According to Google, my face closely resembles an oil painting from 1628 entitled Rembrandt Laughing. Prior to downloading Google’s Arts and Culture app — you know the one everybody used this January to find out which fine-art piece most looked like their selfie — I had never once looked in a mirror and thought, Ah, yes, you look very much like a middle-aged, Dutchman, but if the Google computer says so, it must be true.
The question is, though: Now that I’ve had my transformative experience and learned of my resemblance to Rembrandt (which I choose to take as a compliment), what’s Google doing with that selfie I took in the app? Is it keeping it forever? Using it to train facial-recognition software?
Before I got back my results from the app, I had to accept Google’s terms of service. As far as TOSes go, it seemed pretty straightforward: “When you take a photo with this feature, your photo is sent to Google to find artworks that look like you. Google won’t use data from your phone for any other purpose and will only store your photo for the time is takes to search matches.”
Great, so Google promises it isn’t building some crazy biometric database of the faces of people who just wanted to find out if they look more like a Picasso or a Klimt. Still, the app — which was only available in the United States, likely because the U.S. doesn’t have the world’s strictest internet privacy laws — wasn’t available to users in Illinois, where it was prohibited under the state’s biometric privacy laws. If it wasn’t safe enough for the fine folks of Illinois, shouldn’t we here in New York … and every other state in the union, be worried, too?
“The cause of concern here would be the potential for this data to be uploaded to centralized servers in the brief time a photo is in Google’s possession and all the potential downsides that come along with it, such as these servers acting as easy targets for hackers,” says Deepak Dutt, CEO of Zighra, an AI fraud-detection platform. Google says it holds on to your selfie only as long as it takes to make the match, and as far as security goes in that brief moment, Google is a pretty good bet. “I have no reason to doubt that Google takes the security of the facial biometric data collected by the Arts and Culture app very seriously, and that all selfies are in fact deleted as claimed,” says Travis Jarae, CEO of OWI, a strategy and research company that focuses on privacy.
But just because Google is taking good care of your photo doesn’t mean that there isn’t an ulterior motive to its self-harvesting: “While the primary goal of the facial-recognition feature is to drive users toward Google’s Arts and Culture app,” Jarae says, “Google is most likely using the selfies to further train their AI facial-recognition models, and gather valuable user metrics,” — and, as he points out, Google wouldn’t need to hold on to our selfies, or biometric data, to continue training its models.
So if you’re wary about your selfie being kept by Google forever, you can probably rest easy. And if you don’t want your face being used to help train Google AI, maybe don’t snap a selfie.
But the fact is, you’re probably too late. “Consumers who already use Google Photos or social-media networks like Facebook and Instagram make their photos available online, so anyone can find your image and use it for the same purpose,” Dutt says. As Jarae puts it, “The only way to be sure your data is secure is to simply not surrender it in the first place.”
Have a question or a theory about your favorite social-media site or smartphone app you’d like us to look into? Email firstname.lastname@example.org.