Back to blog

What Shutterfly and Facebook Can Teach Us About the Golden Rules of Privacy

Recently, private citizens have brought forth two biometric identification lawsuits in the United States. In one of them, a Chicago man filed a $5 million class-action lawsuit against photo-book service Shutterfly for using a tagged image of him (uploaded by a friend) to create an unsolicited account for the man on the site. The main issue is, of course, the question of individual citizens’ privacy.

In fact, whenever the topic of biometric identification arises, the privacy debate is never far behind. With Internet giants like Facebook and Shutterfly possessing such vast (and growing) databases of identified faces, it’s natural that private citizens would be worried.

Alan F. Westin, in his work, “Privacy and Freedom,” defines privacy as “the claim of individuals, groups or institutions to determine when, how and to what extent information about them is communicated to others.”

With this definition in mind, here are my three golden rules that should be followed by companies, websites, social media platforms or anyone who wants to build a database of identities.

1. The data collected in the database should be as a result of an opt-in process

2. The data should be used only for the original purpose

3. The data should never be forwarded to any third party

Applying these Golden Rules of Privacy to the recent lawsuits involving Shutterfly and Facebook, we see some valuable lessons.

In the case of Shutterfly, profile pictures and names were not collected through an opt-in system –they were culled from other users’ photos to create new profiles. This might cause users to feel that they don’t have control of their own information, since their newly created profiles were not their choice. This would be a violation of the first rule.

Rules number two and three might be a little harder to see in action here. When a person loads a picture, or any other data onto a social network, the intention of the user is share it with everyone. Once that information is available on the social network, it becomes public.

However, if at any given time, Facebook or Shutterfly were to segment their database based on facial criteria and then use that data for advertising, they would be violating the second rule by using this data for something other than its original purpose.

An even more egregious violation of privacy could occur if one of these platforms, or any other data-collecting site for that matter, forwarded data based on facial parameters, to third party advertisers – a clear violation of rule three.

Having noted all this, FST is still often confronted with this question from potential customers: “How do we know that our data will remain private?” People are often worried that having their biometric information gathered puts them at risk for violations of their privacy.

The only true solution to this issue is to offer a completely closed system. Our solution, IMID Access, does just that. It also very strictly adheres to my three Golden Rules of Privacy. When IMID Access is installed, users must opt-in and willingly provide a facial image to be registered in the system.

Furthermore, FST provides an additional security layer by hashing the data to protect the privacy of its opt-in users. In this way, our customers know that their identities are only used for the purpose of identification and secure access to specific company facilities and locations.

There is no doubt that the privacy debate will continue, and companies like Facebook and Shutterfly will have to curb the reach and applications of their users’ facial data. Without doing so, they are risking major headaches, which could result in huge financial ramifications.


+ Add comment

Back to blog

We would love to hear from you! Please fill out the contact form below: