IRELAND’S DATA PROTECTION Commissioner has said he is satisfied that Facebook Ireland is complying with its data protection responsibilities following a second audit of the Irish office of the social media giant.
Billy Hawkes said the review demonstrated FB-I’s “clear and ongoing commitment” to implementing the recommendation’s of the initial audit of 2011.
He said he was “particularly encouraged” that the company has decided to turn off its tag suggest/facial recognition feature for new users within the European Union. Existing users will have the feature deleted by 15 October, pending agreement on the most appropriate means of collecting user consent.
This move sends a “clear signal” of commitment, according to Hawkes.
The review found that the vast majority of the recommendations made by the Office of the Data Protection Commissioner had been fully implemented by mid-July this year. They included the provision of better transparency for the user on how their data is handled and increased user-control over settings.
Recommendations for best practice in the implementation of clear retention periods for the deletion of personal data were also found to be followed satisfactorily.
Deputy Commissioner Gary Davis, who led the initial audit and the subsequent review, said there are still a number of items on which progress has not been as “fully forward” as hoped.
He said a deadline of four weeks has been set for FB-I to deliver a satisfactory conclusion on matters, including new user education, deletion of social plug-in impression data for EU users, fully verified account deletion beyond all doubt and minimising potential for ad targeting based on words and terms that could be considered to be sensitive personal data.
The office said that FB-I cooperated with the process but still “vigorously defended its point of view”, particularly when recommendations “challenged the general philosophy of the company”.
This was true, for example, in relation to the company’s insistence on maintaining its requirement that users use their real names on the network.
Hawkes said the review is “no more than an assessment at a point in time” and new developments in advertising and services will continue to “throw up challenges” for both FB-I and the Data Protection Commission.
He said ongoing engagement will be necessary as it continues to bring forward new innovations.
Such discussion is also necessary in relation to new issues that arose in the course of the review – for example, the balance to be struck between FB-I’s duty to protect young users from sexual predators, through monitoring certain user behaviour and reporting reasonable suspicions to relevant authorities, and the need to ensure that such monitoring and reporting is proportionate to the danger of serious consequences for young victims.
Hawkes noted that the review and audit did not involve formal decisions by his office on complaints it has received in relation to FB-I. However, some of them will have been dealt with through the implementation of certain recommendations.
Download: the full review>