Facebook has been found to be compliant with European data protection principles, but will face formal regulation again in the middle of next year.
Following an audit of the social network by the Irish Data Protection Commissioner (DPC), necessary as Facebook's international headquarters are located in Ireland, Facebook has been approved as adhering to European data protection principles and compliant with Irish law.
Facebook's 'real name policy' was also commended as a valid and justified reason for refusing to allow pseudonyms, while analysis of its use of social plug-ins determined that no information collected is associated with users or non-users or is used in any way to build a profile of the user or non-user. The DPC also recognised the effectiveness of Facebook's efforts to respond to subject access requests made by users.
However, Facebook has agreed with the DPC on a process for offering more comprehensive access through the 'Download Your Info' tool, Timeline and Activity Log (part of the new Timeline feature).
Among recommendations for Facebook's privacy policies and practices were for it to: offer additional notifications to European users about Facebook's photo Tag Suggest feature so that they can decide whether or not to use this feature to help people tag them in photos; change a number of policies related to retention and deletion of data including how data is logged when people access websites with social plugins to minimise the amount of information collected about people who are not logged in to Facebook; work with the DPC to improve the information that people using Facebook are given about how to control their information both on the site and when using applications.
Richard Allan, director of public policy at Facebook EMEA, said in a blog post that: “Facebook has committed to either implement, or to consider, other 'best practice' improvements recommended by the DPC, even in situations where our practices already comply with legal requirements.
“Meeting these commitments will require intense work over the next six months. We will be reviewing progress with the DPC and have agreed to a more formal follow-up review in July 2012.”