, 2018.
Chip Somodevilla | Getty Images

Ireland's data protection watchdog told CNBC it has raised a number of questions with Facebook about its reintroduction of facial recognition technology in Europe, after the social network was pressured to close the feature in 2012.

On Wednesday, Facebook announced a number of measures it said would help it comply with strict new data laws in the European Union, known as the General Data Protection Regulation (GDPR) which comes into force on May 25.

As part of the announcement, Facebook said it would bring facial recognition technology back to its platform. Facebook stopped this feature in Europe in 2012 after concerns from regulators and privacy advocates. At the time, the Irish data protection authority was investigating Facebook's transparency on user data and privacy. Ireland is the home of Facebook's European headquarters.

At the time, the Irish Data Protection Commissioner (DPC) asked Facebook to delete any data it had garnered from the face technology. Facebook complied. The Irish DPC also said Facebook would need to "agree a process for collecting consent" in order to bring back this feature.

A Facebook spokesperson told CNBC it had briefed the Irish DPC on its GDPR changes and provided details on how its facial recognition technology works.

"We briefed the IDPC on our updates for GDPR, including how we propose to ask for consent to turn Face recognition on, ahead of a limited test we ran earlier this year and provided information about improved privacy controls and details about how our services work," a Facebook spokesperson said.

"We have also provided details to the IDPC about how our facial recognition technology works. They came with some questions which we are working to address."

The data watchdog said it is not sure if this will comply with the EU's GDPR.

Facebook seeks permission from users for facial recognition
Facebook seeks permission from users for facial recognition

"The Irish DPC in conjunction with other EU DPAs (data protection authorities) continues to raise questions with Facebook in relation to the pilot of facial recognition it has run in U.K., France, Germany in advance of GDPR. There a number of outstanding issues on which we await further responses from Facebook," a spokesperson for the regulator told CNBC in an email Wednesday.

"In particular, the Irish DPC is querying the technology around facial recognition and whether Facebook needs to scan all faces (i.e. those without consent as well) to use the facial recognition technology. The issue of compliance of this feature with GDPR is therefore not settled at this point."

Facebook says its technology can help protect your privacy by allowing it to detect when another person is using your image as their profile picture. It can also recognize other faces and suggest friends you might want to tag in photos or videos.

But the Irish DPC is worried that for Facebook to do this, it would need to scan a plethora of images, which could include pictures of people who have not consented to use this feature.

Facial recognition has landed the social media giant in hot water. A U.S. district judge in a San Francisco federal court ruled earlier this week that Facebook must face a class action lawsuit that alleges it unlawfully used the facial recognition technology on images without permission from users.