An audit of Facebook’s operations by the Office of the Data Protection Commissioner in Ireland will result in major changes to the way the social networking giant manages user data. 

The 143 page report, issued on Wednesday, calls on Facebook to give users more control over how their personal information is used and shared on the Facebook Web site and by third party applications, quicker deletion of information on users gleaned from interactions on the site and through plugins, and extra safeguards around the use of facial recognition. In a post on the Facebook Web site, the company’s Director of Public Policy for Europe said the company will make changes to its site for European users based on the report. Among other things, Facebook will provide clearer disclosure around features such as the facial recognition feature Tag Suggest, and alter policies related to retention and deletion of user data.

The new requirements come in response to complaints from users in Europe about Facebook’s wholesale harvesting and storage of their data. In at least one case, an Austrian man received 1,200 pages of data from the social networking giant, including information that he had long ago deleted from his profile

The three month audit of Facebook-Ireland, which is the company’s EU-based headquarters, was among the most comprehensive conducted by the Irish Office of the Data Protection commissioner, according to Deputy Commissioner Gary Davis, who led the audit. The Office analyzed the various means that Facebook used to notify users about their choices about sharing data, and then how that data is or may be used by Facebook and by third parties.
In all, the Office found Facebook was in compliance with EU data privacy laws, but asked for the company to make changes to stay in compliance with the spirit of Irish and EU data privacy laws. Among those changes are clearer opportunities for users to consent to share their profile pictures and names to third parties for advertising purposes. The company will face a follow up audit in July, 2012, to confirm that it is making progress in the areas identified in the report.

Categories: Cloud Security, Compliance, Data Breaches