Social networking sites need to obtain users' "informed consent" before suggesting to other users that those individuals feature in photos that they are uploading to the site, an EU privacy watchdog has said. The Article 29 Working Party said, though, that the networks can process the images legitimately without the consent of …
Schoolboy mistake or intentional get out?
"Technical controls" should also be installed..."
Should read "Technical controls" MUST also be installed..." if you really want to ensure compliance and be able to prosecute if not.
Wooly legislation can harm us all with it's unintended (or sometimes intended) consequences.
One tiny problem
What happens if this processing and data storage occurs on US soil..?
Re: One tiny problem
"What happens if this processing and data storage occurs on US soil..?"
I don't know if this would cut it, but I would argue that if the data was input in Europe, and then transferred to the US and processed there, then the transferring of the data is part of the processing (after all; data processing is only moving data from 'register' to 'register' and making additions, etc. on the data on the way through).
I would therefore argue that data input into Facebook's systems in Europe must be handled according to Facebook's rules.
But what do I know? I think that the ICO should have teeth...
Re: One tiny problem
In theory all data collected in the EU can only be transferred out of the EU if whoever it is transferred to (and any 3rd, 4th and subsequent transferee) agrees to abide by EU data policy for data processing.
In practice, once Uncle Sam has got his grubby hands on it... who knows?
The match to be "deleted immediately after"? The spooks won't like that, so I imagine this idea is going to be quietly killed off. Far better for them if the match is stored, but just hidden if consent hasn't been obtained, so when Facebook get a request to identify a face they can quietly comply with or without your consent...
Facial Recognition Software is a scam anyway
"Facial Recognition Software" is a scam anyway. It's *really* being done by humans; just without annoyances such as fair treatment, minimum wages or any of that sort of bolshie nonsense you get in developed countries where the poor mistake themselves for human beings.
Mathematically speaking, facial recognition is isomorphic with decompilation, and there's still not much happening in that arena.
But all my friends look the same!
Wow, that's an almost spooky coincidence, because for me it's: my friend always looks the same.
What about other forms of tagging?
I was away over the Easter Holiday, but didn't mention it on my FB status because that's a good way of saying "come and burgle my house".
Unfortunately a "friend" (well, an FB friend) was also at the event and decided to tell the world that I was there, along with 40 or so other people.
They're not a friend any more...
I have been considering getting a European SSL proxy, with the assumption that using that will make my data subject to EU privacy rules. One of the guys at work does that with that very reason in mind. Not sure if it would actually be applicable though.
So why didn't they say ...
..."[T]he consent of the individual [must] be considered as the only possible legitimate basis for all processing [,so] the entire service [will] be blocked as, for example, there is no means to gain consent of non-registered users who may have their personal data processed during face detection and feature extraction ..."?
As a non-user of BaceFook, I do not want my image "tagged" (I don't actually want my image up there at all). The logical conclusion is that, since not everyone can give informed consent, the whole thing should be blocked.
Once again a toothless watchdog does exactly what the money-grubbers want.