Facebook has begun rolling out an updated version of its Download Your Information tool that gives users more access to their account history on its site.
The move adheres to recommendations made by the Office of the Irish Data Protection Commissioner in December following an investigation into Facebook’s privacy practices.
However, Max Schrems, an Austrian student whose complaints kicked off the probe, isn’t satisfied. Schrems has complained that the social networking giant is in effect holding out on consumers by releasing information in only some of the 84 categories it maintains. He wants it to release data in all the categories now.
“We plan to make more information available over time but don’t have any more details to share right now,” Facebook spokesperson Victoria Cassady told TechNewsWorld.
“It’s important progress,” Justin Brookman, director of the Center for Democracy and Technology (CDT)’s consumer privacy project, said about Facebook’s action. “There are some legitimate questions about some of the other categories, especially when other people’s information is involved.”
About Facebook’s Tool
Facebook is expanding the capabilities of the Download Your Information tool, which has been available since 2010. In addition to copies of photos, posts, messages, a friends list and chats posted on Facebook, users can now get previous names, friend requests they’ve made and IP addresses they’ve logged in from.
Facebook is rolling out the expanded tool to users over time because “We gradually roll out many of our features, such as Timeline, to ensure a quality experience,” Cassady said.
“We experimented with [Download Your Information] yesterday,” Pam Dixon, executive director of the World Privacy Forum (WPC), told TechNewsWorld. “I think it’s very good that Facebook has taken a step to make clear exactly how much information is available because people really don’t understand how much information is accruing on them online.”
Complaints About Facebook’s Approach
The archives don’t clarify what particular categories of information third parties are able to see, the WPC’s Dixon pointed out. “In other words, we do not have an advertiser’s view of our data.”
Europe vs. Facebook‘s Schrems complained that Facebook is presenting many of the data categories it offers only in its Timeline or Activity Log features, which means that users can’t access the data with one click and can’t get the raw data held on the servers. In other words, the company’s only giving users a small amount of processed data instead of the full copy of all raw data as it would be obliged to do under European law.
This is happening in full accordance with the Irish Data Protection Commission’s report, but it is not in accordance with European law, Schrems contended. Europe vs. Facebook has published a form with the European Commission that Facebook members can use to file a complaint about not getting full access to their data.
European law “is a really vague concept,” the CDT’s Brookman told TechNewsWorld. “The [EU’s] 1995 Data Protection Directive isn’t really law; it’s just an order to member states to pass their own legislation that pretty much accomplishes these goals. So [privacy] law across Europe is not consistent. Perhaps more importantly, enforcement has traditionally been weak in Europe.”
However, the European Commission has recently proposed legislation that would impose one uniform privacy law throughout Europe, Brookman said.
The Data Protection Commission’s View
“Providing users with access to their data is a matter which was covered by our audit of Facebook Ireland in 2011, and at that time, we agreed [on] a schedule with Facebook Ireland in relation to the addition of data to the Download Your Information tool,” Ciara O’Sullivan, spokesperson for the Office of the Irish Data Protection Commissioner, told TechNewsWorld. “As at end March 2012, we are happy that this is happening in line with the schedule agreed with this office during the audit.”
In July, the Office will assess whether Facebook Ireland “is at that point fully in compliance with Irish data protection law,” O’Sullivan said. “If not, we will take enforcement action, if necessary, to ensure such compliance.”
Ireland is the headquarters for Facebook’s activities in Europe.