Facebook rolling out privacy choices under EU rules

A controversial Facebook AI tool could be soon be making a return to Europe and Canada.

Facial recognition, launched in 2010, suggests names for people it identifies in photos uploaded by users.  

It was suspended for users in Europe in 2012 over privacy concerns, but still lives on in the US and other regions worldwide.

Now the firm says it will make a comeback, using the new European data protection regulations as an chance to collect more information if users opt in.  

The move to reintroduce the image scanning software is likely to ruffle feathers, coming in the wake of the Cambridge Analytica data handling debacle.

Private information taken from 87 million users was supplied to the consultancy firm, which was working for Donald Trump’s 2016 presidential campaign.

 

A controversial AI tool could be soon be making a return to Europe and Canada, after it fell foul of privacy laws. Facial recognition, launched in 2010, suggests names for people it identifies in photos uploaded by users. This pop up will help users control its settings

Facebook claims its facial recognition technology helps people manage their identity online.

It can also help the visually impaired know who is shown in a photo. 

But it also provide Facebook with a huge amount of data on an individual, such as who they are friends with and where their location.  

Facebook will begin to ask users if they want to opt in or out of the facial recognition feature under the European Union’s General Data Protection Regulation (GDPR) this week, ahead of it coming into force on May 25.

Under the new policy, Facebook users will also be asked to review and make choices about ads they receive, including whether they want Facebook to use data from third parties.

They will also be asked to review and choose what to share about the political, religious, and relationship information on their profiles.

These are designed to ensure the Menlo Park, California, firm complies with the forthcoming EU rules, with European residents seeing the measures first. 

Facebook also announced today (Wednesday) that it will begin rolling out changes this week to how it handles private data (notification pictured). This is designed to ensure the firm complies with the forthcoming EU rules, with European residents the first to see the new measures

Facebook also announced today (Wednesday) that it will begin rolling out changes this week to how it handles private data (notification pictured). This is designed to ensure the firm complies with the forthcoming EU rules, with European residents the first to see the new measures

‘Everyone – no matter where they live – will be asked to review important information about how Facebook uses data and make choices about their privacy on Facebook,’ chief privacy officer Erin Egan and deputy general counsel Ashlie Beringer said in a written statement.

The statement also said users will be told that facial recognition is optional, but that it could offer some benefit, such as being notified when someone is using an unauthorised picture.

‘We not only want to comply with the law, but also go beyond our obligations to build new and improved privacy experiences for everyone on Facebook,’ Ms Egan and Ms Beringer wrote.

GPDR aims to strengthen and unify data protection for all individuals within the European Union.

Founder Mark Zuckerberg told congressional panels Facebook intends to offer the same privacy protections embodied in the EU's General Data Protection Regulation for its worldwide users

Founder Mark Zuckerberg told congressional panels Facebook intends to offer the same privacy protections embodied in the EU’s General Data Protection Regulation for its worldwide users

WHAT IS THE EU’S GENERAL DATA PROTECTION REGULATION?

The European Union’s General Data Protection Regulation (GDPR) is a new data protection law that will enter into force on May 25, 2018.

It aims to strengthen and unify data protection for all individuals within the European Union (EU).

This means cracking down on how companies like Google and Facebook use and sell the data they collect on their users.

The law will mark the biggest overhaul of personal data privacy rules since the birth of the internet.

Under GDPR, companies will be required to report data breaches within 72 hours, as well as to allow customers to export their data and delete it.

The European Union's General Data Protection Regulation (GDPR) is a new data protection law that will enter into force on May 25. It aims to  crack down on how companies like Google and Facebook use and sell the data they collect on their users

The European Union’s General Data Protection Regulation (GDPR) is a new data protection law that will enter into force on May 25. It aims to crack down on how companies like Google and Facebook use and sell the data they collect on their users

Part of the expanded rights of data subjects outlined by the GDPR is the right for data subjects to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed, where and for what purpose. 

Further, the controller must provide a copy of the personal data, free of charge, in an electronic format. This change is a dramatic shift to data transparency and empowerment of data subjects.

Under the right to be forgotten, also known as Data Erasure, are entitled to have the data controller erase their personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. 

The conditions for erasure include the data no longer being relevant to original purposes for processing, or a data subject withdrawing their consent. 

This right requires controllers to compare the subjects’ rights to ‘the public interest in the availability of the data’ when considering such requests.

This means cracking down on how companies use and sell the data they collect on their users.

The law will mark the biggest overhaul of personal data privacy rules since the birth of the internet.

Under GDPR, companies will be required to report data breaches within 72 hours, as well as to allow customers to export their data and delete it.

The laws will be welcome news to anyone affected by the Cambridge Analytica scandal.

Facebook founder Mark Zuckerberg faced ten hours of questioning in two congressional panels last week, following revelations that personal data was harvested by the British consultancy.

Zuckerberg testified that Facebook intends to offer the same privacy protections embodied in GDPR for its worldwide users, but that there could be some differences in format.

Ms Egan and Ms Beringer said Facebook users in the EU will start seeing the requests this week so they can make choices before May 25.

‘As part of our phased approach, people in the rest of the world will be asked to make their choices on a slightly later schedule,’ they said.

They added that Facebook would take steps to comply with the EU rules that limit advertising and public viewing of data for teens. 

GPDR aims to strengthen and unify data protection for all individuals within the European Union. The law will mark the biggest overhaul of personal data privacy rules since the birth of the internet (stock image)

GPDR aims to strengthen and unify data protection for all individuals within the European Union. The law will mark the biggest overhaul of personal data privacy rules since the birth of the internet (stock image)

WHAT IS THE CAMBRIDGE ANALYTICA SCANDAL?

Communications firms Cambridge Analytica has offices in London, New York, Washington, as well as Brazil and Malaysia.

The company boasts it can ‘find your voters and move them to action’ through data-driven campaigns and a team that includes data scientists and behavioural psychologists.

‘Within the United States alone, we have played a pivotal role in winning presidential races as well as congressional and state elections,’ with data on more than 230 million American voters, Cambridge Analytica claims on its website.

The company profited from a feature that meant apps could ask for permission to access your own data as well as the data of all your Facebook friends.

The data firm suspended its chief executive, Alexander Nix (pictured), after recordings emerged of him making a series of controversial claims, including boasts that Cambridge Analytica had a pivotal role in the election of Donald Trump

The data firm suspended its chief executive, Alexander Nix (pictured), after recordings emerged of him making a series of controversial claims, including boasts that Cambridge Analytica had a pivotal role in the election of Donald Trump

This meant the company was able to mine the information of 55 million Facebook users even though just 270,000 people gave them permission to do so.

This was designed to help them create software that can predict and influence voters’ choices at the ballot box.

The data firm suspended its chief executive, Alexander Nix, after recordings emerged of him making a series of controversial claims, including boasts that Cambridge Analytica had a pivotal role in the election of Donald Trump.

This information is said to have been used to help the Brexit campaign in the UK.

This will mean no use of facial recognition for anyone under age 18 and limitations on who can see certain information teens have shared.  

To comply with GDPR, Facebook will also limit what it shows to users between the ages of 13 and 15 unless they get permission from a parent.

On Monday it emerged a US federal judge has ruled Facebook will face a class action law suit in the wake of its privacy scandal. 

Allegations of privacy violations emerged when it was revealed the app used a photo-scanning tool on users’ images without their explicit consent. 

Under Illinois state law, the company could be fined $1,000 to $5,000 (£700 to £3,500) each time a person’s image was used without consent. 

It is believed that the function runs afoul of Illinois state law on protecting biometric privacy. 

Judge James Donato ruled the claims by Illinois residents Nimesh Patel, Adam Pezen, and Carlo Licata were ‘sufficiently cohesive to allow for a fair and efficient resolution on a class basis.

