Facebook Ireland Ltd : Report of Audit, 21 December 2011
File Type:
PDFItem Type:
reportDate:
2011-12-21Access:
openAccessCitation:
Ireland. Data Protection Commissioner, 'Facebook Ireland Ltd : Report of Audit, 21 December 2011', [report], Data Protection Commissioner, 2011-12-21Download Item:
Facebook Ireland audit report 2011.pdf (PDF) 3.263Mb
Facebook Ireland Audit Report 2011_Appendices.pdf (PDF) 1.009Mb
Abstract:
This is a report of an audit of Facebook-Ireland (FB-I) carried out by the Office of the Data Protection Commissioner of Ireland in the period October-December 2011. It builds on work carried out by other regulators, notably the Canadian Privacy Commissioner, the US Federal Trade Commission and the Nordic and German Data Protection Authorities. It includes consideration of a number of specific issues raised in complaints addressed to the Office by the "Europe-versus-Facebook" group, the Norwegian Consumer Council and by a number of individuals. The audit was conducted with the full cooperation of FB–I. It found a positive approach and commitment on the part of FB-I to respecting the privacy rights of its users. Arising from the audit, FB-I has already committed to either implement, or to consider positively, further specific "best practice" improvements recommended by the audit team. A formal review of progress is planned in July 2012. The audit was conducted by reference to the provisions of the Data Protection Acts, 1988 and 2003, which give effect to the European Union’s Data Protection Directive 95/46/EC. Account was taken of guidance issued by the EU’s Article 29 Working Party. The audit team followed the standard audit methodology used by the Office. Facebook is a platform for users to engage in social interactions of various kinds – making comments ("posts") on various issues, setting up groups, exchanging photographs and other personal material. It has some 800 million users, spread throughout the globe. FB-I is the entity with which users based outside the United States and Canada have a contractual relationship. FB-I is the "data controller" in respect of the personal data of these users. As a "data controller", FB-I has to comply with the obligations set out in the law. The report summarises the audit team’s conclusions on how FB-I gives effect to the basic principles of data protection law: that personal data should be collected "fairly"; that the individual should be given comprehensive information on how personal data will be used by FB-I; that the personal data processed by FB-I should not be excessive; that personal data should be held securely and deleted when no longer required for a legitimate purpose; and that each individual should have the right to access all personal data held by FB-I subject to limited exemptions ..
Corporate name:
Ireland. Data Protection CommissionerPublisher:
Data Protection CommissionerCorporate name:
Ireland. Data Protection CommissionerPublisher:
Data Protection CommissionerType of material:
reportCollections:
Availability:
Full text availableSubject:
Data protection, Facebook (Firm)The following license files are associated with this item: