Facebook has released more information on the social media platform’s tracking of users off-site, after its CEO, Mark Zuckerberg, failed to answer questions about the process from US politicians and as the company prepares to fight a lawsuit over facial recognition in California.
In a blog post, Facebook’s product management director, David Baser, wrote that the company tracked users and non-users across websites and apps for three main reasons: providing services directly, securing the company’s own site, and “improving our products and services”.
“When you visit a site or app that uses our services, we receive information even if you’re logged out or don’t have a Facebook account. This is because other apps and sites don’t know who is using Facebook,” Baser wrote.
“Whether it’s information from apps and websites, or information you share with other people on Facebook, we want to put you in control – and be transparent about what information Facebook has and how it is used.”
But the company’s transparency has still not extended to telling non-users what it knows about them – an issue Zuckerberg also faced questions over from Congress. Asked by Texas representative Gene Green whether all information Facebook holds about a user is in the file the company offers as part of its “download your data” feature, Zuckerberg had responded he believed that to be the case.
Privacy campaigner Paul-Olivier Dehaye disagreed, noting that, even as a Facebook user, he had been unable to access personal data collected through the company’s off-site tracking systems. Following an official subject access request under EU law, he told MPs last month, Facebook had responded that it was unable to provide the information.
“They’re saying they’re so big the cost would be too large to provide me data,” he said. “They’re really arguing that they’re too big to comply with data protection law, the cost is too high, which is mind-boggling.”
Following Zuckerberg’s testimony, Dehaye made a complaint to the Irish data protection commissioner, noting the CEO “contradicted the pronouncements to me over past year by his own privacy Operations team”.
The Facebook blogpost comes as the company faces a class action lawsuit in California over its decision to launch a facial recognition feature for US users in 2011.
The “tag suggestions” feature, involves Facebook running facial recognition tech on uploaded photos to match them with other users automatically. But a class action suit representing Facebook users in Illinois argues that the technology breaches the law in that state.
On Monday, US district judge James Donato ruled the suit could go ahead, representing all Illinois users “for whom Facebook created and stored a face template after 7 June 2011”.
The feature was turned off in the EU shortly after it launched, and Facebook committed in 2012 to delete all face templates by October that year, as part of a wide-ranging agreement with the Irish data protection commissioner.
Now, however, the company intends to relaunch facial recognition features across the EU, building on an approach that it trialled in America. Facebook users will see a splash screen that informs them that they are reviewing “an option for turning on face recognition”. They can then click “accept and continue”, giving Facebook consent to use their face templates, or click “manage data settings”, then “continue”, then check a box marked “don’t allow Facebook to recognise me in photos and videos” to opt out.
Facebook believes this model, which the company describes as providing explicit consent, will allow it to avoid the concerns that were previously raised by the Irish data protection commissioner.