A US federal judge has ruled the Zuckerberg owned social network will face a class action law suit in the wake of its privacy scandal. Allegations of privacy violations emerged when it was revealed the app used a photo-scanning tool on users' images without their explicit consent

A US federal judge has ruled the Zuckerberg owned social network will face a class action law suit in the wake of its privacy scandal. Allegations of privacy violations emerged when it was revealed the app used a photo-scanning tool on users’ images without their explicit consent

WHAT IS THE LEGAL IMPACT OF THE CAMBRIDGE ANALYTICA SCANDAL?

News that Trump-affiliated company Cambridge Analytica used data mined from Facebook user’s to try and influence the US presidential election may trigger a wave of lawsuits, according to experts. 

Vanessa Barnett, a commercial lawyer and data protection expert at Keystone Law, believes it’s ‘very likely’ we will see a slew of legal cases against the firms in the wake of the scandal.

Speaking to MailOnline, she said: ‘In the UK, users can take direct action for damages caused to them by a data breach – and that includes damages for distress. 

‘How that translates into a “pounds, shillings, pence” type number for each person would depend on the nature of the damage.’ 

‘We have case law where the Home Office revealed personal data of asylum seekers, including potentially where they lived. Some of those individuals were awarded £12,500 ($14,000) in damages.

‘It remains to be seen if the damage caused by the Cambridge Analytica scandal is comparable.’

Ms Barnett says that a number of consumer rights focused groups are looking at the possibility of a class action lawsuit, a more regular feature of the US legal system than in the UK.

A class action lawsuit filed against the firm in America is now seeking compensation for the roughly 70 million US users who were affected.

Ms Barnett added: ‘Years ago we just had Max Schrems vs Facebook, and he didn’t do too bad, but now it’s much more in the public consciousness. 

‘If the mechanics to participate in a class action are easy, I can see many users joining in.’ 

‘Consequently, the case will proceed with a class consisting of Facebook users located in Illinois for whom Facebook created and stored a face template after June 7, 2011,’ he said, according to the ruling. 

Facebook rolled out its ‘tag suggestions’ feature in June 2011.

The feature is not currently available to users in most countries, including the UK – and can be turned off in settings for US users. 

Facebook believe that the lawsuit should be pursued by individual as the total amount of damages could ‘amount to billions of dollars,’ U.S. District Judge James Donato wrote in the ruling.

The judge has ruled that the Illinois law is clear: Facebook has collected a ‘wealth of data on its users, including self-reported residency and IP addresses,’ reports Bloomberg.   

Facebook's facial recognition tool, launched in 2010, suggests names for people it identifies in photos uploaded by users. A judge has ruled this broke Illinois state law and people could be entitled to up to $5,000 (£3,500) in compensation for every image used 

Facebook’s facial recognition tool, launched in 2010, suggests names for people it identifies in photos uploaded by users. A judge has ruled this broke Illinois state law and people could be entitled to up to $5,000 (£3,500) in compensation for every image used 

HOW DOES FACIAL RECOGNITION TECHNOLOGY WORK?

Facial recognition is increasingly used as way to access your money and your devices.

When it comes to policing, it could soon mean the difference between freedom and imprisonment.

Faces can be scanned at a distance, generating a code as unique as your fingerprints. 

This is created by measuring the distance between various points, like the width of a person’s nose, distance between the eyes and length of the jawline.

Facial recognition systems check more than 80 points of comparison, known as ‘nodal points’, combining them to build a person’s faceprint.

These faceprints can then be used to search through a database, matching a suspect to known offenders.

Facial recognition is increasingly used as way to access your money and your devices. When it comes to policing, it could soon mean the difference between freedom and imprisonment (stock)

Facial recognition is increasingly used as way to access your money and your devices. When it comes to policing, it could soon mean the difference between freedom and imprisonment (stock)

Facial scanning systems used on personal electronic devices function slightly differently, and vary from gadget to gadget.

The iPhone X, for example, uses Face ID via a 7MP front-facing camera on the handset which has multiple components.

