Simply Security - News, Views, and Opinions from Trend Micro

Posted on November 9th, 2011 in Current News, Data Privacy, Spotlight by Simply Security | Be the first to comment | Tags: Privacy

Facebook's data privacy practices are under fire once again, with a lot of criticism coming out of Europe.

Facebook's battle with data privacy is a constant one. Launched in 2004, the social network has managed to rub privacy advocates the wrong way since what seems like day one.

With a membership base of now more than 800 million active users, the website is bound to have its critics. Every few months, it seems, a new organization sets its sights on Facebook, bemoaning its privacy practices and proclaiming them inadequate.

The most recent criticisms have come mostly out of Europe, where Facebook has more than 200 million users. During the last couple weeks, several organizations and individuals have raised their voices over Facebook's data privacy practices.

For example, Germany's privacy watchdog, the Hamburg Data Protection Authority, this week accused the social network of unlawfully tracking Internet activity of canceled users.

According to a statement on the agency's website, an investigation revealed that some of the cookies installed when a user opens a Facebook account remain active even when the account is canceled. These cookies are stored for two years and can allegedly be used to identify a user until they expire, the agency said.

Data protection regulations in Germany are among the strictest in Europe, and, according to a ZDNet report, Facebook could face fines up to $420,000 if it does not delete information collected on German users.

The situation in Germany follows prior accusations by the Irish government, which in late October confirmed that it would conduct an audit of Facebook's data privacy practices to ensure they align with the Irish Data Protection Acts.

According to a PC Magazine report, the concerns, in part, stem from the Facebook's rollout of facial-recognition technology – of which German officials also took offense – which can be used to tag individuals in photos by detecting their faces.

Though Facebook has protested the objections, it does appear to be cooperating with officials in both cases. The Hamburg Data Protection Authority said the company has given detailed explanations about how it uses cookies, stating that they help identify spammers and phishers and detect when an unauthorized user tries to break into an account.

According to PC Magazine, Ireland's Office of the Data Protection Commissioner said last week that "Facebook is cooperating fully with the audit and we would anticipate that it will implement any necessary changes."

But perhaps the most controversial revelation didn't involve government intervention at all. In mid-October, 24-year-old Austrian law student Max Schrems made headlines after he asked Facebook to turn over all the information the social network had collected on him and was surprised to receive a disk containing 1,222 pages' worth of data.

The disk contained a wide range of data, including chats that he had deleted years ago, ignored invitations, "pokes" from as far back as 2008 and myriad other details.

Schrem asserted that Facebook retains data far longer than is allowed under European law, and in response launched the website europe-v-facebook.org, which calls for greater transparency from the social giant and pushes for "data minimization," among other demands.

One of Schrem's most pointed allegations is that Facebook is keeping "shadow profiles" that contain information from other sources, such as mobile devices, instant messaging services and email contact lists, among others.

Facebook, however, has denied that it is keeping shadow profiles on users.

For its part, Facebook does have a history of responding to data privacy criticism – to more or less satisfying degrees. In August, the company announced some of its most sweeping privacy control updates to date. The new updates were designed to give users more control over what information is published about them, allowing them to approve posts and photos in which they are tagged and giving them options of who can see certain information about them.

These updates are likely to come as little comfort to those who protest the social network's data collection practices. But this does raise the question of whether these concerns matter to the public at large.

The very nature of the website – on which people voluntarily submit information about what they're doing, where they are and photos of where they've been – will always draw criticism. But with such an extensive user base, it is evident that most people are willing to ignore Facebook's more controversial policies. The emergence of new competition, including Google+ and the so-called "anti-Facebook" social network known as Unthink, may force Facebook to go back and review its practices, but at the moment, neither of these sites hold a candle in terms of membership.

Facebook's data privacy woes are unlikely to go away any time soon. There is obviously room for improvement, and the protests of users and government agencies could prove instrumental in moving Facebook forward – willingly or not – in this realm. But until new regulation is passed or stronger competition forces a change, it is ultimately up to the individual user to decide his or her level of involvement with Facebook, and whether he or she is comfortable with current approaches to data privacy. 

Data Security News from SimplySecurity.com by Trend Micro