Ireland Gives Facebook’s International Privacy and Data Protection a Passing Grade
The Irish Data Protection Commission today concluded that Facebook has “a positive approach and commitment” to protecting the privacy of its international users, though it did get Facebook to agree to provide further notifications and improve its policies in a few areas.
You might be surprised that what Ireland has to say about regulating Facebook privacy is terribly important — but it actually is. Because Facebook’s international headquarters are in Dublin, this local commission oversees Facebook’s compliance in all regions other than the U.S. and Canada.
Facebook agreed to make changes in time for a follow-up Irish Data Protection Commission audit in July 2012. As presented in a Facebook Europe blog post, they include:
- Creating additional notifications explaining photo tagging using facial recognition (which has been a particularly contentious feature in Europe)
- Reducing data retention and logging for people who are not logged into Facebook (so-called “logged-out cookies” and alleged “shadow profiles” of non-members have been another reason for recent outcry)
- Telling users more about how to control when their information is given to Facebook platform applications
As compared to Facebook’s recent settlement with the American Federal Trade Commission, the Irish audit seems to be about more up-to-date privacy issues (much of the FTC stuff dated back to 2009). The FTC settlement is also a longer-term arrangement, with Facebook agreeing to 20 years of privacy audits. And Mark Zuckerberg didn’t give Ireland a formal apology, admitting to making “a bunch of mistakes.”
Please see the disclosure about Facebook in my ethics statement.