New Delhi: Three years after a data-privacy controversy forced Meta Platforms to halt the facial recognition feature, the Mark Zuckerberg-led parent of Facebook, Instagram and WhatsApp is bringing back the contentious technology. But this time, it is being cautious by rolling it out slowly and for a very selective subset of purposes.
The company “sees facial recognition as a powerful tool for verifying identities and preventing frauds”, David Agranovich, global director of security policy at Meta, told Mint on Monday. The company will roll out the technology to prevent impersonation of public figures and recover hacked, stolen and suspended accounts in most geographies Meta is present in.
“In 2021, we closed down our facial recognition system—partly because regulating the use of facial recognition was incomplete. While debates around this technology continue to evolve, we’re actively engaging with regulators to lead discussions on it,” Agranovich said. “Now, we’re individually vetting our technology for maintaining privacy and security, and we’ve discussed how we’re implementing it with regulators and policymakers around the world, prior to introducing the pilot.”
Meta also confirmed that no third-party entity will be involved in vetting the facial data linked with users as part of the pilot. It will begin notifying select public figures, mostly those whose identities have already been used in impersonation scams, for consent to use their facial data. Agranovich said “actual implementation will take place over the coming weeks”.
Once permitted by a user, the facial data will be tallied with advertisements that are flagged as suspected scams by Meta’s proprietary artificial intelligence algorithms used to screen the millions of ads across its platforms. Agranovich said users will be able to “voluntarily opt out” of the programme.
Shut in 2021
In November 2021, Jerome Pesenti, the erstwhile vice-president of artificial intelligence (AI) at Meta, announced that the company was shutting down its widespread usage of facial recognition to tag people across the internet. The decision was made a month after the company renamed itself to Meta from Facebook, representing an orchestrated effort by Zuckerberg to distance himself and his company from the Cambridge Analytica scandal, as well as whistleblower leaks that pointed to widespread usage of personal data to generate commercial revenue.
Since then, Zuckerberg has focused on the metaverse and short-format videos—even though targeted advertising remains a core part of Meta’s revenue model.
The company said it is now careful in its approach. “The use of facial recognition will go through an internal privacy and risk review process regularly. We have in-house experts across various fields of work contributing to this,” Agranovich said on Monday. “We don’t use the facial data for any purpose other than one-time scam verification processes. We also immediately delete any face data generated from ads, regardless of whether our systems find a match.”
The company, according to him, “shares information with government agencies and law enforcement bodies where appropriate, with the goal of enabling investigations and prosecutions of criminal scammers—frankly because we know that criminal punishments carry far greater significance than what we can impose”.
Compliant with law
Legal and policy experts say Meta’s current stance is compliant with Indian law and recognizes the need for a consent mechanism no matter what the application be.
“To use personality rights, one would have to seek consent through contractual terms. It appears that Meta is resorting to this recourse,” said NS Nappinai, senior counsel at Supreme Court and founder of Cyber Saathi. Meta would have to ensure “purpose limitation” while using facial recognition, he said.
“The Delhi High Court has repeatedly reiterated the protection for personality rights and these define protective measures,” she explained. “The situation, at present, appears to be use of facial recognition data for purportedly protecting the rights of public personalities and, hence, care has to be exercised to ensure that data is not utilised beyond the stated purpose.”
A senior lawyer at a top New Delhi law firm, who requested anonymity citing attorney-client privileges, said even under existing laws in India, biometrics are classified as ‘sensitive’ personal data—which differs from the importance of ‘normal’ personal data. “But we don’t have whitelisting or blacklisting of facial data usage or geographies that can do so—although we do permit its usage while stating that any entity accessing the data must be compliant with keeping records of usage of the data,” the official said. “Meta’s purpose, on this note, complies with the current regulations in the country.”
Nappinai and the lawyer quoted above also emphasized the need for urgent implementation of the Digital Personal Data Protection Act, 2023 to avoid a legal vacuum on the use of facial recognition technology.
