Skip the navigation

Despite audit, Facebook holds back personal data

Privacy activists say the company is revealing even less personal data than just a few months ago

By Jeremy Kirk
November 15, 2011 11:57 AM ET

IDG News Service - Facebook has reduced the amount of personal data it releases to users as required by European Union law despite an ongoing audit by Ireland's Data Protection Commissioner.

The agency is auditing Facebook to see if it complies with the country's Data Protection Acts of 1988 and 2003, which transpose the E.U.'s Data Protection Directive, known as 95/46/EC. The laws allow people to request to see their personal data held by a company.

Twenty-two complaints have been filed with the Irish agency by Europe v. Facebook, a group run by Max Schrems, a law student at the University of Vienna. The group contends Facebook is withholding personal data that it should disclose to users on request, in violation of the law.

Since those complaints were filed, the Irish agency has received 150 additional complaints about Facebook's response to data requests and 10 complaints over the company's approach to data protection, wrote Lisa McGann, a senior investigations officer, in an e-mail to IDG News Service on Tuesday.

Facebook may not be confident that it will escape the Irish audit without criticism.

Schrems said he has exchanged e-mails with Richard Allan, Facebook's director of European public policy. Allan has indicated that Facebook is looking into modifying its systems into providing a more in-depth batch of information if the agency finds fault in the company's current strategy, Schrems claimed. Facebook did not comment on Schrems' claim.

Schrems said in recent weeks Facebook is disclosing even less personal information than when he and others began asking the company to view the information it held on them months ago.

Facebook defended its actions, saying on Tuesday it is "fully compliant with E.U. data protection laws."

When just a few people were making requests to Facebook for their data, the company would send a CD with 57 categories of data, Schrems said in an interview on Tuesday. He said there are at least 19 more data categories, and maybe as many as 24 more that are unknown.

Due to the volume of requests since Europe v. Facebook began its campaign, Facebook is no longer sending CDs to people. Facebook said in a statement that the CD mailout "contains a level of detail that is less useful for the average user -- it is a much rawer collection of data."

Facebook has also in recent weeks changed its information pages for how people can obtain data it stores.

Users are now directed to a page where they can download their personal "archive," which according to Facebook is a copy of "all of the personal information you've shared on Facebook."

That tool was already available, Schrems said. Facebook has repurposed it, saying it can be used to see personal data in compliance with E.U. law, he said.

Reprinted with permission from Story copyright 2014 International Data Group. All rights reserved.
Our Commenting Policies