How an Irish audit of Facebook will bring greater privacy controls for global users

Within six months Facebook users should have access to greater controls over their personal data and be provide with more information about how their data is being used, according to recommendations by Ireland’s Data Protection Commissioner which will affect users of the site across the world.

Download the report (3.25MB | PDF)

As Facebook’s EMEA offices are based in Ireland the outcomes of a three month investigation by the Commissioner’s Office means users across the world, with the exception of those in the USA and Canada, should see changes to their privacy controls over the coming months.

Deputy Commissioner, Gary Davis explains, “It is important to recognise that Facebook Ireland, as recently as September 2010, was designated responsibility for all users outside of the USA and Canada.  It perhaps should not come as a surprise therefore that there should be room for improvement in how Facebook Ireland handles the personal information of users.”

Results
According to the report Facebook will be required to review “significant recommendations and commitments,” these are;

• The creation of a system to allow users to control how their data is shared with third party apps.
• Greater access to personal information, including “everyday interaction with the site” on request.
• Faster removal of users’ personal data after they have deleted it from their account.
• More information about the data advertisers have access to on individuals.
  • Greater control of how this information is used.
• Additional notifications for users when facial recognition and “tag suggest” features are used.
• Better controls over how posts and tags are managed on users’ walls.
• Better controls over how they are added to Facebook Groups.
• Updates to the company’s Data Use and Privacy Policies so they can be better understood by users.

In addition, the Office recommends that Facebook Ireland improve its Compliance Management to ensure new features’ privacy controls are in-line with Irish Data Protection law.  Although the Office says that there is no suggestion that Facebook is in breach of Irish or European privacy/data protection laws.

According to the audit process Facebook and the Data Protection Commissioner’s Office will meet again in July 2012 to review how these recommendations have been actioned.  The Office confirmed to us today that several of the report’s recommendations have already been implemented and work on others has begun.  The Office also commended Facebook’s positive approach to user privacy and the investigation.

The audit, which was conducted over the past three months, saw members of Ireland’s Office of the Data Protection Commissioner working on-site in Facebook’s Dublin Headquarters and was the largest investigation undertaken by the Commissioner’s office.  The Office describes the investigation “a comprehensive assessment of Facebook Ireland’s compliance with Irish Data Protection law and by extension EU law in this area.”

The results of the Irish investigation come a month after the Federal Trade Commission (FTC) in the US released the results of their own investigation.  In a settlement between the FTC and Facebook the social network will be subject to an independent audit of its compliance with FTC rules every two years for the next 20 years and must receive user permission when changing privacy settings.