Facebook has agreed to delete all facial recognition data it stores on its European users – held on a photo database used for tagging – heading off the threat of legal action from the German authorities.
The Irish Data Protection Commissioner (DPC) – which regulates Facebook because it operates out of Dublin – detailed the move in a new audit report.
The facial recognition feature has already been turned off for new users in the EU and templates for existing users will be deleted by October 15, the DPC said.
“This resets the clock for facial recognition in Europe,” it said. Facebook needed “a bit of convincing” to agree to delete the template, “but in the end [it] saw the benefit on moving on the issue”.
The Irish data protection authority released a damning privacy audit of Facebook at the tail end of last year and the agency had more than a dozen recommendations for how Facebook could change its policies and improve its privacy protections.
A new audit showed that most of the recommendations have been fully implemented.
There is better transparency for the user, better control over user settings and an enhanced ability for users to delete data and clear retention periods for deleted personal data.
However, action is still needed on user education, the deletion of data shared with third-party sites and fully verified account deletion, the DPC said.
If Facebook does not comply within four weeks, it could face a fine of up to €100,000 (£80,000). But the DPC said did not expect that regulatory proceedings were necessary since Facebook has been cooperative. “We are confident Facebook will comply,” said the report.
Related stories
FB suspends tagging for new users
