Conducted by the Irish Data Protection Commissioner (DPC), the panel of investigators called for impovements to the current system for handling sensitive personal data.
Facebook was told it should give all non-US and Canada based users more information about how it uses and shares their private data, and give users greater control over their personal details.
Facebook has been given six months to implement the changes before a formal review takes place in July by Comissioner Bill Hawkes.
"This was a challenging engagement both for my office and for Facebook Ireland,” said Hawkes. “The audit has found a positive approach and commitment on the part of FB-I [Facebook Ireland] to respecting the privacy rights of its users."
New changes to give
users more options for privacy
The suggested changes made by the commission include:
• a mechanism for users to make informed choices about how their information is used and shared on the site, including in relation to third party apps
• increased transparency and controls over how personal data is used for advertising purposes
• transparency and control for users via the provision of all personal data held to them on request and as part of their everyday interaction with the site
• the deletion of information held on users and non-users via what are known as social plug-ins, and more generally the deletion of data held from user interactions with the site much sooner than at present
• an update to its data use policy/privacy policy to take account of recommendations as to where the information provided to users could be further improved
• an additional form of notification for users in relation to facial recognition/"tag suggest" that, it is considered, will ensure Facebook Ireland is meeting best practice in this area from an Irish law perspective
• an enhanced ability for users to control tagging and posting on other user profiles
• an enhanced ability for users to control their addition to groups by friends
Facebook says it is “pleased that the report demonstrates how Facebook adheres to European data protection principles and complies with Irish law” and plans to make immediate changes to some current features.
The first feature change will apply to the “tagging” of photographs. Currently, a facial-recognition system allows users to tag their friends, but users will now have the chance to disable the feature. Facebook also plans to allow users to choose whether they want adverts displayed that are based on their profile settings.
Despite widespread suspicion that Facebook has been acting unlawfully with privately-held information, the investigation hasn't actually proven anything, but has simply demanded that Facebook rectify any mistakes before a major review in July.
Facebook has agreed to implement changes, but in its statement did not admit any wrongdoing.
"We are pleased that following three months of rigorous examination, the DPC report demonstrates how Facebook adheres to European data protection principles and complies with Irish law," Facebook wrote. "The DPC recognized that Facebook’s success rests in part from our constant evolution and innovation. We appreciate that the DPC acknowledges that the pace at which we offer new products and features requires continual dialogue with regulators to ensure that adequate protections are in place."
