Google hasn’t been the only one facing scrutiny for privacy violations under the watchful eye of regulators in the European Union. Facebook has been under investigation by Ireland’s Data Protection Committee (DPC), which has pressured the social network to make changes that would align with Europe’s privacy and security regulations. The DPC released the results of their re-audit today, and found the changes that Facebook implemented were satisfactory.
In December 2011, Facebook committed to improvements that the social network would undergo to conform to the strict EU policies in conjunction with the DPC. In a blog post, Facebook outlined three key areas of improvement, including its “Tag Suggest” facial recognition feature, data retention and deletion from third-party sites, and providing guidelines for users on how to control their information.
For European users, Facebook has since delivered the promised changes to comply with these commitments. Users can now disable Tag Suggest entirely, which then deletes all facial recognition data from Facebook.
“As our regulator in Europe, the Irish Office of the Data Protection Commissioner is constantly working with us to ensure that we keep improving on the high standards of control that we have built into our existing tools,” a Facebook spokesperson told Digital Trends. “This audit is part of an ongoing process of oversight, and we are pleased that, as the Data Protection Commissioner said, the latest announcement is confirmation that we are not only compliant with European data protection law but we have gone beyond some of their initial recommendations and are fully committed to best practice in data protection compliance.”
There were questions in regard to whether data collected from social plugins were used in targeted advertising and if this had remained unchanged in the E.U., but Facebook assured Digital Trends that this was not the case. When we looked into the audit further as well as at Facebook’s cookie audit in section 1.5.4 titled, “Facebook Users and Cookies,” the DPC has provided little evidence that social plugins are responsible for targeted advertising. “The act of browsing to Websites containing social plugins does not appear to have any influence on the advertising targeted at a user,” the audit states. However, pressing the “Like” button may influence the advertising.
One thing that we and the DPC did notice was a new cookie called “fr” that transmits data about a user and its relationship with regard to an advertising partner, thus enabling advertisers to bid on users. However, the way this ad tracking strategy works is that the advertising partner — like DoubleClick, for instance — is the one that knows the user has visited the New York Time’s Website. Facebook, on the other hand, serves as a blind middleman that sets up the value of the user who has visited the NYT site, with which its advertising partner can bid on.
As Facebook mentioned, the auditing process is ongoing as Facebook implements new features, so this will not be the last that we hear from the DPC.