Johannes Caspar, data protection supervisor in Hamburg, Germany, wrote a letter to Facebook requesting that it suspend its facial recognition feature for Germany and deleted all the related biometric data it collected on German users.
If Facebook doesn't comply, it could face fines up to 300,000 euros under German law.
Caspar is concerned about two issues.
One, the storage of the biometric data itself poses the risk that it could fall to the wrong hands and be used for nefarious purposes.
"Someone with a picture taken on a mobile phone could use biometrics to compare the pictures and make an identification. Such a system could be used by undemocratic governments to spy on the opposition or by security services around the world," he said.
The Electronic Privacy Information Center (EPIC), a nonprofit that raised concerns about the Facebook facial recognition feature in the U.S., pointed out that Facebook has biometric data on hundreds of millions of people worldwide.
A second concern is that the facial recognition feature is activated by default. If users want to opt out of it, they need to actively take steps.
Caspar said if Facebook wants to re-instate this program (assuming it complies and stops in the first place), it needs to "ensure that only data from persons who have declared consent to the storage of their biometric facial profiles be stored in the database."
Similar, the Connecticut Attorney General asserts that the feature should require "users to affirmatively consent."
Meanwhile, users can take the following steps to opt-out and delete their biometric information.
Opt-out: Go to Account (upper right corner of homepage) - Privacy Settings - Custom settings (bottom middle) - Suggest photos of me to friends - Enabled/Disabled (check Disabled)
Delete Biometric Info: Login to Facebook - Click on this link - Click the "contact us" hyperlink (In the sentence "You can contact us to request that we remove all of your photo summary information") - send Facebook the automated message that pops up in the box