This is a reductive argument and does not hold up to both social and legal norms.
Making data publicly accessible does not grant users of it carte blanche to use it however they wish. The data may be copyrighted: Viewing it does not grant the viewer rights to republish it or claim it as their own work. An image may contain a likeness: Viewing it does not grant the viewer rights to claim endorsement by that individual, or to use their likeness in ways of which the individual does not approve.
Beyond copyright and likeness rights, a likeness contains biometric information. Having access to that likeness, at least by the laws of the State of Illinois, does not grant the user rights to biometrics derived from that image.
To be fair here, it kind of is the question right?
I mean, say you and I are at a neighborhood kid's birthday party with our own kids. Suppose further that you take some pictures, and then post them publicly. Maybe to your FB?
Well, I never really gave you permission to use my image on your FB. Let alone publicly. I know that I certainly would never consent to publishing images of my children publicly. Further, I suspect the birthday party's host wouldn't give you permission to post his/her family's images on FB either.
So here we are, with all of these people on your public FB. None having signed or even given verbal authorization for any sort of release. And now FB starts running FaceRec on all the information you just gave them. To top it all off, my family and I don't even use FB. Never have. So it really can't even be claimed that we consented to facial recognition via the terms and conditions of service.
I only outlined all of that to outline this, just because a person's image is in public doesn't mean that the person consented to the image being public. Especially images taken from private spaces, (like bday parties at some kid's house).
> So here we are, with all of these people on your public FB. None having signed or even given verbal authorization for any sort of release. And now FB starts running FaceRec on all the information you just gave them. To top it all off, my family and I don't even use FB. Never have. So it really can't even be claimed that we consented to facial recognition via the terms and conditions of service.
> I only outlined all of that to outline this, just because a person's image is in public doesn't mean that the person consented to the image being public.
But what part of this would, even hypothetically, give you a cause of action against Facebook? What's Facebook supposed to have done wrong? You have a cause of action against your friend who illegitimately provided your photos to Facebook, not against Facebook who relied on the legal assurance your friend provided that he had the right to post those photos.
They ran the facial recognition software without knowing if they had all applicants consent. Ignorance isn't an excuse for breaking the law, the onus is on FB to make sure all people have consented. I would not say that they have done all that they can to check, by just having it in the T&Cs that its' the user's responsibility. They are hiding behind their T&Cs, knowing full well that they could be scanning people they have no consent for.
Comically, once they run the scans, they should be able to certain that they don't have consent because it doesn't match one of their users, and should throw the data away.
FB offers a service that allows you to share your pictures with your friends among other things. Before you upload a picture Facebook asks you if you have all of the rights to the pictures you are uploading (albeit they ask that in the fine print of their TOS.) FB offers ancillary services based on those images you shared. If you are uploading images you don’t have the rights to how is this FB’s problem?
It doesn't mean they did their due diligence to confirm their data was clean of non-consenting individuals. They are clearly abusing their users ignorance. Signed T&Cs of one person shouldn't be enough when you're dealing with PII of multiple people in my opinion. You need everyone's explicit consent.
There is a disparity here between real world and software services I think. When my real estate agent's software asked me to put in my room mates details, I just had to check a checkbox that said he consented. Yet when it came to the paper contracts, we all had to sign individually. We need the latter for software, else PII is going to keep spilling all over the place and we'll forget we ever had privacy.
I don't think it's unfair to scrutinize a company in such a powerful position as FB either. They know they have unconsenting people in their photo database, it's just inevitable, and they are hiding behind their T&Cs hoping it's enough in the court of law. Ethically, they've failed already, and clearly in some states they're breaking the law too.
I find this type of logic to be inconsistent with the innovative culture of tech, and a fair bit hypocritical. On one hand, we have a new, fairly unprecedented technology (at least unprecedented on the scale on which it’s used) yet we are relying on tort law that predates the contemplation of anything of this magnitude. Why?
It was reasonable in 1990 that the mechanism that you suggest here would be highly effective in most cases. We are in uncharted waters now and unlike the titanic, I think we should proceed with caution.
Wouldn't it be similar to any copyright protection claim, similar to YouTube (or Napster, or LimeWire, or MegaUpload, or...)? If they don't legally have the right to share the media, the default action is to remove it without even investigating the claim (because of the scale Facebook and YouTube operate at).
Assuming Facebook cannot legally host the media, and they choose to do so after being informed of its contention, they are choosing to say they are legally in the clear (or that they don't care about the law, which seems a lot more likely).
IANAL, but it seems simple enough on the surface. Of course Facebook will claim otherwise, and without being required to make it easy to report contentious media very few people will actually do so, and sharing a photo without permission is not the same as copyright protection. I still think the same basic logic applies though.
Case law already exists on the right of people who appear in photos to stop the photographer from publishing the photos; the issue is not original to the internet at all.
If I recall correctly, there is no such right, because it would effectively eliminate photography.
This only applies in a public setting though (or anywhere where privacy is not to be expected). So any photos taken of friends/strangers in the privacy of one's home (or car, or work, or...) would be exempt, as I understand it.
Intent matters in law. Facebook knows a substantial portion of their users will not acquire permission. In fact, their UX at every turn is a honeypot, so they doubly know.
Well, if the birthday party were in, say, Illinois, it's obviously that FB is in violation of Illinois law with respect to facial recognition.
Further, it being a child's birthday party, at a private residence, the photographer's action becomes a tort in the vast majority of states. If you were a big enough pain in FB's butt, you could use that to stop distribution of the images at a minimum.
It's true that the easiest method of guaranteeing ironclad, legally enforceable privacy with respect to this facial recog stuff is to live in Illinois. But that doesn't mean the situation is hopeless for people who live in other states. It's just a matter of whether or not you want to do the legwork of making the claims. Which, depending on the state you live in, may have to be based on anything from privacy violation like Illinois, to contributory copyright infringement if you took the photo and forwarded to your friend who then posted it.
So it would depend on both the situation, and the state and municipality in which you reside. I can't give you one catchall, because there isn't one catchall right now these laws are uneven across the country. And very much in flux right now.
But beware, if it concerns stuff that is already on FB or on partner sites with similar ToS one has signed away ones rights. IANAL but this is from the FB Terms:
>> Specifically, when you share, post or upload content that is covered by intellectual property rights on or in connection with our Products, you grant us a non-exclusive, transferable, sub-licensable, royalty-free and worldwide licence to host, use, distribute, modify, run, copy, publicly perform or display, translate and create derivative works of your content (consistent with your privacy and application settings). This means, for example, that if you share a photo on Facebook, you give us permission to store, copy and share it with others. [..]
>> When you delete content, it's no longer visible to other users; however, it may continue to exist elsewhere on our systems where:
>> - your content has been used by others in accordance with this licence and they have not deleted it (in which case, this licence will continue to apply until that content is deleted);
The Privacy Policy states that you are responsible with whom you share your content, after which above license applies.
Making data publicly accessible does not grant users of it carte blanche to use it however they wish. The data may be copyrighted: Viewing it does not grant the viewer rights to republish it or claim it as their own work. An image may contain a likeness: Viewing it does not grant the viewer rights to claim endorsement by that individual, or to use their likeness in ways of which the individual does not approve.
Beyond copyright and likeness rights, a likeness contains biometric information. Having access to that likeness, at least by the laws of the State of Illinois, does not grant the user rights to biometrics derived from that image.