One of these is a Dot Projector that projects more than 30,000 invisible dots onto your face to map its structure.

The dot map is then read by an infrared camera and the structure of your face is relayed to the A11 Bionic chip in the iPhone X, where it is turned into a mathematical model.

The A11 chip then compares your facial structure to the facial scan stored in the iPhone X during the setup process.  

Security cameras use artificial intelligence powered systems that can scan for faces, re-orient, skew and stretch them, before converting them to black-and-white to make facial features easier for computer algorithms to recognise.

Error rates with facial recognition can be as low as 0.8 per cent. While this sounds low, in the real world that means eight in every 1,000 scans could falsely identify an innocent party..

One such case, reported in The Intercept, details how Steven Talley was falsely matched to security footage of a bank robber.

Facebook has acknowledged that it can identify which users who live in Illinois have face templates, he wrote.

A face template can be generated from ten or more photos and is used to generate a profile on Facebook’s database.

‘Although many individuals may not have had enough tagged photos to generate a face template in Facebook’s database, in January 2011 [when Facebook implemented tag suggestions for all users] the average user was tagged in 53 photos, far more than the 10 needed to generate a face template,’ according to a December court filing.

A Facebook spokeswoman said the company was reviewing the decision, adding: ‘We continue to believe the case has no merit and will defend ourselves vigorously.’

Facebook also contends it has been very open about the tool since its inception.

As well as allowing users to turn the feature off, the Zuckerberg-owned app lets users prevent themselves from being suggested in photo tags. 

It also emerged this week that secret surveillance software created by a former Israeli intelligence officer is harvesting Facebook photos.

The firm behind it, Face-Int i, is taking profile images from the social network, YouTube and other sites to build a huge facial recognition database.

Its creators say the software could lead to the identification of terror suspects, captured in promotional and other material posted online.

Pop-ups appearing in Facebook Messenger (pictured) from last week ask users to review their privacy settings to continue using the app, ahead of laws taking force on May 25. The notifications were prompted by the strict new General Data Protection Regulation

Pop-ups appearing in Facebook Messenger (pictured) from last week ask users to review their privacy settings to continue using the app, ahead of laws taking force on May 25. The notifications were prompted by the strict new General Data Protection Regulation

HOW TO CHECK IF YOUR DATA WAS SHARED WITH CAMBRIDGE ANALYTICA

All 2.2 billion Facebook users began to receive a notification automatically at the top their newsfeed after it was launched on Tuesday, April 10, a day later than expected.

Titled ‘Protecting Your Information,’ it contains a link to let you see what apps you use and what information you have shared with them.

Affected users are automatically presented with a notice that says: ‘We have banned the website “This Is Your Digital Life,” which one of your friends used Facebook to log into.

‘We did this because the website may have misused some of your Facebook information by sharing it with a company called Cambridge Analytica.’ 

Users can then click on a ‘See how you’re affected’ button to find out more as well as to remove permission for apps and websites you’ve logged into via Facebook to have access to your profile. 

For those not affected by the Cambridge Analytica incident the message reads: ‘You can go to the Apps and Websites section of your settings anytime to see the apps and websites you’ve used Facebook to log into.’

The ‘Go to apps and websites’ button will provide quick access to review and amend these permissions. 

A separate ‘How can I tell if my info was shared with Cambridge Analytica?’ tool will also resolve the question for you.

To manually access this tool, click the link here. 

Users not believed to be affected will see the message ‘Based on our available records, neither you nor your friends logged into “This Is Your Digital Life.”

‘As a result, it doesn’t appear your Facebook information was shared with Cambridge Analytica by “This Is Your Digital Life”.’

Affected users will see a different message and they will be asked to to change their app settings, available here.

This is something that is still advisable for the security conscious, removing permissions for apps you no longer need or don’t recognise.

Facebook is not notifying individual users of the identify of friends who may have used the ‘This Is Your Digital Life’ app.



Read more at DailyMail.co.uk