PrivacyEurope is suddenly all in a tizzy over something they should have seen coming. Namely, Facebook’s latest privacy failure — automatic photo tagging through face recognition. Of course, it’s not like people had no idea it was coming — the feature has rolled out about six months ago in the U.S. to howls from privacy advocates.

The feature works like this: When you upload a photo to Facebook, it will now use facial-recognition technology to scan all your uploaded photos and suggest tags for them based on prior tags. This could well be very useful, especially to those who upload most of their pictures to Facebook.

I agree wholeheartedly with the words of Graham Cluley, senior technology consultant for Internet security firm Sophos, who wrote the following on the Naked Security blog:

Unfortunately, once again, Facebook seems to be sharing personal information by default. Many people feel distinctly uncomfortable about a site like Facebook learning what they look like, and using that information without their permission.

Most Facebook users still don’t know how to set their privacy options safely, finding the whole system confusing. It’s even harder though to keep control when Facebook changes the settings without your knowledge.

Indeed, my friends are always asking for help with their security settings. Kit Eaton at Fast Company has a great, step-by-step set of instructions for turning this questionable function off (as well as a lot of other tweaks you should be aware of). Take a look at the hoops you have to jump through — not something the majority of users would be aware of (or, in some cases, even able to find):

Under the ‘Account’ drop-down menu at the top-right of Facebook’s title bar, click ‘Privacy settings.’ On the bottom half of the next window, under ‘Sharing on Facebook’ click ‘Custom.’ Then at the bottom, click on the little blue pencil and its ‘customize settings label.’ In the next window scroll down to the ‘Things others share’ section and the third list item, ‘Suggest photos of me to friends.’ Click on the ‘Edit Settings’ button, and scan to the middle right of the new pop-up window, which has little pics of your friends to remind you how friendly Facebook is. See the facility is enabled? Click on this button, select ‘Disabled.’ And then click on ‘OK’ to make the pop-up go away.

Easy, wasn’t it? Just nine click/scroll maneuvers required to burrow through multiple layers of windows.

Nine. Not exactly intuitive, is it? But then, that is par for the course with Facebook.

Since I often see the words “creepy” and “invasive” used in stories or blog posts concerning Facebook security changes, I’ll take a wild stab in the dark and say that I’m not the only one disturbed by the company’s continued errors on the user-privacy front.

Cluley lays out the bottom line in his coverage:

The onus should not be on Facebook users having to ‘opt-out’ of the facial recognition feature, but instead on users having to ‘opt-in’.

Yet again, it feels like Facebook is eroding the online privacy of its users by stealth.

It would seem that Marc Rotenberg, President of the nonprofit privacy advocacy group Electronic Privacy Information Center (the same group that has filed a complaint about Facebook’s privacy practices with the U.S. Federal Trade Commission last year), also agrees with this perspective. Alexei Oreskovic and Georgina Prodhan, writing for Reuters, bring us this statement:

Rotenberg said such a system raised questions about which personally identifiable information, such as email addresses, would become associated with the photos in Facebook’s database. And he criticized Facebook’s decision to automatically enable the facial-recognition technology for Facebook users.

Concerns are widespread enough that Facebook will be subject to a probe by the European Union data-protection regulators. According to statements made by Gerard Lommel, a member of the so-called Article 29 Data Protection Working Party in Luxembourg, there will be a group drawn from the 27 nations of the European Union. It will scrutinize the new photo tagging function for violations of their rules. Meanwhile, Ireland’s data-protection authority is also looking into it, according to spokeswoman Ciara O’Sullivan.

Stephanie Bodoni, writing for Bloomberg, shares some of Lommel’s commentary on the topic:

‘Tags of people on pictures should only happen based on people’s prior consent and it can’t be activated by default,’ said Lommel. Such automatic tagging ‘can bear a lot of risks for users’ and the group of European data protection officials will ‘clarify to Facebook that this can’t happen like this.’

The combination of privacy concerns and Facebook’s “population” of 500 million users are a pretty heady mix. So much so that TIME has done a feature on the subject, “How Facebook is Redefining Privacy,” neatly making the concerns public. Give it a read.

One last thing: There is an independent, open-source tool for scanning your Facebook privacy settings. For those not used to mucking about in their profile settings, it is a gem. Just go to and give it a try!

Source: “How To Block Facebook’s Face Recognition And Tighten Other Privacy Settings,” Fast Company, 06/08/11
Source: “Facebook facial recognition technology sparks renewed concerns,” Reuters, 06/07/11
Source: “Facebook changes privacy settings for millions of users — facial recognition is enabled,” Naked Security, 06/07/11
Source: “Facebook Faces Probe Over Photo Tagging,” Bloomberg, 06/08/11
Image by 0pensourceway, used under its Creative Commons license.

WordPress Image Lightbox