What can I do about this clause?

{'method': 'IN_APP', 'recipient': 'Facebook Settings > Face Recognition', 'difficulty': 'EASY', 'action_type': 'OPT_OUT_ARBITRATION', 'instructions': "Open Facebook, go to Settings & Privacy > Settings > Face Recognition, and select 'No' to disable face recognition processing. This prevents Meta from using your facial geometry to identify you in photos uploaded by others.", 'deadline_days': None, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': "The FTC has authority over Meta's biometric data processing practices as potential unfair or deceptive acts under FTC Act Section 5, and has included biometric data in its commercial surveillance enforcement priorities.", 'complaint_url': 'https://reportfraud.ftc.gov/'}, {'agency': 'State_AG', 'reason': "Illinois AG and AG offices in Texas and Washington enforce state biometric privacy laws (BIPA, CUBI) that apply to Meta's face recognition processing of state residents.", 'complaint_url': 'https://www.naag.org/find-my-ag/'}

What is the severity of this clause?

ConductAtlas classifies this Face Recognition and Biometric Data Processing clause as high severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Face Recognition and Biometric Data Processing — Meta

Share 𝕏 Share in Share 🔒 PDF

Watch Meta Get alerts when this provision or policy changes.

Watch — $9.99/mo

What it is

Meta uses face recognition technology to identify you in photos and videos posted by others, but only if you have turned this feature on — it claims this requires your permission.

Why it matters (compliance & risk perspective)

Biometric data like face recognition identifiers is among the most sensitive personal data under multiple legal frameworks, and any breach, misuse, or unauthorized processing creates severe and potentially irreversible privacy harms.

Consumer impact (what this means for users)

If you have face recognition enabled on Facebook, Meta processes your biometric facial geometry — a uniquely sensitive data type — to identify your face in photos and videos uploaded by other users, creating enforcement exposure under Illinois BIPA and GDPR Art. 9.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Opt Out of Arbitration

Open Facebook, go to Settings & Privacy > Settings > Face Recognition, and select 'No' to disable face recognition processing. This prevents Meta from using your facial geometry to identify you in photos uploaded by others.

How other platforms handle this

Waze Medium

The Service is intended for use by users who are of the legal age required to hold a driving license. In any case, to use our Service you must be 16 years of age or older. If you are under 16, you may not download or use the Service.

TaskRabbit Medium

We rely on our legitimate interests or those of a third party where they are not outweighed by your interests and fundamental rights, to process the following information: Contact Information, Identity Information, User-Generated Content Information, Booking Information, Job Applicant Information – ...

Visa Medium

We use cookies and similar technologies on our websites and in our services to collect information about your online activities, including the pages you visit, links you click, and other actions you take. This information is used to personalize your experience, analyze usage, and deliver relevant ad...

See all platforms with this clause type →

This clause could change without notice.

Get alerted when Meta updates this policy — with plain-language summaries and severity ratings.

Watch Meta Need compliance memos? Professional →

View original clause language

Face recognition technology: If you have it turned on, we use face recognition technology to recognize you in photos, videos and camera experiences. We use this technology to suggest that your friends tag you in photos or videos and to give you control of photos and videos where you've been recognized. We also use it for safety purposes, such as helping people identify photos of themselves that others post on our Products. We use this technology only when we have your permission to do so.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: Biometric data processing implicates GDPR Art. 9(1) (biometric data as a special category requiring explicit consent under Art. 9(2)(a)), enforced by EU/EEA DPAs. The Illinois Biometric Information Privacy Act (BIPA, 740 ILCS 14/) requires written informed consent, a publicly available retention schedule, and prohibits sale of biometric data — violations carry statutory damages of $1,000-$5,000 per violation. Texas CUBI (Tex. Bus. & Com. Code §503.001) and Washington My Health MY Data Act create parallel state-level exposure. CCPA/CPRA includes biometric data in the definition of sensitive personal information.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

FTC

The FTC has authority over Meta's biometric data processing practices as potential unfair or deceptive acts under FTC Act Section 5, and has included biometric data in its commercial surveillance enforcement priorities.
File a complaint →
State AG

Illinois AG and AG offices in Texas and Washington enforce state biometric privacy laws (BIPA, CUBI) that apply to Meta's face recognition processing of state residents.
File a complaint →