Privacy & Information Security Law Blog

On June 10, 2011, the Electronic Privacy Information Center (“EPIC”) filed a complaint with the Federal Trade Commission, claiming that Facebook’s facial recognition and automated online image identification features harm consumers and constitute “unfair and deceptive acts and practices.” According to a post on The Facebook Blog, the Tag Suggestions feature matches uploaded “new photos to other photos [the user is] tagged in.”  Facebook then “[groups] similar photos together and, whenever possible, suggest[s] the name of the friend in the photos.”  On June 13, 2011, Congressman Edward Markey (D-MA) released a statement supporting the complaint and indicating that he will “continue to closely monitor this issue.”

EPIC, joined by the Center for Digital Democracy, Consumer Watchdog and the Privacy Rights Clearinghouse, claims that Facebook gathered data concerning users’ photos, without their knowledge or consent, “to develop facial recognition technology.”  EPIC’s complaint characterizes Facebook’s instructions for users who attempt to delete facial recognition data as “false and misleading” and claims that, even after disabling the Tag Suggestion technology, Facebook users still are unable to prevent the collection of their biometric data.  In addition, EPIC alleges that Facebook has not stopped application developers, the government or other third parties from accessing “Photo Comparison Data” the company compiles.

Perhaps most notably, EPIC alleges that the FTC’s “failure to act on pending consumer complaints concerning Facebook’s unfair and deceptive trade practices may have contributed to Facebook’s decision to deploy facial recognition [technology].”  As we previously reported, in December 2009 EPIC filed a complaint with the FTC concerning Facebook’s privacy practices.  EPIC also criticized the FTC’s failure to safeguard consumer privacy in its February 2011 comments on the FTC’s December 2010 online privacy report.

Among other things, EPIC’s complaint requests that the FTC require Facebook to:

• immediately suspend Facebook-initiated tagging or identification of users based on Facebook’s database of facial images;
• not misrepresent how it “maintains and protects the security, privacy, confidentiality, and integrity of any consumer information”;
• provide additional disclosures to users prior to new or additional sharing of information with third parties; and
• establish, implement and maintain a comprehensive privacy program.