Despite audit, Facebook holds back personal data
Privacy activists say the company is revealing even less personal data than just a few months ago
IDG News Service - Facebook has reduced the amount of personal data it releases to users as required by European Union law despite an ongoing audit by Ireland's Data Protection Commissioner.
The agency is auditing Facebook to see if it complies with the country's Data Protection Acts of 1988 and 2003, which transpose the E.U.'s Data Protection Directive, known as 95/46/EC. The laws allow people to request to see their personal data held by a company.
Twenty-two complaints have been filed with the Irish agency by Europe v. Facebook, a group run by Max Schrems, a law student at the University of Vienna. The group contends Facebook is withholding personal data that it should disclose to users on request, in violation of the law.
Since those complaints were filed, the Irish agency has received 150 additional complaints about Facebook's response to data requests and 10 complaints over the company's approach to data protection, wrote Lisa McGann, a senior investigations officer, in an e-mail to IDG News Service on Tuesday.
Facebook may not be confident that it will escape the Irish audit without criticism.
Schrems said he has exchanged e-mails with Richard Allan, Facebook's director of European public policy. Allan has indicated that Facebook is looking into modifying its systems into providing a more in-depth batch of information if the agency finds fault in the company's current strategy, Schrems claimed. Facebook did not comment on Schrems' claim.
Schrems said in recent weeks Facebook is disclosing even less personal information than when he and others began asking the company to view the information it held on them months ago.
Facebook defended its actions, saying on Tuesday it is "fully compliant with E.U. data protection laws."
When just a few people were making requests to Facebook for their data, the company would send a CD with 57 categories of data, Schrems said in an interview on Tuesday. He said there are at least 19 more data categories, and maybe as many as 24 more that are unknown.
Due to the volume of requests since Europe v. Facebook began its campaign, Facebook is no longer sending CDs to people. Facebook said in a statement that the CD mailout "contains a level of detail that is less useful for the average user -- it is a much rawer collection of data."
Facebook has also in recent weeks changed its information pages for how people can obtain data it stores.
Users are now directed to a page where they can download their personal "archive," which according to Facebook is a copy of "all of the personal information you've shared on Facebook."
That tool was already available, Schrems said. Facebook has repurposed it, saying it can be used to see personal data in compliance with E.U. law, he said.
- How Network Connections Drive Web Application Performance Users around the globe, on all sorts of devices, expect Web applications to function as seamlessly as desktop applications. This paper discusses the...
- Big Data, Big Mess: Sound Risk Intelligence Through Complete Context This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Web Apps White Papers | Webcasts