Facebook to delete all European facial recognition data
Facebook complied with most recommendations set by the Irish data protection authority
IDG News Service - Facebook will delete all facial recognition data it stores about its European users, going beyond recommendations of the Irish data protection authority, the agency said on Friday.
Facebook has complied with most, but not all, of the recommendations that the agency made last year, the Irish Data Protection Commissioner (DPC) said in a new audit report detailing its review of Facebook's policy changes since the first audit in December 2011.
With regard to a feature that uses facial recognition to suggest people to tag in users' photographs, Facebook has gone beyond the initial recommendations at the request of the Irish data authority to accommodate views of other data protection authorities in Europe, said deputy commissioner Gary Davis.
This feature has already been turned off for new users in the E.U. and templates for existing users will be deleted by Oct. 15, the DPC said. "This resets the clock for facial recognition in Europe," said Davis during a conference call discussing the findings. Facebook needed "a bit of convincing" to agree to delete the template, he said. "But in the end Facebook saw the benefit on moving on the issue," he said.
The news upended a decision announced Friday by the Hamburg Commissioner for Data Protection and Freedom of Information, Johannes Caspar. While earlier in the day he said that he would start proceedings against Facebook over the storage of facial recognition data, he subsequently said there was no longer an issue if Facebook deletes the data. "We are happy that the Irish Data Protection Commissioner could achieve this," Caspar said, adding that this is more than what he asked for.
A new audit showed that "most of the recommendations have been fully implemented to our full satisfaction," wrote Davis in the report.
There is better transparency for the user, better control over user settings and an enhanced ability for users to delete data and clear retention periods for deleted personal data, according to Davis. There are also improvements to users' rights to have ready access to their personal data and the capacity of Facebook to ensure rigorous assessment of compliance with Irish and E.U. data protection requirements, he said.
In some areas, however, full compliance has not yet been achieved but is planned by a deadline four weeks out, he wrote. Action is needed on user education, the deletion of data shared with third-party sites and fully verified account deletion, Davis added. Facebook still needs to be monitored going forward, especially since the social network is constantly adding features to its service, he said.
If Facebook does not comply with the demands within four weeks, the social network could face a fine of up to A!100,000 (US$130,000), said Davis. But he did not expect that regulatory proceedings were necessary since Facebook has been cooperative. "We are confident Facebook will comply," he said.
Facebook will not be monitored as intensely as it has been in the last couple of months, he said. The monitoring will "depend on the pace Facebook sets" with adding new features, he said.
The Irish data protection authority released a critical privacy audit of Facebook in December 2011 and the agency had more then a dozen recommendations for how Facebook could change its policies and improve its privacy protections. If Facebook complied with the recommendations, chances were small that the social network would be found to infringe on Irish privacy laws, the data protection commissioner said at the time.
Shortly after the audit, Facebook said it planned to change the way it retained data and revamp privacy controls to comply with the Irish recommendations. Last April Facebook added to its data download tool log-in and log out information, unconfirmed friendship requests and information about pokes, among other categories requested by the authority.
Facebook is required to provide users with personal data it holds about them on request under European Law. A recent check of the data stored by the social network revealed that Facebook does not disclose everything it stores upon a users' request and gave insight in the way it targets its users with advertising.
The Irish DPC said on Friday that as with the earlier audit report, the re-audit "does not involve formal decisions by the Office on the complaints it had received" about Facebook. But it could be expected that some issues have been dealt with and the DPC will address outstanding complaints separately.
"This audit is part of an ongoing process of oversight, and we are pleased that,A as the Data Protection Commissioner said, the latest announcement is confirmation that we are not only compliant with European data protection law but we have gone beyond some of their initial recommendations and are fully committed to best practice in data protection compliance, Facebook said in an emailed statement.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Logicalis eBook: SAP HANA: The Need for Speed Without timely business insights, organizations today can suffer logistical, manufacturing, and even financial disaster in a matter of minutes
- Neustar 2014 DDoS Attacks and Impact Report For the third consecutive year, Neustar surveyed hundreds of companies on distributed denial of service (DDoS) attacks. The survey reveals evidence that the...
- Acxiom Case Study This case study, which focuses on Acxiom, explores how the company was able to secure employee data, reduce migration costs and boost productivity...
- Windows® XP Migration: Protect and Secure Critical Data With the end of the Microsoft Windows XP operating system's lifecycle on April 8, 2014, businesses are faced with the decision to migrate...
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva.
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to... All Data Security White Papers | Webcasts
Our new weekly Consumerization of IT newsletter covers a wide range of trends including BYOD, smartphones, tablets, MDM, cloud, social and what it all means for IT. Subscribe now and stay up to date!