Data Privacy: Facebook, Facial Recognition, and Opting Out
I have been neck deep in the McKinsey Report working on my post about big data and the enormous impact it could have on the U.S. health care system when the whole Facebook facial recognition brouhaha came across my digital desktop. Followed by lots and lots of emails and calls from friends and family asking me what it means and what the heck (stronger words were used, but I like to keep my posts PG) they were supposed to do to TURN IT OFF. So, without further ado, my thoughts on this new great (sarcasm on) opt-out feature from Facebook as well as what appears to be a disturbing industry trend towards opt-out privacy settings.
First, full disclosure to any new readers: I do not have a Facebook page. Long story short: I decided long ago and far away to keep my personal life off the Internet (as much as possible). Yes, I am in marketing and yes, I love social media, but I live my professional life pretty much for everyone to see and I like to keep my private life, well, private. I also believe that everyone has the right to keep their private lives private (time to plug our book on “Privacy and Big Data”) no matter what those pesky personal information data collectors and users, like Facebook or Google or Amazon or fill-in-the-blank, would like you to do.
So on with this post. What exactly is Facebook’s facial recognition feature? Well, it makes it “easier” for you to tag your friends in photos. How does it work? It’s pretty simple (and if you’re like me, kind of scary)—whenever you or your friends upload photos, Facebook uses its facial recognition software to match the new photos with other photos you’ve already tagged and then suggests the name of the friend to tag. Now, if you don’t want your name to be suggested (that would be my line of defense, but I am not a user so this does not apply to me) you can disable this feature in your own Privacy Settings and your name will no longer be suggested in photo tags (although your Facebook friends can still manually tag you). If you do not, you are notified whenever you are “automatically” tagged and you can then untag yourself.
What’s wrong with the way Facebook is handling this? This is an opt-out feature. IMHO possible-invasion-of-privacy features should always be opt-in. The default setting should be “no” and the user should not have to go through extensive privacy setting customizations to prevent automatic tagging. The way this feature is set up makes it a privacy risk as the EU states:
“…European Union regulators think that this feature is a potential privacy risk. ‘Tags of people on pictures should only happen based on people’s prior consent and it can’t be activated by default,’ said Gerard Lommel, a Luxembourg member of the Article 29 Data Protection Working Party.”
Now, for all of you Facebook users who need a handy-dandy cheat sheet on privacy settings, Fast Company has an excellent article on how to block Facebook’s face recognition feature as well as how to tighten other privacy settings. I encourage you to read it.
Some final thoughts on this latest “Facebook feature.” Wherever you stand on the privacy scale (from off-the-grid to “concerned” to “don’t care”), features that are directly related to privacy should always be opt-in. Consumers today are being encouraged (and some might say benignly coerced) into allowing privacy settings to be eroded by opt-outs like these. This is not just Facebook’s business model by the way. Lots of other apps are taking this approach—the idea being that the consumer will just be too busy or not care enough to “read” the fine print in all those privacy policies. As a recent Carnegie Mellon University study pointed out:
“The mean length of privacy policies from the web’s most popular sites was 2,514 words, long enough to induce eyestrain even in the biggest privacy nerd (and one policy from the sample went as high as 7,669 words)… When multiplied across the major sites that most users visit in a year, it’s clear that getting a good sense of what web sites are doing with personal information could consume a good chunk of one’s time. In fact, the authors estimate that it could take anywhere from 16 to 444 hours per person per year, with most Americans needing a full 200 hours to get through everything.”
This is what makes opt-out policies so great for the businesses who use them and so potentially harmful for the consumers. It puts privacy protection on the consumers’ back; we must remain ever vigilant about all the sites we visit and their new great possibly-privacy-eroding features, some of which are not even announced (and in Facebook’s defense, at least they let us know what they are doing). At the very least, features and settings that apply to one’s privacy should always be offered as an opt-in. That way we at least know what we are giving up in order to “get something in return.”