Ireland Issues Facebook Privacy Recommendations

The Irish data protection commissioner has issued a series of recommendations that Facebook must implement in order protect users’ privacy and give them greater control over how their data is used.

Facebook has been given six months to implement the changes and the commissioner will carry out a formal review of the social network’s progress in July.

Cast No Shadow Profiles

The commission said that Facebook must introduce a mechanism that allows users to make informed choices about how their data is used, including in third party applications, and that there should be greater transparency and greater controls for how personal data is used for advertising.

Additionally, Facebook must be more open to requests from users to provide them with all of the personal data that it has collected on them and that users should be given the chance to disable features such as facial recognition tag suggestions.

The review was partly the result of a routine assessment by the commission but also partly the result of complaints about privacy from users, most notably Austrian law student Max Schrems, who filed 22 separate complaints to the Irish data protection commissioner earlier this year.

Schrems asked Facebook for a copy of his data in June and received a CD which featured 1,200 different items of personal data, including some which he had believed he had deleted. Facebook had also been accused of creating “shadow profiles” of non-users, allegations which Facebook has denied. The audit found no evidence that Facebook practised this.

“People have put two and two together and made 12,” said Richard Allen, director of public policy for Facebook in Europe. “They think that we have all this data so therefore we must be creating profiles out of it. The audit found we were not doing that kind of shadow profiling,”

As part of the reforms, Facebook users will be able to download an information tool or look at an activity log, rather than have to ask for a CD.

Changing tune

Facebook has over half a billion users, but many have privacy concerns about the social network with regards to how it uses users’ data, with Mark CEO Mark Zuckerberg suggesting that people no longer have an expectation of privacy due to the advent of social networking.

However it appears as though Facebook has changed its tune and that the Irish authorities are satisfied with its progress.

“This was a challenging engagement both for my office and for Facebook Ireland,” said commissioner Billy Hawkes. “The audit has found a positive approach and commitment on the part of FB-I [Facebook Ireland] to respecting the privacy rights of its users.”

“We are pleased that the report demonstrates how Facebook adheres to European data protection principles and complies with Irish law,” commented Facebook. “Of course, the report highlights some areas where we can improve and reach best practice.”