NEWS22 December 2011

Irish data commissioner reports on Facebook privacy audit

Europe Legal

IRELAND— Facebook has agreed a series of new measures to improve transparency and control around user data with the Irish Office of the Data Protection Commissioner (ODPC).

Facebook has committed to establishing mechanisms to allow users to convey an informed choice about how their information is used and shared, to update its data use and privacy policies, to delete information held on users and non-users that has been collected via social plugins, and to publish additional forms of notification about how certain features work, such as behavioural advertising and the facial recognition software used to tag photos.

ODPC’s audit and report stem from complaints made against Facebook in August by an advocacy group called ‘Europe versus Facebook’ and the Norwegian Consumer Council about the way Facebook collected and stored data even after users had seemingly deleted information from their profiles.

The audit ran for three months. The best-practice improvements Facebook has committed to – in full here – are expected to be implemented over the next six months, with a formal progress review scheduled for July.

ODPC described the publication of the report as “the first significant step on a road that can place [Facebook] at the forefront of the technology sector in meeting users’ legitimate privacy expectations”.

Facebook’s Irish headquarters is responsible for all users residing outside the US and Canada.

In November Facebook reached a settlement with the US Federal Trade Commission for failing to keep privacy promises made to users.