Facebook Gets Ireland Audit Over Changes After Privacy Probe

Facebook Inc. (FB), owner of the biggest social-networking site, faces a formal review this week from data-protection officials over changes regulators sought after a probe into how the social network handles personal data.

Facebook’s progress in making “a wide range of best- practice improvements” will be reviewed as part of this week’s on-site audit by the Irish Office of the Data Protection Commissioner. An agency report in December urged Facebook to increase “transparency and controls for the use of personal data for advertising purposes” and to delete “data held from user interactions with the site much sooner.”

These and “any other current or ongoing issues will be discussed with Facebook during our on-site re-audit,” Gary Davis, Ireland’s deputy data protection commissioner, said in an e-mail today.

Facebook Ireland provides service to the Palo Alto, California-based company’s users outside the U.S. and Canada, according to the agency. The agency began reviewing Facebook’s compliance with Irish and European Union data-protection rules in 2011.

Facebook said in an e-mailed statement that it has kept in contact with regulators in recent months on “our progress in implementing the recommendations outlined in their audit report from December.”

The agency “will conduct an on-site audit meeting with Facebook Ireland in mid-July,” the company said. “We look forward to the meeting.”

Deleted Content

Facebook has agreed to enhance the information users get about their deleted and removed content and to simplify explanations of its privacy policies. The Irish agency will issue a second report later this year.

A Germany data protection regulator last month suspended its probe of Facebook’s facial-recognition features pending the Irish audit.

For companies that don’t comply with its recommendations, the Irish agency may pursue summary proceedings that can result in a maximum fine of 3,000 euros ($3,690). If convicted of serious breaches of data policy, a court may fine a company as much as 100,000 euros.

Data protection is currently policed by separate regulators across the 27-nation EU. The EU’s executive body wants to simplify the system so companies deal with only one data- protection regulator in the zone.

To contact the reporter on this story: Stephanie Bodoni in Brussels via sbodoni@bloomberg.net

To contact the editor responsible for this story: Anthony Aarons at aaarons@bloomberg.net

Bloomberg reserves the right to remove comments but is under no obligation to do so, or to explain individual moderation decisions.

Please enable JavaScript to view the comments powered by Disqus.