You are here:

Privacy law for software companies – Facebook rolls out “opt out” facial recognition technology

This week saw Facebook in the media spotlight again with news that it has rolled out its facebook facial recognition functionality on an “opt out” basis. This means the technology is enabled by default.

According to Bloomberg’s Businessweek, “Facebook Inc. will be probed by European Union data-protection regulators over the feature that uses face-recognition software to suggest people’s names to tag in pictures without their permission”.

One of the members of the regulatory body has been quoted as saying that the technology should only be applied based on prior consent.

In my opinion, this is a thorny area of law and there are considerations that should be made on both sides of the fence. For instance, on one hand, what difference does it make if a computer tags someone or their Facebook friend tags them? On the other hand, it would certainly be more respectful of people’s privacy if this sort of technology were rolled out on an “opt in” basis (i.e so that the technology would not be applicable unless a user expressly took the step of enabling it in their account settings).

Privacy considerations should constitute an important part of a software providers’ legal analysis prior to deployment. And software developers need to weigh up the risks of rolling out technology which might easily be alleged to invade privacy, versus the risk of rolling out technology on an “opt in” basis which might mean that nobody will use the functionality.

Perhaps this is an area that regulators should start to think about more carefully. A person’s image is not protected by copyright. Should it be, for the purposes of Facebook? Or is the overlap between copyright and privacy no longer relevant when it comes to tagging people on Facebook? These are some of the controversial questions that, I believe, should be tackled head on by regulators so that both individuals and software organisations know where they stand.

In the interim, when it comes to deployment of software functionality that deals with personal information, software organisations might want to take a more careful approach than Facebook has done with this facial recognition technology, lest they get burn by public opinion, the regulators and possibly the Privacy Watchdog.

Photographs of individuals can raise a number of legal issues, ranging from those obvious ones under privacy and copyright law, together with issues under the laws of defamation, trade practices and passing off issues, and other laws.

Alan Arnott can be consulted on software organisations’ specific privacy obligations under Australian federal privacy law.

Disclaimer: This blog is for general informational purposes only. It is not legal advice nor is it a substitute for legal advice. Readers should seek legal advice on their own particular circumstances. Alan Arnott is a technology & telecommunications lawyer with qualifications in computer science and law with Arnotts Lawyers Jones Bay Wharf in Sydney. For more information, please visit