Welcome to Scribd. Sign in or start your free trial to enjoy unlimited e-books, audiobooks & documents.Find out more
Standard view
Full view
of .
Look up keyword or section
Like this
0 of .
Results for:
No results containing your search query
P. 1
Irish Facebook Privacy Audit December 2001

Irish Facebook Privacy Audit December 2001

Ratings: (0)|Views: 732|Likes:
Published by gesterling

More info:

Published by: gesterling on Aug 06, 2012
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





Facebook Ireland Ltd
Report of Audit
21 December 2011
Table of Contents
Appendix 1 Technical Report and AnalysisAppendix 2 Summary of ComplaintsAppendix 3 Overview of Team Functions (Provided by Facebook Ireland)Appendix 4 Structure of European Offices (Provided by Facebook IrelandAppendix 5 Law Enforcement Requests (Provided by Facebook Ireland)Appendix 6 Minors
Executive Summary
This is a report of an audit of Facebook-Ireland (FB-I) carried out by the Office of the DataProtection Commissioner of Ireland in the period October-December 2011. It builds on workcarried out by other regulators, notably the Canadian Privacy Commissioner, the US Federal TradeCommission and the Nordic and German Data Protection Authorities. It includes consideration of 
a number of specific issues raised in complaints addressed to the Office by the “Europe
Facebook” group, the Norwegian Consumer Council and by a number of individuals.
The audit was conducted with the full cooperation of FB
I. It found a positive approach andcommitment on the part of FB-I to respecting the privacy rights of its users. Arising from the audit,FB-
I has already committed to either implement, or to consider positively, further specific “bestpractice” improvements recommended by
the audit team. A formal review of progress is plannedin July 2012.The audit was conducted by reference to the provisions of the Data Protection Acts, 1988 and
2003, which give effect to the European Union’s Data Protection Directive 95/46/EC. Account
taken of guidance issued by the EU’s Article 29 Working Party
. The audit team followed thestandard audit methodology used by the Office
.Facebook is a platform for users to engage in social interactions of various kinds
comments (“posts”) on various issues, setting up groups, exchanging photographs and other
personal material. It has some 800 million users, spread throughout the globe. FB-I is the entitywith which users based outside the United States and Canada have a contractual relationship. FB-I
is the “data controller” in respect of the personal data of these users.As a “data controller”, FB
-I has to comply with the obligations set out in the law. The report
summarises the audit team’s conclusions on how FB
-I gives effect to the basic principles of data
protection law: that personal data should be collected “fairly”; that the individual should be given
comprehensive information on how personal data will be used by FB-I; that the personal dataprocessed by FB-I should not be excessive; that personal data should be held securely and deletedwhen no longer required for a legitimate purpose; and that each individual should have the rightto access all personal data held by FB-I subject to limited exemptions.In addition to examining FB-
I’s practices under standard data protection headings, the team also
examined in detail the data protection aspects of some specific aspects of FB-
I’s operations, suchas it’s use of facial recognition technology for the “tagging” of individuals, the use of social plug
(the FB ‘Like’ button), the “Friends Finder” feature and the 3
Party Applications (‘Apps’)
operating on the FB platform.In examining FB-
I’s practices and policies, it was necessary to examine its responsibilities in two
distinct areas. The first is the extent to which it provides users with appropriate controls over thesharing of their information with other users and information on the use of such controls
including in relation to specific features such as “tagging”. This also includes the rights of non

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->