Facebook will change privacy protection for its users outside North America, after the Office of the Data Protection Commissioner (DPC) in Ireland found that Facebook's privacy policies lacked transparency.
The Office of the Data Protection Commissioner, Ireland on 21 December 2011 published the outcome
of its audit of Facebook Ireland (FB-I) which was conducted over the last three months including on-site in Facebook Ireland's Headquarters in Dublin. The Report is an assessment of Facebook Ireland's compliance with Irish Data Protection law and by extension EU law in this area.
Facebook's Ireland office handles all of its users outside of the United States and Canada. The group operates the world's largest social networking website with 800 million users.
The report records significant recommendations and commitments from Facebook Ireland in relation to:
- a mechanism for users to convey an informed choice for how their information is used and shared on the site including in relation to Third Party Apps
- transparency and control for users via the provision of all personal data held to them on request and as part of their everyday interaction with the site
- the deletion of information held on users and non-users via what are known as social plugins and more generally the deletion of data held from user interactions with the site much sooner than presently
- increased transparency and controls for the use of personal data for advertising purposes
- an additional form of notification for users in relation to facial recognition/"tag suggest" that is considered will ensure Facebook Ireland is meeting best practice in this area from an Irish law perspective
- an enhanced ability for users to control tagging and posting on other user profiles
- an enhanced ability for users to control whether their addition to Groups by friends
- the Compliance management/Governance function in Dublin which will be further improved and enhanced to ensure that the introduction of new products or new uses of user data take full account of Irish data protection law.
Facebook said making the changes would require a lot of work.
"The DPC's review of our existing operations highlighted several opportunities to strengthen our existing practices," said Richard Allan, the director of public policy at Facebook EMEA.
The Irish Data Protection Commissioner, Billy Hawkes said, "This was a challenging engagement both for my Office and for Facebook Ireland. The audit has found a positive approach and commitment on the part of FB-I to respecting the privacy rights of its users. Arising from the audit, FB-I has agreed to a wide range of "best practice" improvements to be implemented over the next 6 months, with a formal review of progress to take place in July of next year."
Facebook Ireland's delivery on its commitments will be evaluated throughout the first six months of 2012 and as part of an agreed formal review in July of next year that will take the form of a follow-up Audit.