[LINK] Facebook photo tagging vs AU legislation

Mon Jul 4 13:26:37 AEST 2011

Date: Mon, 04 Jul 2011 11:12:03 +1000
From: eric scheid <eric.scheid at ironclad.net.au>

>>This information is, in other words, the biometric templates. It seems clear
> that asking that a tag be removed does not cause the template to be deleted,
> because removing the ?summary information? requires a separate request. So,
> Facebook generally retains templates after the visible tags are removed. And
> nowhere do they disclose what they might do with them.

>   Thankfully, hope is in AU (he says, optimistically)

>>There is an impending legal technicality that will hit Facebook hard in
> Australia, namely changes recommended by the Australian Law Reform Commission
> that will treat biometric templates as sensitive information, a special class
> of PI that carries extra obligations.

>>In particular, while indirect collection of regular PI is usually permitted if
> the collector makes reasonable efforts to inform the subject after the fact,
> with sensitive information consent is required prior to collection. This would
> seem to mean that photo tagging by third parties would not be permissible
> without prior consent.

If only this hope was realistic. But I fear it's not.

Facebook appeared as of late last year to have no corporate presence in the jurisdiction in Australia, and hence could prove a slippery customer for any diligent privacy regulator in Australia to enforce new laws like this upon (assuming the federal Parliament eventually finds the will to Act on ALRC's huge Report 108 of 2008, rather than letting it absentmindedly slip further into the future while the new online dangers are entrenched, as has happened to date). 

When a visiting Facebook policy director touched down on local soil briefly last December and wanted to speak to me on her rounds, the invitation was relayed by their local PR agency, rather than any local staff, of which there were apparently none. There was probably no-one here to regulate.

I also understand that Australian police seeking to pursue criminal investigations for bullying and harassment have historically had great difficulty finding anyone to call at Facebook, not only in this country but even in the US. 

With between nearly 10 million Australian customers, this extraterritorial existence in the US cloud -- collecting personal information and the associated monetisation opportunities from local citizens, exporting and using it, but potentially denying legal liability and jurisdiction to the subjects -- may represent a serious obstacle to any attempts to rein in the dangerously out of control, disrespectful and intrusive culture of this most immature of internet giants.

FWIW, the response to my query about the personal information security and privacy risks from current Facebook policies for a range of groups among the 600 million "dumb *ucks" (as Zuckerberg reportedly called users), was met, not with balanced consideration about how these risks might be addressed, but with the convenient dismissal that 'maybe Facebook is not for everyone'; in  effect, 'if you've got a problem, sod off'. The problem is that once your personal information has been globablly compromised, especially permanent irrevocable info like biometrics, sodding off does not fix the problem - except for Facebook, in their dreams. 