Data Protection Commissioner Finds Facebook Compliant, Makes Recommendations

Ireland’s Office of the Data Protection Commissioner has found Facebook Ireland to be compliant with Irish and European Union law, and has reached an agreement that gives users even more control over privacy in the next six months.

The commissioner completed a three-month audit of Facebook Ireland following a formal complaint suggesting the social network was creating “shadow profiles” of non-users. Because Facebook’s international headquarters are located in Ireland, the commission there oversees the company’s legal compliance for all users outside of the United States and Canada. The audit found “positive approach and commitment” by Facebook Ireland to respect users’ privacy, but made several recommendations that the social network has committed addressing before a follow-up audit in July 2012.

These recommendations include increased control over tagging features, an update to the data use policy, sooner deletion of user and non-user data and more transparency and control over how personal data is used in advertising on the site.

With regard to “shadow profiles,” the commission determined though Facebook receives some non-user data, it is not being used to build profiles of those people. The report also states that the social network is “now taking active steps to delete any such information very quickly after it is received.”

The findings of the report are overall positive for Facebook, which many people mistrust because of the massive amounts of data it collects and new features that force users to opt out rather than opt in. How the company addresses individual recommendations from the commissioner remains to be seen, but it appears to be willing to make concessions on certain features to give users more control and satisfy watchdog agencies. According to a press release from the commissioner, “Taking a leadership position that moves from compliance with the law to the achievement of best practice is for Facebook Ireland to decide but if it continues to display the commitment I witnessed throughout the audit process it is certainly achievable.”

Last month, Facebook settled charges with the U.S. Federal Trade Commission so that any sharing-related privacy changes will now be up to users to opt into. This was in response to an action Facebook made in 2009, which forced all users to make some information public, including name, profile photo and list of friends.

The full report from the Data Protection Commissioner is available here. The social network responded to the report in a note on its Public Policy Europe page.

Recommended articles