In an unconventional move, Facebook blogged an announcement yesterday, claiming that “in the interests of transparency” the social network’s recent audit by the Irish Office of the Data Protection Commissioner (DPC) should be made public.
The tone of the post was official, self-congratulatory, and made little reference to the report’s criticism of the company.
“We are pleased that following three months of rigorous examination, the DPC report demonstrates how Facebook adheres to European data protection principles and complies with Irish law,” stated the blog, which did not link to, or really reference, the actual, 150-page DPC report.
However, the report states that Facebook must make 45 privacy-related changes to comply. Facebook’s international headquarters are located in Ireland, so the DPC sets the standard for the company’s policies outside the U.S. and Canada.
The blog post goes on to state, “We’re particularly pleased that the report highlighted a number of Facebook’s strengths or best practices,” before listing eight areas where the DPC found Facebook’s current policy is sufficient.
For instance, under the headline “User control,” the blog says the DPC report “found that Facebook already offers people effective controls to delete their personal data,” and instead of mentioning the DPC’s criticisms, says the commission “proposes several enhancements.”
The full report, though, is much more explicit about areas where Facebook does not yet—but should—allow users to delete their data. These include “friend requests, pokes, tags, posts and messages … on a per item basis.” The report also states that users should be remove “[p]ersonal data … when the purpose for which it was collected has ceased,” and “user accounts and data upon request within 40 days of receipt of the request.”
Photo by opensourceway