‘Moments’ and Face Recognition on Facebook within the European Legal Framework


What is ‘Moments’

Our daily life is continuously captured by digital photographs that are often shared with other people and uploaded on online social networks (OSN). To help make this easier Newsroom Facebook recently announced a new standalone app called ‘Moments’. This app is able to group photos taken on smart-phones and uses facial recognition technology to individuate which one of your friends is in them. In other words it is a way of sharing content between users, which involves the synchronization data management by means of a facial recognition software algorithm.


Facial Recognition as ID tool

According to this application your face is like a fingerprint. Key markers on your face can distinguish you from other people. At this time there is no doubt that Facebook has the biggest open source of ‘faceprints’ in the digital world. Pictures are continuously updated into the FB’s platform and linked to other information about its users.

Prof. Alessandro Acquisti – our distinguished speaker in 2012 - has been studying facial recognition technologies for some years. In a recent article, Prof. Acquisti highlights three main challenges that limit facial recognition’s effectiveness for now: firstly, there are no databases of people’s faces large enough to identify the random person on the street; secondly, in linking with wide databases, there are still many ‘false positives’ where a subject is incorrectly identified; finally, computers are not fast enough yet. However, as Prof. Acquisti points out, these challenges would not hold back these technologies forever.

Law enforcement organizations (like the FBI) are really focusing on this technology too. According to Electronic Frontier Foundation (EFF) new documents released by the FBI reveal that its primary target is the creation of a complete operational face recognition database. It is speculated that the FBI currently holds one third of the U.S. population in a database of this kind and experts say that there has been a dramatic increase of face images registered this year (see more details on Next Generation Identification –NGI).

In addition, the researchers working on Facebook’s app have published an innovative study on how the recognition of people’s faces is facilitated by the analysis of contextual information like hair style, dressing and body shape. This so-called Pose Invariant Person Recognition (PIPER) has improved face recognition accuracy to about 83%. FB’s researchers have said that it will be a while before the project will be fully integrated in social media platforms and we are still waiting for its commercial diffusion.

All things considered, we can assist to a delicate picture about the current state of the art on FB’s Moments app.


U.S. Market Rules Does Not Fit Into The European Legal Framework

Although the U.S. Constitution offers some privacy protection to its citizens, these protections are not easily applied to facial recognition tools. This is because there are no constitutional checks on private companies like Facebook. Such companies are subjected to trade standards defined with the Federal Trade Commission (FTC).

The EU, unlike the US, takes a more paternalistic approach to enforcing its citizens right to privacy in the private sector. Because of this, the new Moments app will not be launching in the EU until Facebook will find a way to opt-in its facial recognition technology in respect of the European policy. Mr. Richard Allan, Facebook’s head of policy in Europe, confirmed that FB has to reach a deal with the Data Protection Supervisor in Ireland (like European FB’s headquarters) before providing this service to the European citizens.

From a legal point of view, Facebook’s use of facial recognition software is against EU privacy laws mostly because it is able to collect biometric data of people without explicit consent by them. This type of perpendicular data usage is prohibited by the Data Protection Directive 95/46 EC (specifically recitals 30, 33, 58, 70 and articles 2, 7, 8). The proposal for the General Data Protection Regulation in EU (GDPR) would make the privacy threshold for apps like Moments even more difficult. Article 20.1 of this Regulation refers to “profiling” as: “the data subject shall be informed about the right to object to profiling in a highly visible manner”. More details are provided at paragraphs 2 and 3; these are respectively related to: (a) profiling practices on the data subject and (b) the fundamental responsibility of the data controller to protect its users and prevent possible harms. Given this background, the reconciliation between FB’s Moments app and the European legal framework seems unlikely.


Final considerations

Taking into account the user’s best interest, ‘privacy by design’ (PBD) could represent a solution to fix ‘Moments’ app discussions on FB. The adoption and integration of privacy-enhancing technology (PETs) could offer the tool necessary to manage user’s privacy. This measure would enhance ICTs by minimizing individual personal data use but also to maximize data control. To give an example recent studies show how PET scan plays a key role for privacy-preserving in face recognition.

We will stay on the lookout for upcoming developments!


Marco Mendola

Tech & Law Center Fellow