I remember the good old days when ‘delete' really meant delete.
Going on three years since it was discovered that Facebook does not actually delete images uploaded to the social network, but instead merely removes the links and the visible access to the content, the social network said that a fix is in sight.
Facebook said in 2009 it was "working with our content delivery network partner to significantly reduce the amount of time that backup copies persist". In 2010, Facebook then said that a fix for videos "is already in place", and it hoped to "implement it for profile pictures and photos in the coming weeks."
Since then, however, a fix for this ongoing issue remains to be seen, although Facebook said that it would be "soon", ideally in the next couple of months.
In short, a user can 'delete' an image from Facebook's interface, and it removes the tag and the public visibility of the content. But if someone still has the direct link to the image, this can still be used to access the image.
Facebook said it was in the process of switching to a newer system that would make the process much quicker.
Just as Ars Technicadid, I tried this out myself. I uploaded a series of photos and videos, and while they remained for some weeks, they were eventually --- what one suspects --- taken down manually, perhaps in a bid to mitigate the damage from the press. Many others emailed in and commented at the time complaining that their photos were still stored by Facebook.
A Facebook spokesperson said the company continued to work on the issue, and that the systems were changing. An older system did not delete the content when it should, but the newer system will delete images in less than 45 days. The new system will come into play "in a month or two", and all images will be migrated --- and therefore deleted --- one presumes.
Facebook noted that the content will be "disabled". The spokesperson did not say that the content would be deleted, however. I have reached out for further comment.
In short, it has to. European law is changing, and Facebook --- along with other Web companies and so-called ‘offline' companies --- have to comply with the data retention rules. As per current European data protection law, should data no longer be needed or have any reason for it to be stored still, it must be deleted within a timely fashion. More often than not, this is a year. European legislation varies country-by-country; something which will soon be fixed by the upcoming Regulation.
Facebook has 229 million users in Europe, and 179 million users in the United States, according to figures it submitted to the U.S. SEC during its IPO filing. It should be that Facebook is taking a more conscientious approach to its users --- and the European Commission --- with respect to its users data.
It may be that Facebook has already breached European data protection laws. It is not clear at this stage. A spokesperson for the European Commission declined to comment at this stage, but noted it was "aware of the reports".
Considering Facebook has now repeatedly made statements that it has not kept to, one is somewhat sceptical of whether such a migration will take place in the coming months.