The Inquirer-Home

Irish data protection authority rules on Facebook

Must make a dozen improvements
Wed Dec 21 2011, 16:41

THE IRISH Data Protection Authority (DPA) has finished its audit of the people catalogue Facebook and decided that it must make 12 changes to the way it does business.

Irish Data Protection Commissioner Billy Hawkes said that the firm must make the changes in the next 12 months, by which time Facebook should be well on its way to having a billion users that need the extra privacy protection.

It was a raft of apparent privacy problems that triggered the audit, and the Irish Commissioner was reacting to accusations that Facebook would not totally close down accounts and delete user information and was creating so-called "shadow profiles" on non members based on what it could learn from its members.

According to the audit, although Facebook did have data that could be used to build a shadow profile, "no actual use of this nature was made of such data", however there were other issues uncovered that need to be tackled in order for the firm to achieve privacy best practice.

"This was a challenging engagement both for my Office and for Facebook Ireland [FB-I]. The audit has found a positive approach and commitment on the part of FB-I to respecting the privacy rights of its users," said Hawkes as he presented the audit results.

"Arising from the audit, FB-I has agreed to a wide range of 'best practice' improvements to be implemented over the next [six] months, with a formal review of progress to take place in July of next year."

There are a number of recommendations from the DPA, and these include a broad update to the data use and privacy policy on Facebook. The audit found that privacy controls should also be improved, information held on users must be deleted more regularly, data used for advertising must be used more carefully, and users should be better advised when they are tagged in a photo.

Facebook responded to the findings in a blog post by Richard Allan, its European director of policy. The response is long and detailed and says that the firm works closely with regulators in this area and that the firm is pleased with this result.

"The people who use Facebook take privacy and data protection seriously and so do we. We work closely with privacy commissioners and regulators around the world to demonstrate our compliance with legal requirements and to improve our policies and practices," said Allan.

"The DPC report demonstrates how Facebook adheres to European data protection principles and complies with Irish law."

Allan said that the public audit report was important, though unusual, as this is the most transparent way for the firm to prove itself. "We're particularly pleased that the report highlighted a number of Facebook's strengths or best practices," he added. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Happy new year!

What tech are you most looking forward to in 2015