Facebook Used Facial Recognition Without Consent 200K Times, Says Watchdog (theregister.com) 13
Facebook has been ordered to pay $5.5 million for creating and storing facial recognition templates of 200,000 local users without proper consent between April 2018 and September 2019, according to South Korea's government data protection watchdog, the Personal Information Protection Commission (PIPC). Netflix and Google also received reprimands or fines for insufficient privacy protections and violating laws. The Register reports: Another [$22,000] penalty was issued for illegally collecting social security numbers, not issuing notifications regarding personal information management changes, and other missteps. Facebook has been ordered to destroy facial information collected without consent or obtain consent, and was prohibited from processing identity numbers without legal basis. It was also ordered to destroy collected data and disclose contents related to foreign migration of personal information. Zuck's brainchild was then told to make it easier for users to check legal notices regarding personal information. The fine is the second-largest ever issued by the organization, the largest ever also going to Facebook. In November 2020 the Social Network was fined [$5.7 million] for passing on personal data to other operators without user permission.
Netflix's fine was a paltry [$188,000], with that sum imposed for collecting data from five million people without their consent, plus another [$2,700] for not disclosing international transfer of the data. Google got off the easiest, with just a "recommendation" to improve its personal data handling processes and make legal notices more precise. The PPIC said it is not done investigating methods of collecting personal information from overseas businesses and will continue with a legal review.
Netflix's fine was a paltry [$188,000], with that sum imposed for collecting data from five million people without their consent, plus another [$2,700] for not disclosing international transfer of the data. Google got off the easiest, with just a "recommendation" to improve its personal data handling processes and make legal notices more precise. The PPIC said it is not done investigating methods of collecting personal information from overseas businesses and will continue with a legal review.
I hope other regulators would take note.. (Score:3)
As this type of silliness should really have stopped a while ago when it was made clear that it is not ok.
Re: (Score:3)
As this type of silliness should really have stopped a while ago when it was made clear that it is not ok.
It would be great if other regulators would "take note", but it would be terrible if they followed South Korea's example. The Facebook fine amounts to $27.50 per person whose facial data was abused. That's not even a "cost of business", it's a fucking rounding error. The SK government should multiply that fine by a factor of 1,000, pocket 20% for their trouble, and disburse the rest among the victims.
Charging companies pocket change for raping people's privacy isn't a "fine" - hell, it's barely a minor inco
Re: I hope other regulators would take note.. (Score:1)
Without consent (Score:1)
Yeah well no fine (Score:2)
~ 5E6 USD seems like a rounding error in the books of FaceBerg.
Fines not enough (Score:4, Interesting)
This is just the cost of doing business for Facebook now.
Re: (Score:2)
Exactly. The fines are factored in and treated as an expense. This is what you get when a corporation is a legal person (with psychopathic tendencies too) that can't be thrown in jail.
If you want that to change, there needs to be consequence for actual human beings in that company. Either the CEO, or the head of legal, or someone with signing authority needs to face the possibility of doing time over what their company does.
This is not an outlandish concept. Take the aero industry: if your company makes FAA
$5.5 million is miniscule (Score:1)
Broken Process (Score:3)
The $5.5MM fine represents 0.019% of their annual profit. The chances are that there are literally scores of Facebook employees that earned more than that in performance bonuses over the same time period. Fines of this nature simply aren't going to deter a company like Facebook from conitnuing to abuse the laws all around the world.
At first it seemed like the EU had a good idea when they announced that fines for breaches of the GDPR would be up to 4% of worldwide income, not revenue, but experience shows that despite continued and egregious abuse of the law, the penalties simply haven't been effective. In fact, we could probably sum this up as:-
"Want to break the law? Simple! Just form a Corporation! Because even if you get caught, the fine will be a slap-on-the-wrist... and there will be no down-side for you, personally! See? We have the best laws that money can buy..."
The only way that laws can keep the big multinationals in check now is if they include mandatory jail time for executives, and/or fines equal to a percentage of net income spanning multiple years (1 year of income for a first offense, 3, 5 or 10 years for repeat offenses) and/or a law which says that while corporations are under the effect of sanctions for a breach of the law, the corporation is not permitted to pay any dividends to shareholders, nor is it entitled to issue any stock or restricted stock grants.
This would upset shareholders, who expect a return on investment. It would also upset the CEOs of this world who, like Bezos, Musk, etc., take their income not as salary (which is directly taxable as income) but as stock and stock options, for which a whole slew of tax avoidance mechanisms exist. [ And if you want to see just how corrupt the tax schemes for CEO's and the super-wealthy, is, check out the Pro-Publica reporting on the subject [propublica.org]. And the key thing here is that until those Executives and shareholders get hit, hard, where it hurts [their wallets], nothing is going to change.
Think about all the worst corporate snafu's we've seen in recent years:-
- The Deepwater Horizon Oil spill in the Gulf of Mexico
- The Colonial Pipeline cyber hack
- The Equifax Data breach
- California fires caused by faulty cables
- I could keep going, but you get the idea...
In every single one of the above cases [and all the others] the perpetrators of the fundamental issues - the Executives - and those who profited from the malicious practices - the shareholders - got away "scott free". Yes, the California fires will certainly have required PG&E to go and repair or replace many miles of supply cables. But how much will it cost to rebuild destroyed towns? Re-plant destroyed forests?
Let's put this another way. 31 people lost their lives in California wild-fires in 2020. Suppose that one person, an arsonist, went around California, torching homes and killing 31 people through their actions. Now suppose that person was caught. What do you think their punishment would be? Life in prison? All their net worth given to the families of victims as restititution? But how many of those lives were lost because of corporate greed? What were the sanctions on the corporations as a result?
Until we're able to answer that the punishment to corporations is "means tested", this sort of abuse is going to keep going.
You can bet your Oculus Rift that Zuckerberg would not have allowed his company to capture that illegal content if it had meant he had to do 5 years in a South Korean prison, right? If that is what it takes to get Farcebook to obey the law, then we should do that.
Shocked! (Score:2)
Honestly surprised that that number of uses without consent is that damned low. I would've guessed closer to 200M, not 200K.
Re: (Score:2)
Re: (Score:2)
That's what I get for reading the misleading headline, "...200k Times..." as opposed to RTS, "200,000 local users."
Would it be /. without a post from someone who didn't even bother to read the summery?
Also a violation of Canadian Right of Privacy (Score:2)
They are also in clear violation of Canadian citizen's Right of Privacy, which is in the Canadian Constitution.