The Office of the Irish Data Protection Commissioner this week published its report of an audit of Facebook Ireland Ltd. The audit, commissioned to investigate how Facebook Ireland implements the basic principles of Irish and EU data protection laws, made recommendations for improvements in how data is handled by the social network.
Facebook users outside of the US and Canada, including staff and students at UK colleges and universities using Facebook as a teaching and learning tool, have a contractual relationship with Facebook Ireland, which acts as data controller in respect of their personal data.
Included in the report’s findings are recommendations that Facebook:
- Simplify their privacy policies
- Increase the prominence of such policies at registration and thereafter
- Enhance the ability of users to exercise choice as to how their data is used
- Include control over social ads in privacy settings and inform users of the ability to block adverts they do not wish to see again
- Amend data retention policies as retention of ad-click data indefinitely is unacceptable and personal data of users should not be processed after the reason for collecting it has ceased
- Make the use of targeted advertising transparent to users
- Prevent users from being added to groups without their consent
Facebook will implement some changes immediately and will amend its Data Use Policy by the end of March 2012. Any improvement as to how Facebook handles personal data can only assist colleges and universities in implementing a culture of compliance with data protection laws and is a reminder that staff and students should familiarise themselves with the privacy policies of social networks they use for teaching and learning.
For more information on the legal implications of using social networks in education, see the JISCLegal publication Facing up to Facebook: A Guide for FE and HE