Irish watchdog: Facebook privacy still falls short

Facebook has put out an updated privacy policy with more details on cookies and targeted ads, but the changes it is proposing do not tackle all the problems, according to the Irish data protection commissioner
Written by Tom Espiner, Contributor

Facebook has updated its privacy policy in response to concerns raised by the Irish data protection authority, but the proposed changes do not go far enough, the privacy watchdog has said.

Facebook privacy controls

Facebook has put out an updated privacy policy with more details on cookies and targeted ads. Image credit: Facebook

The social-networking company has added "more examples and detailed explanations" to help members understand how it uses their data in conjunction with apps and advertising, Facebook's chief privacy officer for policy Erin Egan said in a blog post on Friday. For example, it has added a new section on cookies in its Data Use Policy, she noted.

However, the changes do not fully address the concerns raised by the Irish data protection commissioner (DPC), a spokeswoman for the watchdog told ZDNet UK on Monday.

"A number of the updates relate to matters identified in our audit that required clarification or amendment," said the Irish DPC spokeswoman. "We consider the update of the Data Use Policy to be a positive outcome of our engagement with Facebook Ireland."

"[Nevertheless] there are a number of matters identified in our audit report (including retention periods and facial recognition specifically) that remain the subject of ongoing discussion with Facebook," she added.

In December, the Irish DPC picked Facebook up on a number of instances where it had to improve its data protection or risk being out of compliance with European privacy law. For example, the authority asked the company to cut the time it retains ad-click data to two years and warned it about a lack of transparency around targeted advertising. The company was also hauled up on its use of facial-recognition technology in picture tagging.

In response, Facebook put out a revised 'Statement of Rights and Responsibilities' in March, to clarify that using Facebook apps means sharing data with those apps, among other explanations. In April it also began allowing people to download more data on their Facebook activity from the site.

Updated policy

Facebook said the proposed changes to its privacy policy (PDF) it unveiled on Friday take into account the feedback it got from users and the Irish DPC on its recent privacy moves.

We will retain data for as long as necessary to provide services to users and others.
– Facebook

In the updated policy document, it explains that it may store indefinitely the personal member information it receives from advertisers.

"We will retain data for as long as necessary to provide services to users and others," it said in the document. "This broader commitment applies to all data we collect and receive about you, including information from advertisers."

Facebook gave more details on advertising targeted to members based on their data, saying it will allow such advertising from Facebook on third-party websites, applications and games.

"Games, applications and websites can serve ads directly to you, or help us serve ads to you or others, if they have information like your User ID or email address," it said.


The Irish DPC raised transparency about cookie use as a concern in its audit. Facebook has added more explanation on these in its updated policy, saying that it receives cookies when a user visits a website, application or game that has a Facebook social plug-in.

While it previously maintained that it mainly uses cookies for security purposes, it acknowledges in the document that it also uses them to "deliver, understand and improve advertising".

"For example, we may use [cookies] to know you are logged in to Facebook, to help you use social plug-ins and share buttons, or to know when you are interacting with our advertising or platform partners," it said.

"We may ask advertisers or other partners to serve ads or services to computers, mobile phones or other devices, which may use a cookie, pixel or other similar technology placed by Facebook or the third party (although we would not share any other information that identifies you with an advertiser)," it noted.

The company is inviting members to weigh in with their opinions on the updated policy and Facebook's approach to privacy in general: it has scheduled an online video question-and-answer session on Monday at 5pm BST.

Facebook now faces a fresh audit by the Irish DPC in July. 

Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.
Editorial standards