We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Paul Sakuma/AP

Facebook agrees to major privacy changes following DPC audit

The world’s largest social network will make significant changes to its privacy settings for worldwide users after an Irish audit.

FACEBOOK HAS AGREED to make significant changes to the privacy settings for the majority of its 750 million users, following an audit by Ireland’s Data Protection Commissioner.

The changes will include an opt-out for EU users for the site’s ‘auto-tagging’ feature, and a commitment from Facebook to offer users clearer guidance on exactly what data they are giving the site by signing up to use it.

These changes are to be rolled out in the first three months of 2012, and will be under constant review thereafter.

The new privacy regime will apply to the accounts of all users whose services are provided by Facebook Ireland Ltd – which is the official service provider for all Facebook users outside the US and Canada.

A Facebook spokesman said, however, that many of the changes brought about by the audit would be adopted on a worldwide basis.

Facebook will also clarify its data user policy to ensure greater transparency, and will take steps to limit the data it collects from ‘social plugins’ such as the site’s trademark ‘Like’ button – agreeing to delete most data almost immediately after it is collected.

It also says it will reduce the amount of time that it retains ‘deleted’ data such as friend requests and photo tagging.

Data Protection Commissioner Billy Hawkes said the audit had laid “challenging recommendations” for Facebook to pursue, and that it was unlikely Facebook would be in breach of any data protection law if those recommendations were fully adopted.

The audit had been prompted after the DPC received over a dozen complaints from an Austrian group of Facebook users,, who had raised concerns that Facebook was able to build ‘shadow profiles’ of them even if they were not members of the site.

Social plugins

This was because visitors to sites containing social features such as the ‘Like” button were actually sending some of their personal data like their IP address to Facebook, potentially allowing the site to build a larger picture of a user’s browsing habits even if they are not members of the site.

Facebook has affirmed that it does not use this data for the purposes of targeted advertising, and has agreed to retain any data accrued from users for a maximum of two years in line with legal requirements.

From the first week of next year, EU-based users will also be shown a prominent notice allowing them to opt out of the site’s “auto-tag” feature – ensuring that users cannot be automatically identified in other users’ photos, unless they actively consent to be identified in this way.

The site has also confirmed it will require users to give their formal consent before their profile photos and names can be supplied to third parties for advertising purposes.

The DPC will carry out a second audit in July to ensure that Facebook has implemented any of its agreed changes, and said the audit would be the “beginning rather than the end” of its work with the social networking site.

Hawkes told a conference call that Facebook had “responded positively” to any requests his office had made, while his deputy Gary Davis complimented Facebook for its co-operation with the audit.

Facebook had offered immediate access to any data or code sought by the DPC, and had offered quick answers to any queries the DPC had made, Davis said.

Hawkes added that the purpose of the audit was not necessarily to examine whether Facebook was in breach of Irish or EU data protection law, but rather to offer guidance on how the site could pursue best practice for data management.

In full: The DPC’s full audit of Facebook’s privacy settings (PDF) >

Read: Irish data chiefs set to test if Facebook ‘Like’ button is illegal >

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Your Voice
Readers Comments
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.