Facebook Inc. will be probed by European Union data-protection regulators over a feature that uses face-recognition software to suggest people’s names to tag in pictures without their permission.
A group of privacy watchdogs drawn from the EU’s 27 nations will study the measure for possible rule violations, said Gerard Lommel, a Luxembourg member of the so-called Article 29 Data Protection Working Party. Authorities in the U.K. and Ireland said they are also looking into the photo-tagging function on the world’s most popular social-networking service.
“Tags of people on pictures should only happen based on people’s prior consent and it can’t be activated by default,” said Lommel. Such automatic tagging suggestions “can bear a lot of risks for users” and the European data-protection officials will “clarify to Facebook that this can’t happen like this.”
Facebook said yesterday on its blog that “Tag Suggestions” are available in most countries after being phased in over several months. When a Facebook user adds a photo to their page, the feature uses facial-recognition software to suggest names of people in the photo to tag based on pictures in which they have already been identified. Before the feature was rolled out, users could tag pictures manually without permission from their Facebook friends.
The feature is active by default on existing users’ accounts and Palo Alto, California-based Facebook explains on its blog how people can disable the function, if they don’t want their names to be automatically suggested for other people’s pictures.
“We launched Tag Suggestions to help people add tags of their friends in photos; something that’s currently done more than 100 million times a day,” Facebook said in an e-mailed statement. “Tag suggestions are only made to people when they add new photos to the site, and only friends are suggested.”
Facebook is among U.S. companies that have faced scrutiny in the EU for possible privacy breaches. Google Inc. (GOOG), Microsoft Corp. (MSFT) and Yahoo! Inc. have been pushed by European data- protection officials to limit the amount of time they store online users’ search records. The group has also criticized Facebook for policy changes that could harm users’ privacy.
The U.K.’s Information Commissioner’s Office is “speaking to Facebook” about the privacy aspects of the technology, said Greg Jones, a spokesman for the group.
“We would expect Facebook to be upfront about how people’s personal information is being used,” Jones said. “The privacy issues that this new software might raise are obvious.”
The Irish data-protection authority is also looking into the issue, said spokeswoman Ciara O’Sullivan.
The Article 29 group guides the work of national data- protection agencies, which have the power to punish companies that break privacy rules.