When you are identified in a picture on Facebook, biometric software remembers your face so it can be "tagged" in other photographs.

Facebook says this enhances the user experience. But privacy advocates say the company's technology — which regulators in Europe and Canada have ordered shut off — should be used only with explicit permission.

As commercial use of facial recognition technology grows to replace password logins, find people in ­photos and someday even customize displays for shoppers as they browse in stores, it's raised privacy questions. That's one reason the U.S. government is participating in a working group to develop rules for companies using facial recognition — even if those are voluntary.

"Face recognition data can be collected without a person's knowledge," said Jennifer Lynch, an attorney for the Electronic Frontier Foundation, a San Francisco-based privacy rights group. "It's very rare for a fingerprint to be collected without your knowledge."

Privacy groups such as Lynch's last month cited the business community's opposition to requiring prior consent as the reason they walked out on the government meetings. Those talks continued Tuesday.

Facebook defends its use of facial-recognition technology, a form of biometrics. It works by assigning numbers to physical characteristics such as distance between eyes, nose and ears to come up with a unique faceprint that can be used to identify someone when they've already been identified through tagging.

The technology powers a photo feature called "tag suggestions" that is automatically turned on when users sign up for a Facebook account. The suggestions are made only to a user's friends.

Users can opt out, Facebook said. But that requires a settings change.

"Facebook isn't getting permission," said Alvaro Bedoya, executive director of Georgetown University's Center on Privacy & Technology, who walked out on the U.S. meetings. "Facial recognition is one of those categories of data where a very prominent and a very clear consent is necessary."