- Facebook is asking some users in Europe to consent to the use of facial recognition technology.
- But the social network has been accused by privacy experts by asking for permission in a "fundamentally dishonest and manipulative way."
- The request comes ahead of sweeping new privacy regulation in the EU.
Facebook is being criticised by privacy activists for how it's allegedly manipulating some of its European users to consent to its use of facial recognition in photos and videos. It's a hot-button issue, as sweeping new EU privacy legislation requires Facebook and other tech companies to get explicit permission for using the technology.
Facebook's facial recognition technology, which it uses to recognise users in photos and identify impersonators, has not been available in the EU since 2012 after being accused of violating privacy laws for not obtaining users' consent. The company has now started asking some users to explicitly give permission to use it, but the tech — and the way Facebook is asking for permission — is raising some objections.
Jennifer Cobbe, a tech law researcher at the University of Cambridge, shared screenshots of the prompts on her Twitter page. The social network isn't presenting the choice as a simple yes-no option: Instead, users are presented with a list of the purported benefits of facial recognition tech, then asked if they want to "Accept and Continue," or click a greyed-out box obliquely called: "Manage Data Settings."
Facebook is now explicitly asking European users for consent to facial recognition pic.twitter.com/YErXPGjFPE Tweet Embed:
This is the screen where they ask for consent. No clear option for 'no'
If users click "Manage Data Settings," they're shown an additional prompt given more detail about the tech's benefits, mainly stopping impersonators and helping blind people to understand what's depicted in photos. Only when they click "Continue" on that are they given a binary option: "Allow Facebook to recognise me in photos or videos" or "Don't allow Facebook to recognise me in photos and videos."
Clicking "manage data settings" brings you here
Going hard on user experience is expected. Promoting facial recognition as an accessibility features for other people is an interesting move
Still haven't managed to get opt-out. Just Facebook having another go at changing my mind pic.twitter.com/PjrUhokpFJ Tweet Embed:
Finally, the page where I can actually opt-out. Again, framed as all being about user experience pic.twitter.com/ZmoZjfaPtu Tweet Embed:
They say this, but they will. We know they will because they scan everyone's face, and justify it by saying that they have to in order to be able to pick out people who do want facial recognition
This, of course, isn't GDPR compliant. But why would that bother them? pic.twitter.com/xlwSXEae1G
Privacy consultant Pat Walshe criticised Facebook's approach as "the manipulation of choice," while Bloomberg reporter Sarah Frier observed: "Facebook's 'you get to decide whether to consent to facial recognition' in the EU is basically an ad for facial recognition with no obvious way to opt out."
Facebook's "you get to decide whether to consent to facial recognition" in the EU is basically an ad for facial recognition with no obvious way to opt out. https://t.co/unZLi3c615 Tweet Embed:
Thread. Facebook and the manipulation of choice ... privacy defaults matter https://t.co/u9hm86qKew
In a message, Cobbe told Business Insider: "By framing the request for consent to facial recognition as being about the user experience, about the user's security, and about making Facebook more accessible for visually impaired people, rather than what it's actually about — which is Facebook's all-encompassing surveillance machine in which privacy is not an option — they're going about getting consent in a fundamentally dishonest and manipulative way."
On May 25, GDPR (General Data Protection Regulation) will come into effect. It's an ambitious pan-European regulation that requires companies using people's data to get their explicit consent to do so, and has sent companies scrambling to prepare.
Cobbe said she believes Facebook's implementation will fall afoul of GDPR, because it will have to scan every face in photos just to see if the photo subjects have consented to use of the tech.
"So how does Facebook know that a face in a photo belongs to someone who hasn't consented to facial recognition? By using facial recognition," she wrote. "This means that in practice Facebook won't just be doing using facial recognition for Facebook users who have consented — it will likely be doing it for users who have explicitly said no as well as for people who appear in photos but don't even have Facebook accounts. You can't escape this by saying no. You can't even escape this by not having Facebook. Facebook will still scan your face."
A Facebook spokesperson says that the company is working to make sure that its products and services comply with GDPR.
In a statement, the spokesperson said: "We recently began to preview some of the changes we're making in preparation for the General Data Protection Regulation. These changes included the opportunity to opt in to face recognition features that help people to manage their identity on Facebook. We also provided information about improved privacy controls and details about how our services work."
- Here are all the questions Mark Zuckerberg couldn't answer during this week's congressional hearings
- Facebook Messenger now asks users to check their privacy settings before May 25
- Facebook is backing away from the campaign to kill California's proposed privacy law — right after Zuckerberg was grilled about its data collection practices