• by Wendy Davis , Staff Writer @wendyndavis, November 22, 2013

Facebook's decision to move forward with plans to draw on profile photos for its automatic-tagging feature highlights the need for the Commerce Department to develop best practices for facial recognition technology. So says Sen. Al Franken (D-Minn.), who this week reiterated his request that the National Telecommunications & Information Administration address the privacy implications of facial recognition software.

“The urgency of this matter is underlined by Facebook’s recent expansion of its facial recognition database -- already likely the largest in private hands,” Franken wrote to the NTIA this week.

When Facebook first rolled out automatic tagging in December of 2010, the feature scanned photos that users uploaded, and determined whether any of those users' friends were pictured. If so, Facebook suggested “tagging” the photos with the friends' names -- unless the friends had opted out.

At the time Facebook's facial-recognition database was limited to photos where people had already been tagged by their friends -- but not profile pictures. This summer, however, Facebook announced that it will start making tagging suggestions based on profile photos. That change, among other revisions to the service's terms, took effect last week.

Franken points out that the automatic tagging feature now will affect “some of the site’s least active users -- those who only had a profile photo and weren’t tagged in any other photos.”

He adds that he intends to explore legislation that would protect biometric information, but still hopes the NTIA will “convene industry stakeholders and privacy advocates to establish consensus-driven best practices for the use of this technology.”

While Franken is asking the NTIA to tackle biometrics, some privacy advocates have questioned whether the agency should even be leading a privacy initiative. Consider, the watchdog Center for Digital Democracy recently slammed an earlier NTIA privacy effort involving mobile apps. For that project, the agency held a series of meeting with industry players and privacy advocates, which resulted in a promise by tech companies to test "short form" privacy notices. The idea behind short-form notice is that developers will describe information collected by apps with just one word, or a short phrase -- like “biometrics,” “health information,” “location,” and “browser history” -- followed by brief definitions.

But that plan was controversial, given that some recent research suggests that consumers won't understand the notices. The Center for Digital Democracy said in its critique of the NTIA that any future series of privacy meetings should be led by the Federal Trade Commission, which the advocacy group described as “much better equipped to serve as a fair and well-informed facilitator.”