Privacy activists accuse Facebook of missing deadline

A group of Austrian students, whose complaints prompted Ireland's privacy regulators to give Facebook a stern ticking-off, has accused the social network of missing deadlines imposed by those authorities for implementing changes.

Facebook has offices in Ireland that manage all its operations outside North America. The 'Europe v Facebook' campaign group complained to the Irish Data Protection Commissioner (DPC) last year that the company's policies were not in line with EU law, and in December the DPC ordered Facebook to change certain policies to ensure compliance.

However, Europe v Facebook said on Tuesday that the social network should have implemented some of these changes (PDF) by the end of March, but did not. The pressure group has now urged people to complain directly to the European Commission about the matter, as it says the Irish DPC told the group it now hopes to resolve outstanding issues with Facebook by the end of April.

"It seems like the authority does not care if Facebook is breaching the law and the deadline in the authorities report. Every normal citizen gets a fine, but Facebook apparently doesn't," Max Schrems, who heads up Europe v Facebook, said in a statement.

According to Schrems, 40,000 people had followed the group's instructions on how to request all their user data from Facebook Ireland. He said the company had simply sent those people a link to a download tool that allows them to access "about 22 of the 84 data categories Facebook holds about every user".

The group is calling on those thousands of people to complaint to the Commission "that the Irish DPC is not taking on the cases by other users and is not sufficiently enforcing the law or imposing sanctions in this case".

However, Schrems also told ZDNet UK on Wednesday that he and his colleagues had not themselves complained to the Commission, as their existing case with the Irish DPC is still ongoing.

"Our case was taken on by the Irish authority but all the other 40,000 users didn't have their complaints taken on," he said. "We are still personally engaged with authorities in Ireland. We're sending letters back and forth that we'll publish as soon as we get an answer."

Meanwhile, Facebook said in a statement that it was "investing a huge amount of effort to ensure we are making progress against all of the commitments we made during the audit".

While stopping short of denying it had missed the 31 March deadline, the company said: "We have a constant dialogue with officials working for the Irish Data Protection Commissioner, who are responsible for overseeing the work we are undertaking, to reassure them of our progress."

"We recently reported to them that we have implemented some of their recommendations ahead of schedule and that we expect to meet all the Q1 aspirations over the coming weeks," Facebook added.