Facebook Deletes Facial Recognition Data For EU Users, Irish And German Commissioners Confirm

According to a report from CFO World, the Office of the Irish Data Protection Commissioner, or DPC, and the Hamburg Commissioner for Data Protection And Freedom of Information both confirmed this week that Facebook has deleted the user data, citing statements from both organizations.

“We recently reviewed the source code and execution process used in the deletion process and can confirm that we were satisfied with the processes used by Facebook to delete the templates in line with its commitment,” Ciara O’Sullivan, a DPC spokesperson, said in a statement this week.

Ulrich Kühn, the head of Hamburg DPC’s technical department, corroborated the news, reportedly saying, “For the time being, it is settled.”

Facebook has remained relatively quiet on the subject, telling CFO World that it has no plans to reintroduce tag suggestions to its EU users “for the moment.”

Beyond independently reviewing Facebook’s source code to see if the facial recognition templates and relevant user data was indeed gone, it’s unclear how exactly the Irish and German organizations confirmed that the offending data was removed completely. Facebook’s participation in the current investigation also remains unclear.

A Facebook representative was not immediately available for comment on this story.

Facebook’s facial recognition feature first came under scrutiny by European privacy advocates in 2011 after complaints began to bubble up from users and privacy watchdogs in Austria and Germany. While Ireland’s DPC was satisfied by the company offering to remove the “Tag Suggest” feature rather than the facial recognition technology entirely, German authorities reopened the investigation in August of last year. By September, Facebook had assented to the regulatory pressure, saying that it had already disabled the feature for new users in the region and would delete all of its data related to the facial recognition software gathered on its European users along with the templates originally used to identify users by Oct. 15.

Unlike some of other privacy violation charges leveled against the social media company, such as Germany’s Independent Center for Privacy Protection, or ULD, complaint against its real name policy, Facebook faced a stronger legal obligation to meet the DPC’s requests since its international headquarters are based in Ireland, making it subject to the EU’s international data protection regulations.

Just last week, Facebook reintroduced facial recognition to U.S. users, saying it had temporarily shelved the feature for “technical improvements.”

The company said in a blog post that the new facial recognition software was designed to help users “easily identify a friend in a photo and share that content with them.”

Facebook shares fell just under 1.4 percent during Thursday trading, closing at $28.65.