Simply Security - News, Views, and Opinions from Trend Micro

Posted on January 16th, 2012 in Current News, Privacy & Policy by Simply Security | 2 Comments | Tags: Privacy

The Irish Data Protection Commissioner has completed a comprehensive audit of Facebook Ireland, revealing key concerns and recommendations.

Irish Data Protection Commissioner Billy Hawkes has concluded his audit of Facebook, revealing encouraging news regarding the social media giant's commitment to change.

Facebook has found itself in hot water several times in 2011 as a result of its data tracking practices and user privacy settings. The controversy came to a head this fall when, amid a climate of renewed vigilance from European Union regulators, the social media pioneer submitted to a full audit of its Dublin headquarters.

This week, Commissioner Hawkes brought an end to the three-month investigation and released a road map that will guide Facebook Ireland's reforms moving forward.

"The audit has found a positive approach and commitment on the part of Facebook Ireland to respecting the privacy rights of its users," Hawkes explained. "Arising from the audit, Facebook Ireland has agreed to a wide range of 'best practice' improvements to be implemented over the next six months, with a formal review of progress to take place in July of next year."

Citing Facebook's "almost Darwinian nature" in terms of innovation, auditors stressed the importance of employing robust security mechanisms capable of addressing current concerns and evolving in step with the site's global popularity. As a result, Irish authorities noted that the latest report "is not the conclusion of [their] engagement with Facebook Ireland."

The Commission was also careful to root out any ambiguity in its recommendations and made several pointed requests of Facebook administrators. Specifically, the strategic vision called for a mechanism that effectively allows "users to convey an informed choice for how their information is used and shared on the site in relation to [third-party applications]." Enhanced transparency and user control were also requested in regards to the tagging and posting of content, exchange of personal data during registration and the use of controversial new features including facial recognition technology.

By all accounts, Facebook administrators have raised no objections with the findings of the audit or the auditors recommendations.

"Audit reports are not frequently made public, but in this case, the DPC and Facebook agreed at the outset that – in the interest of transparency – the contents of the audit should be made public, in full, immediately upon completion," company spokesman Richard Allen wrote in a statement posted on the website. "We believe this is the best way for users and policymakers around the world to understand how thoroughly the DPC performed its examination and how closely we will be working together in the future."

Allen was also quick to highlight the areas of innovation highlighted in the report. Facebook's use of cookies to identity unusual or suspicious activity, avoidance of account tracking behaviors and management of advertisement were all praised for their adherence to best practices.

Facebook's Dublin facility now manages the accounts of all users residing outside of the U.S. and Canada, but it will be interesting to see how its ongoing collaboration with the DPC will inspire or shape response to similar data security concerns surrounding the site's North American operations.

Late last month, Facebook settled Federal Trade Commission charges that implicated administrators in several deceptive data management practices. As a result, the social media giant has submitted to periodic assessments from independent, third-party auditors for the next 20 years.

Then just this week, a Bloomberg report confirmed that a California District Court has upheld a decision that would allow Facebook to be sued over advertising practices. Judge Lucy Koh stated that Facebook users may have legitimate concern over the "misappropriation of their names, photographs, and likenesses" in the endorsement of banner ads.

Security News from SimplySecurity.com by Trend Micro