Content Marketing Blog

Facebook audited in Ireland for retaining deleted user information

Facebook may possibly face a €100,000 ($AUS133,000) fine for retaining data deleted by users.

An audit of its Ireland office will begin next week, upon instruction from the country's data protection commissioner (DPC). Should the DPC find Facebook in breach of Irish law, it can ask the company to change the way it handles personal data – failing to do so could result in a fine.

The case against Facebook is reportedly a strong one and began when Max Schrems, an Austrian law student, requested a copy of his personal data from Facebook in June. He was later sent a CD containing 1,200 pages of data – including information he had deleted from his profile.

Schrems has filed 22 individual claims against the social network’s practices, including the retention of deleted user data, some of Facebook’s terms of service and its business flaws. His primary argument is that Facebook creates what he describes as "shadow profiles" – data that is collected or stored without the knowledge or consent of the person.

According to The Guardian, Schrems claims that Facebook "gathers the private data of both users and non-users by encouraging users to import contact lists, synchronise devices, and invite others to join, and alleges that this is what allows Facebook to suggest friends or urge non-users to join by showing people they may know already."

Facebook changed its terms of service in February 2009, allowing it to use or modify user data, even if a user no longer accesses the service.

Outside of the US and Canada, Facebook is administered by an Irish subsidiary, and European privacy laws are more strict than in the US. While the fine may not impact heavily on Facebook's $80 billion worth, the latest news is overshadowing its new updates due in the coming months.