The ongoing investigation into Facebook’s transparency on user data and privacy by Ireland’s Data Protection Commissioner has come to a positive conclusion for the social network. The DPC, whose decisions had wider-ranging implications for all of Facebook’s business in Europe, had made several recommendations earlier in the year to bring Facebook’s policies in line with that of data protection regulations in the region. And it has now officially announced that “the great majority of the recommendations have been fully implemented to the satisfaction of this Office.” Key to Facebook’s success is that it is turning off its facial recognition features, also known as “Tag Suggest”: This feature has already been turned off for new users in the EU, the DPC notes, “and templates for existing users will be deleted by 15 October.”
The full, 74-page report is here and also embedded below.
Facebook had been the subject of a months-long investigation into its practices after complaints first raised in 2011 by a user group in Austria. The case has been handled in Ireland because this is the location of Facebook’s international headquarters, and has been through a few turns already where the DPC has laid out terms, and Facebook has responded, more than once.
The DPC says today’s report is the result of evaluations it made through the first half of 2012 and on-site at Facebook’s HQ in Dublin over the course of two days in May and four in July.
The DPC says FB has made just about all of the improvements it requested in five key areas: better transparency for the user in how their data is handled; user control over settings; more clarity on the retention periods for the deletion of personal data, and users getting more control over deleting things; an improvement in how users can access their personal data; and the ability of Facebook to be able to better track how they are complying with data protection requirements.
But most of all, the Irish Data Protection Commissioner, Billy Hawkes, appeared particularly satisfied with the outcome of the Suggest Tag/facial recognition feature. “I am particularly encouraged in relation to the approach [Facebook] has decided to adopt on the tag suggest/facial recognition feature by in fact agreeing to go beyond our initial recommendations, in light of developments since then, in order to achieve best practice,” he said in a statement.
With that feature disappearing for now, however, it will be interesting to see how and whether Facebook implements facial recognition technology in the region in the future from Face.com, the startup it acquired earlier this year, reportedly for up to $60 million.
Update: And here’s a Facebook spokesperson’s positive response to the DPC report:
“As our regulator in Europe, the Irish Office of the Data Protection Commissioner is constantly working with us to ensure that we keep improving on the high standards of control that we have built into our existing tools.
“This audit is part of an ongoing process of oversight, and we are pleased that, as the Data Protection Commissioner said, the latest announcement is confirmation that we are not only compliant with European data protection law but we have gone beyond some of their initial recommendations and are fully committed to best practice in data protection compliance.”
He also notes that FB will be revisiting facial recognition when it figures out how to square it with the regulators:
“It’s worth us reiterating that once we have agreed on an approach on the best way to notify and educate users with the DPC, we hope to bring back this useful tool.”