Facebook went beyond the initial recommendations of Ireland’s Data Protection Commission (DPC) by turning off tag suggest/facial recognition features, Commissioner Billy Hawkes said today on the conclusion of a major audit of the social network.
The feature has already been turned off for new users and templates for existing users will be deleted on 15 October.
“We hope to offer this great tool to European users once again when we have agreed a holistic approach on the best way to notify and educate users,” Facebook said.
A review published today by the Data Protection Commissioner confirmed that the great majority of recommendations made by its office to Facebook had been acted upon, including greater transparency for the user in terms of how their data is handled and greater control over settings.
Facebook’s Irish operation (FB-I) in Dublin, home to the company’s European headquarters, employs 200 people and is responsible for the social network’s global user base outside North America.
In December last year, following an audit that arose from 22 complaints lodged by Austrian lobby group Europe Versus Facebook, the DPC and Facebook agreed to ‘best practice’ improvements to be implemented over six months, with a formal review happening in July 2012.
This afternoon, Hawkes said Facebook Ireland delivered on its commitments following the audit and were evaluated through the first half of this year and on-site on 2-3 May and 10-13 July.
Other recommendations acted upon by Facebook included the implementation of clear retention periods for the deletion of personal data and other items, and the user’s right to have ready access to their personal data.
“I am satisfied that the review has demonstrated a clear and ongoing commitment on the part of FB-I to comply with its data-protection responsibilities by way of implementation or progress towards implementation of the recommendations in the Audit Report. I am particularly encouraged in relation to the approach it has decided to adopt on the tag suggest/facial recognition feature by in fact agreeing to go beyond our initial recommendations, in light of developments since then, in order to achieve best practice.
“This feature has already been turned off for new users in the EU and templates for existing users will be deleted by 15 October, pending agreement with my office on the most appropriate means of collecting user consent. By doing so it is sending a clear signal of its wish to demonstrate its commitment to best practice in data protection compliance,” Hawkes said.
Deputy Commissioner Gary Davis described the discussions between the DPC and Facebook as “often robust on both sides”, but were constructive, too.
“There were a number of items on which progress was not as fully forward as we had hoped and we have set a deadline of four weeks for these matters to be brought to a satisfactory conclusion,” Davis said.
Facebook stated: “As our regulator in Europe, the Irish Office of the Data Protection Commissioner is constantly working with us to ensure that we keep improving on the high standards of control that we have built into our existing tools.
“This audit is part of an ongoing process of oversight, and we are pleased that, as the Data Protection Commissioner said, the latest announcement is confirmation that we are not only compliant with European data protection law but we have gone beyond some of their initial recommendations and are fully committed to best practice in data protection compliance.”