Facebook has rejected claims that its facial recognition technology violates German and EU privacy laws.
Hamburg's data protection authority (DPA) warned (PDF, in German) the dominant social network, which quietly rolled the software into European versions of Facebook earlier this year, that it could be fined if the company failed to delete the "biometric data" it harvests from the tech.
Dr Johannes Caspar, who is Hamburg's data protection commissioner, asked Facebook to "respond quickly" to the regulator's demands.
He said the DPA had "repeatedly" asked Facebook to shut down the facial recognition function.
Facebook's spokeswoman in Germany, Tina Kulow, gave The Register this statement:
"We will consider the points the Hamburg Data Protection Authority have made about the photo tag suggest feature but firmly reject any claim that we are not meeting our obligations under European Union data protection law," she said.
"We have also found that people like the convenience of our photo tag suggest feature which makes it easier and safer for them to manage their online identities."
The tech itself is switched on by default within the closed-off network, which means users have to update their privacy settings within the site to "opt out" of the function. The facial recognition software debuted in the US late last year when Facebook at least had the courtesy to pen a blog post about the feature.
But it failed to do the same thing when the software was folded into the website on this side of the Atlantic in June.
Instead it posted a short retrograde update here, only after Europeans began to protest against its unannounced arrival.
The likes of the UK's Information Commissioner said at the time that it was "looking into" the stealth bolt-on of the facial recognition tech into Facebook.
"The privacy issues that this new software might raise are obvious and users should be given as much information as possible to give them the opportunity to make an informed choice about whether they wish to use it," it told us in June.
"We are speaking to Facebook about the privacy implications of this technology," it added.
But, in contrast to Hamburg's DPA, the ICO won't be getting tough with Facebook.
"We have received few if any complaints about this issue so far, however if anyone has any concerns then they can make a complaint to us and we will look into their case further," a spokesman at the watchdog told El Reg earlier this week.
Germany's actions against Facebook, meanwhile, echo its earlier complaints about Google's data slurp via its Street View cars, which led to the world's biggest ad broker reversing its vehicles out of the country. ®