Facebook is bracing itself for a data protection audit in Ireland that could result in an £87,000 fine
Social networking giant Facebook could be facing potential trouble in Ireland next week, because of an upcoming data protection audit.
The Irish audit follows complaints made by Austrian law student who was shocked to discover the amount of information the social networking website held on him.
Max Schrems asked Facebook for a copy of his data in June after he attended a lecture by a Facebook executive, whilst he was on an exchange programme in California, according to the Guardian newspaper.
The 24-year old was surprised when he received a CD that was said to contain 1,200 items of personal data, much of which he had apparently deleted. The information included a log of all his previous Facebook chats, detagged photos, the names of people he had “poked”, events he had attended, and rejected friend requests, amongst other information.
But why Ireland? Well it seems that European users are administered by the Irish Facebook subsidiary, presumably because Ireland is something of a tax haven for big businesses.
The Irish data commissioner is apparently going to carry out its first audit of Facebook next week, and the social networking giant could be fined anywhere up to 100,000 euros (£87,000) if the commissioner decides there has been a breach of data protection laws.
Like the KGB or the CIA
“I discovered Facebook had kept highly personal messages I had written and then deleted, which, were they to become public, could be highly damaging to my reputation,” Schrems was quoted as saying by the Guardian.
“I’m not saying there was anything criminal or forbidden there, but let’s just say that, as someone wanting to work in law, there was stuff which could make it pretty impossible for me to get a job,” he said. Schrems claimed that by holding on to data its users assumed was deleted, Facebook was acting like “the KGB or the CIA”.
“Information is power, and information about people is power over people. It’s frightening that all this data is being held by Facebook,” said Schrems. “Of course, they are not misusing it at the moment, but the biggest concern is what happens when there is a privacy breach, either from hackers or from someone inside the firm?”
Meanwhile Facebook reportedly responded with the following statement.
“Facebook provided Mr Schrems with all of the information required in response to his request,” it said. “It included requests for information on a range of other things that are not personal information, including Facebook’s proprietary fraud protection measures, and ‘any other analytical procedure that Facebook runs’.”
“This is clearly not personal data, and Irish data protection law rightly places some valuable and reasonable limits on the data that has to be provided,” it said.
Facebook added that any user can download their “personal archive”.
There have long been concerns about the amount of data that social networking websites hold on people, as well as of course the usual privacy worries. Indeed, in January 2010 Facebook founder Mark Zuckerberg caused a storm of controversy when he said that privacy is no longer a social norm.
Meanwhile in the United Kingdom, the Information Commissioner’s Office (ICO) has been pressurising organisations to protect personal data. In July it warned private businesses that they should be more willing to undergo data protection audits.
Meanwhile the European Commission believes that data protection legislation reform is needed and is working on a comprehensive new framework for data protection across Europe this year.