The Office of the Data Protection Commissioner (ODPC) has recently published the results of their review of Facebook’s implementation of its “best practice” recommendations following their initial audit of Facebook in December 2011.

The ODPC found that the majority of recommendations made in its initial audit had been fully implemented. Some examples of changes made by Facebook included making it easier for users to delete data and producing clearer guidelines relating to Facebook’s requirement to delete personal data.

Facebook also received praise for going beyond the ODPC’s initial recommendations in relation to tag suggest/facial recognition. This feature scanned photographs uploaded by users and automatically tagged recognised faces. For European users the tag suggest/facial recognition feature was suspended and any existing user templates deleted.

The ODPC also found, however, that a number of its recommendations have not yet been fully implemented by Facebook. It set a deadline of four weeks from 21 September 2012 for these outstanding matters to be concluded satisfactorily. These included better education for existing users and limiting advertising that targeted words and terms that could be viewed as sensitive personal data.

The ODPC has also indicated its willingness to continue to engage with Facebook on data protection issues arising from new technological developments in the future. As the influx of technology companies establishing their European headquarters in Ireland continues, the continued interaction between Facebook and other technology companies and the ODPC will no doubt be closely monitored.

Contributed by John Magee & John Farrell.

Back to Legal News