The office of the Data Protection Commissioner has given Facebook four weeks to fully comply with its recommendations on improving user privacy, or it will face enforcement action. The company still has work to do on a "small number" of issues, the Data Protection Commissioner said, and EU regulators would continue to watch the firm closely.
The commissioner said it was satisfied the dominant internet firm had already implemented many of the best practice recommendations regulators made following an audit last year.
Facebook Ireland is responsible for users of the site outside the US and as a result the State's Data Protection Commissioner is responsible for ensuring the company complies with EU and Irish Law. The commissioner said the company had made satisfactory progress on a number of issues, including giving users access to data they placed on the site, the deletion of such data from Facebook when it was no longer required, and the adequate resourcing of compliance functions in Ireland.
Outstanding issues include better education for existing users and avoiding using sensitive data to target online advertising at users. The company could face fines of up to €100,000 if it fails to meet the deadline.
Compliance with EU Law
What's been done
* For EU-based users, Facebook has disabled its tag suggestion feature for photographs. It will delete data generated by this by October 15th
* Users can see what data Facebook holds on them more easily
* Data can be deleted by users from profiles more easily
* Data collected by Facebook is not retained after the purpose for which it is collected has ended
What's left to do
* Changing use of data considered sensitive under European law to target ads at users
* Better education for existing users