2011/12/22

Facebook told to clarify privacy policy to users

DUBLIN, December 21, 2011 (AFP) - Facebook has to explain better what happens to users' personal data and give them more control, the data commissioner in Ireland, home to the website's international headquarters, said Wednesday.

Facebook must work towards "simpler explanations of its privacy policies (and) ... easier accessibility and prominence of these policies," the Irish Data Protection Commissioner (DPC) said after a three-month audit.

It called on the US-based firm behind the social networking website, which has some 800 million users worldwide, to provide "an enhanced ability for users to make their own informed choices based on the available information."

The DPC report, available at www.dataprotection.ie/docs/Home/4.htm, also said that Facebook must provide within 40 days all information it holds on a particular user or non-user if requested to do so.

It also said that information to users on what happens to deleted or removed content, such as friend requests received, "pokes", removed groups and tags, and deleted posts and messages "should be improved".

"Users should be provided with an ability to delete friend requests, pokes, tags, posts and messages and be able to, in so far as is reasonably possible, delete on a per item basis," it said.

The DPC conducted the enquiry, aimed at determining whether Facebook complied with Irish and by extension European Union law, because Facebook Ireland is the entity with which non-US and non-Canadian users have a contract, the DPC said.

It followed a string of complaints by an Austrian student called Max Schrems who rose to prominence with his "Europe-versus-Facebook" pressure group, the Norwegian Consumer Council and other individuals.

Schrems, 24, had launched his campaign after being shocked to receive from Facebook, in response to a demand for all the data it held on him, 1,222 pages of information, he told AFP earlier this year.

This included photos, messages and postings on his Facebook page dating back years, some of which he thought he had deleted, the times he had clicked "like" on an item, "pokes" of fellow users, and reams of other information.

"At first sight the report seems to be a first victory over Facebook's ignorance towards privacy laws," Europe-versus-Facebook said on its website www.europe-v-facebook.org/EN/en.html.

Facebook said in response that the DPC had "highlighted several opportunities to strengthen our existing practices".

"Facebook has committed to either implement, or to consider, other 'best practice' improvements recommended by the DPC, even in situations where our practices already comply with legal requirements," it said in a statement available at www.facebook.com/facebookpublicpolicyeurope.

DPC deputy commissioner Gary Davis said that because Facebook Ireland was only given responsibility for international users in September 2010, it "should not come as a surprise... that there should be room for improvement."

"Facebook is constantly evolving and adapting in response to user needs and technical developments. Like any successful technology platform, the service needs to innovate by introducing new products and features in order to adapt to changing circumstances," the DPC said.

"Indeed the almost Darwinian nature of the site means that there will constantly be an absolute need to have in place robust mechanisms to keep pace with the innovation that is the source of the site's success."

The DPC said a formal review of progress would take place next July.