The Irish data protection commissioner has recommended widespread changes to improve personal data privacy on Facebook.They include making its terms and conditions clearer and offering users greater control over how their data is used on the site.
The findings are particularly significant because Facebook Ireland was given responsibility for all non-US and Canadian data in September 2010.
Facebook has six months to implement the changes.
Commissioner Billy Hawkes will conduct a formal review of its progress in July.
Commenting on the report, he said: “This was a challenging engagement both for my office and for Facebook Ireland. The audit has found a positive approach and commitment on the part of FB-I [Facebook Ireland] to respecting the privacy rights of its users.”
The review was conducted partly in response to complaints about Facebook’s data and partly as routine assessment of firm conducted by the commission.
The report suggested widespread changes, including:
- a mechanism for users to make informed choices about how their information is used and shared on the site, including in relation to third party apps
- increased transparency and controls over how personal data is used for advertising purposes
- transparency and control for users via the provision of all personal data held to them on request and as part of their everyday interaction with the site
- the deletion of information held on users and non-users via what are known as social plug-ins, and more generally the deletion of data held from user interactions with the site much sooner than at present
- an additional form of notification for users in relation to facial recognition/”tag suggest” that, it is considered, will ensure Facebook Ireland is meeting best practice in this area from an Irish law perspective
- an enhanced ability for users to control tagging and posting on other user profiles
- an enhanced ability for users to control their addition to groups by friends
One of the first changes users will notice in the new year will be prominent notices informing them about the facial recognition tag which suggests names for labelling photos. Users will be offered the chance to disable it.
It’s not that long ago that Facebook felt able to ignore complaints about the way it handled users’ data, confident that everyone would eventually fall in line with Mark Zuckerberg’s exhortation to share more. That has all changed.
Under growing attack from privacy campaigners, governments and regulators, the social network is now doing its best to sound more sensitive to their concerns.
The idea that internet firms could ignore local regulators by simply moving elsewhere now looks out of date. If the likes of Facebook and Google want to operate globally, they are finding that they have to respond to local concerns.
But further clashes loom. Facebook’s business depends on advertisers who want to know more about the likes and dislikes of its users. Balancing their demands for more data with the privacy concerns of 800 million people will be a difficult line to tread.