Ireland's DPA satisfied with Facebook Ireland implementation of best practice

Ireland's Data Protection Commissioner, Billy Hawkes, says that he is satisfied with the great majority of steps that Facebook Ireland (FB-I) has taken to follow his best practice recommendations.  The DPA’s report on its re-audit of Facebook, published on 21 September, says that user transparency, user control over settings, clarity over retention periods, and user access rights have been improved in particular. In areas where progress has not been as fast as hoped, for example, better education for current users, the office has set FB-I a deadline of 4 weeks.

Billy Hawkes said: “I am particularly encouraged in relation to the approach Facebook has decided to adopt on the tag suggest/facial recognition feature by in fact agreeing to go beyond our initial recommendations, in light of developments since then, in order to achieve best practice.  This feature has already been turned off for new users in the EU and templates for existing users will be deleted by 15 October, pending agreement with my office on the most appropriate means of collecting user consent. By doing so it is sending a clear signal of its wish to demonstrate its commitment to best practice in data protection compliance.”

The Irish Commissioner made best practice recommendations following a detailed audit back in October-December 2011. The follow-up, also taking into account the concerns of the EU Data Protection Working Party’s technology sub-group, culminated in a formal review in July this year.

FB-I fully cooperated with the review process, and has now appointed a Head of Data Protection, a senior lawyer who will establish a data protection team for FB-I. Hawkes said that this has been a key development in ensuring future compliance.

See the Report of Review of Facebook Ireland’s Implementation of Audit Recommendations.