Facebook faces regulatory scrutiny over its handling of personal information after objections to the Irish data protection commissioner and the US Federal Trade Commission.
The Irish data protection commissioner is to conduct a privacy audit of Facebook’s activities outside the US and Canada after an Austria-based group called Europe versus Facebook made 22 complaints.
A consortium of US privacy activists and researchers also wrote to the FTC calling for an investigation into Facebook’s “frictionless sharing” of reading, listening and viewing activity.
Privacy regulators in the UK, Ireland and Germany are already looking into a facial recognition feature that Facebook launched in June.
Gary Davis, Irish deputy data protection commissioner, said his office would conduct a detailed audit of the group’s activities outside the US and Canada next month.
He told the FT: “This audit will examine the subject matter of the complaint but also will be more extensive and will seek to examine Facebook’s compliance more generally with Irish data protection law.”
Facebook’s European headquarters are in Dublin, which makes its operations outside the US and Canada subject to Irish and European data protection legislation.
Most of the complaints relate to the collection and storage of personal information from Facebook’s users. They include allegations that the company does not delete personal information when it says it has been removed, tracks users’ internet use without their knowledge, and uses facial recognition technology to tag photographs in violation of users’ privacy rights.
Facebook is expected to provide the commissioner with its first reaction to the complaints as early as this week. But a report on the company’s compliance with Irish and EU data protection laws is not expected to be published until later this year.
The audit undertaken by the Irish commissioner does not preclude other European authorities from conducting their own investigations.
The company said: “Facebook’s European headquarters in Ireland manages the company’s compliance with EU data protection law. We are in regular dialogue with the Irish data protection commissioner and we look forward to demonstrating our commitment to the appropriate handling of user data as part of this routine audit.”