Spin doctors: Facebook approves of audit findings

The Irish Office of the Data Protection Commissioner's audit of Facebook was not as flattering as the social network would like you to believe. 


Kevin Collier


Published Dec 22, 2011   Updated Jun 2, 2021, 11:32 pm CDT

In an unconventional move, Facebook blogged an announcement yesterday, claiming that “in the interests of transparency” the social network’s recent audit by the Irish Office of the Data Protection Commissioner (DPC) should be made public.

Featured Video Hide

The tone of the post was official, self-congratulatory, and made little reference to the report’s criticism of the company.

Advertisement Hide

“We are pleased that following three months of rigorous examination, the DPC report demonstrates how Facebook adheres to European data protection principles and complies with Irish law,” stated the blog, which did not link to, or really reference, the actual, 150-page DPC report.

However, the report states that Facebook must make 45 privacy-related changes to comply. Facebook’s international headquarters are located in Ireland, so the DPC sets the standard for the company’s policies outside the U.S. and Canada.

The blog post goes on to state, “We’re particularly pleased that the report highlighted a number of Facebook’s strengths or best practices,” before listing eight areas where the DPC found Facebook’s current policy is sufficient.

For instance, under the headline “User control,” the blog says the DPC report “found that Facebook already offers people effective controls to delete their personal data,” and instead of mentioning the DPC’s criticisms, says the commission “proposes several enhancements.”

The full report, though, is much more explicit about areas where Facebook does not yet—but should—allow users to delete their data. These include “friend requests, pokes, tags, posts and messages … on a per item basis.” The report also states that users should be remove “[p]ersonal data … when the purpose for which it was collected has ceased,” and “user accounts and data upon request within 40 days of receipt of the request.”

Advertisement Hide

Photo by opensourceway

Share this article
*First Published: Dec 22, 2011, 3:35 pm CST