The Irish Data Protection Commissioner has launched an inquiry into Facebook’s privacy practices, following complaints that the social network stores data that users have deleted, and builds ‘shadow profiles’ for people who do not use the site.
An Austrian law student called Max Schrems requested that Facebook provide all the data relating to him that it possessed, as is mandated by the EU’s Data Protection Directive. The data included chat logs, friend requests, ‘de-friendings’ and photos which Schrems had removed his tag from.
Schrems took his complaint to Ireland’s data protection watchdog as the company’s European headquarters is based there, and agreement between Facebook and its customer is therefore under Irish law.
Facebook could ultimately face a fine of €100,000, although this would only occur if Facebook were to refuse to cooperate the inquiry and then refuse to respond to a court order.
“The [Irish] commissioner doesn’t have the power to levy fines in the same way as the UK’s ICO,” a Irish DPC spokesperson told Information Age. “If we find a breach, we will tell them what we want them to do. If they don’t agree, the commissioner can issue a legal notice which can be appealed. If they ignore the legal notice, it can be considered an offence under the act.
“We expect to complete and publish the results of the audit [of Facebook] by year end. Facebook is cooperating fully with the audit and we would anticipate that it will implement any necessary changes to comply with any requirements identified.”
“We are cooperating fully with the Irish Data Protection Commissioner as part of this routine audit,” a Facebook spokesperson told Information Age. “We look forward to welcoming the DPA to our European Headquarters over the coming weeks so we can demonstrate our commitment to the appropriate handling of user data and reinforce our compliance with EU data protection laws.”
In an interview with the Guardian, Schrems said that Facebook was acting like “the KGB or the CIA”. “Information is power, and information about people is power over people. It’s frightening that all this data is being held by Facebook,” he said. “Of course, they are not misusing it at the moment, but the biggest concern is what happens when there is a privacy breach, either from hackers or from someone inside the firm?”