Social networking and privacy concerns is nothing new.
Data protection rules and regulations are at the forefront of efforts to maintain respect for personal privacy online.
While data privacy rules may differ widely between the EU and the US, there are increasing examples of EU law becoming the de facto standard for privacy and data protection internationally.
The announcement of the EU investigation report of Facebook's data protection practices in the EU, via the Office of the Irish Data Protection Commissioner (the equivalent of the information Commissioner), on 21 December cements the global importance of the EU data protection regime. The compliance steps outlines in the report, which must be undertaken by Facebook , have implications for Facebook in relation to its users in the EU but also in other countries too. Facebook will be required to make its data protection processing activities more transparent. It will also have to ensure stronger consent from its users to those processes. This should apply to all countries outside of the US and Canada.
The report and accompanying press release refer to the following issues to be addressed by Facebook:
•"a mechanism for users to convey an informed choice for how their information is used and shared on the site including in relation to Third Party Apps;
•a broad update to the Data Use Policy/Privacy Policy to take account of recommendations as to where the information provided to users could be further improved;
•transparency and control for users via the provision of all personal data held to them on request and as part of their everyday interaction with the site;
•the deletion of information held on users and non-users via what are known as social plugins and more generally the deletion of data held from user interactions with the site much sooner than presently;
•increased transparency and controls for the use of personal data for advertising purposes;
•an additional form of notification for users in relation to facial recognition/ 'tag suggest' that is considered will ensure Facebook ... is meeting best practice in this area ...;
•an enhanced ability for users to control tagging and posting on other user profiles;
•an enhanced ability for users to control whether their addition to Groups by friends;
•the Compliance management/Governance function ... which will be further improved and enhanced to ensure that the introduction of new products or new uses of user data take full account of...data protection law."
These are to be addressed on a rolling review basis, culminating in a further detailed audit review to be carried out in July 2012.
While the audit process is wide in scope, the audit arose because of a formal complaint, comprising of 22 individual complaints, made by and Austrian law student and privacy group Europe Against Facebook.
The full report is detailed and comprised of 149 pages plus appendices. It will have implications not just for Facebook but other internet and social networking websites which collect and process personal data. As with the growing trend of European data privacy law becoming the de fact international standard, the report will also have implications for the operators and users of websites outside of the EU.
Paul Lambert, author of
Courting Publicity: Twitter and Television Cameras in Court
(Published by Bloomsbury).