Ireland tells Facebook to clean up privacy act


The Irish Data Protection Commissioner (DPC) has made a number of recommendations to Facebook over privacy on the site.

After carrying out an audit, the commissioner identified a number of areas where Facebook could improve, including how it promotes its privacy tools and its use of facial recognition software.

In July next year, a review of progress will take place to check if Facebook has responded to the requests.

If Facebook takes all recommendations on board, it's very unlikely that the complainants will still be unhappy.

The announcement has implications outside of Ireland, as Facebook Ireland has responsibility for all users outside of the US and Canada. Furthermore, the audit looked into whether Facebook had breached EU data protection law, not just Irish legislation.

"Facebook has committed to either implement, or to consider, other "best practice" improvements recommended by the DPC, even in situations where our practices already comply with legal requirements," said Richard Allan, director of public policy at Facebook in EMEA, in a blog post.

"We work on a daily basis with regulators around the world, and we appreciate the investment of time and effort by the DPC and its leadership to improve the experience of Facebook users."

The DPC has asked Facebook to make its explanations of privacy policies clearer for users and to make privacy a more prominent section of registration for new users. It also wants to see greater transparency about what Facebook does with personal data.

Amongst other recommendations, the commissioner also asked the social network to make it clear to users how the facial recognition software is used in the Tag Suggest feature, and have an option to switch the technology off. Facebook has agreed to make changes in this area.

The DPC also called for "a mechanism for users to convey an informed choice for how their information is used and shared on the site including in relation to third party apps."

Facebook has not made a commitment to ensure account data is fully deleted when that account is deactivated.

The audit was announced in January after the commissioner received complaints about Facebook's privacy behaviour.

"If at the end of the process, people who have complained are not happy then we will look at whether Facebook has broken data protection law," said commissioner Billy Hawkes, during a conference call today.

"If Facebook takes all recommendations on board, it's very unlikely that the complainants will still be unhappy."

Facebook has faced much scrutiny in recent times over its privacy practices. A recent flaw let users highlight a photo as inappropriate and then choose to include and view additional photos in the report, some of which could have been private.

It led to people taking a number of Facebook founder Mark Zuckerburg's private photos and placing them online.

Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.