Report of Data Protection Audit of Facebook
The Office of the Data Protection Commissioner, Ireland today 21 December 2011 published the outcome of its audit of Facebook Ireland(FB-I) which was conducted over the last three months including on-site in Facebook Ireland's Headquarters in Dublin. The Report is a comprehensive assessment of Facebook
The Irish Data Protection Commissioner, Billy Hawkes said, "This was a challenging engagement both for my Office and for Facebook
Deputy Commissioner, Gary Davis who led the conduct of the Audit stated that "this Audit was the most comprehensive and detailed ever undertaken by our Office. We set ourselves a very ambitious target for completion and publication as both this Office and Facebook, felt it was important that the outcome be published and opened to public comment and scrutiny."
He added, "It is important to recognise that Facebook Ireland, as recently as September 2010, was designated responsibility for all users outside of the
Facebook is constantly evolving and adapting in response to user needs and technical developments. Like any successful technology platform, the service needs to innovate by introducing new products and features in order to adapt to changing circumstances. Indeed the almost Darwinian nature of the site means that there will constantly be an absolute need to have in place robust mechanisms to keep pace with the innovation that is the source of the site's success.
Therefore this Report is not the conclusion of our engagement with Facebook
The Report records significant recommendations and commitments from Facebook
? a mechanism for users to convey an informed choice for how their information is used and shared on the site including in relation to Third Party Apps
? transparency and control for users via the provision of all personal data held to them on request and as part of their everyday interaction with the site
? the deletion of information held on users and non-users via what are known as social plugins and more generally the deletion of data held from user interactions with the site much sooner than presently
? increased transparency and controls for the use of personal data for advertising purposes
? an additional form of notification for users in relation to facial recognition/"tag suggest" that is considered will ensure Facebook Ireland is meeting best practice in this area from an Irish law perspective
? an enhanced ability for users to control tagging and posting on other user profiles
? an enhanced ability for users to control whether their addition to Groups by friends
? the Compliance management/Governance function in Dublin which will be further improved and enhanced to ensure that the introduction of new products or new uses of user data take full account of Irish data protection law.
For more information, please contact:
Ciara O'Sullivan, Office of the Data Protection Commissioner at +353 (0)57 868 4800
» Permanent Link