Irish Authorities to Investigate Facebook's 'Shadow Profiles'
Oct 21, 2011 11:58 AM PT
The Office of the Data Protection Commissioner of Ireland will launch a "comprehensive audit" of Facebook Ireland before the end of the month, DPC spokesperson Ciara O'Sullivan told TechNewsWorld on Friday.
The audit will assess Facebook's compliance with the requirements of the Irish Data Protection Acts as they apply to its users outside of the U.S. and Canada.
Facebook Ireland handles all members of the social network outside of those in the United States and Canada.
Complaints to the DPC from Austrian law student Max Schrems, through his organization Europe-v-Facebook, are widely believed to have triggered the audit, but O'Sullivan said an audit of Facebook was already planned prior to the DPC's receiving those complaints.
Schrems' allegations include a complaint that Facebook is creating shadow profiles of both its members and others by collecting excessive information on them without giving them notice or getting their consent.
The social network is discussing Schrems' complaints with him, Facebook spokesperson Richard Appleton told TechNewsWorld.
The Irish DPC's Plans
The Irish Data Protection Commissioner's audit will consist of "both on-site and off-site elements" in line with its normal approach to audits, the DPC's O'Sullivan said.
The on-site element "will take a number of days," O'Sullivan added.
It's likely the audit will commence next week. The DPC expects to complete and publish the results of its audit by the end of the year.
"Facebook is cooperating fully with the audit and we would anticipate that it will implement any necessary changes to comply with any requirements identified," O'Sullivan stated.
The Schrems Body Slam
Schrems has filed more than 20 complaints against Facebook with the DPC through Europe-v-Facebook. They're listed here.
Apart from the allegation that Facebook's creating shadow profiles, Schrems contends the social networking site is in breach of Irish data privacy laws because his personal data is processed by Facebook Ireland, Schrems said.
Schrems complains that Facebook Ireland is gathering excessive amounts of information by encouraging users to hand over their personal data and that of non-users through various features such as synchronizing mobile phones and importing personal data from e-mail providers and instant messaging services
Facebook Ireland is creating extensive profiles of non-users and enriching the profiles of existing users with that data, all in the background without notifying the subjects, Schrems states.
Schrems has made several demands to Facebook for data pertaining to his account.
"Facebook provided Mr. Schrems with all of the information required in response to his request," Facebook's Appleton said.
"It included requests for information on a range of other things that are not personal information, including Facebook's proprietary fraud protection measures, and 'any other analytical procedure that Facebook runs,'" Appleton continued.
Knowledge Is Power
Businesses, at least, love the amount of data they can extract from their Facebook pages.
"Our clients are very interested in understanding their customers through Facebook," Kevin Tate, chief marketing officer of ShopIgniter, told TechNewsWorld.
"I can envision multiple scenarios where having such a shadow profile could, in fact, be quite lucrative for a company, especially one that obtains its revenue primarily from advertisements," remarked Yasha Heidari, managing partner at the Heidari Power Law Group.
Arguments For and Against Facebook
Facebook has recently come under fire for a slew of new features that opponents contend invade users' privacy.
A coalition of consumer privacy groups, including Consumer Watchdog, the Electronic Privacy Information Center and the American Civil Liberties Union, has asked the Federal Trade Commission (FTC) to investigate various new Facebook features that impact users' privacy.
Meanwhile, U.S. Representative Edward Markey has written the FTC asking it to investigate Facebook's use of persistent cookies to track members even after they've logged out of its site.
"Facebook has frequently fallen short when it comes to respecting the privacy rights of its users," said John Simpson, director of the Privacy Project at Consumer Watchdog.
The Irish DPC's audit will "at the least help consumers understand how Facebook uses their data," Simpson told TechNewsWorld.
If the DPC finds that Facebook has contravened Irish data privacy laws, it may levy fines as well as impose sanctions that could include requiring Facebook to take specific actions, Heidari told TechNewsWorld.
"The absolute worst case scenario would be to find Facebook liable for breaching various criminal laws and to hold its officers and directors accountable for this," Heidari added.