Facebook's data retention practices are under investigation by Ireland's Data Protection Commissioner following a series of complaints filed by a European group critical of the social networking site.
A total of 22 complaints have been filed with the Data Protection Commissioner by Europe v. Facebook, a group that claims the company is at odds with European privacy laws governing how companies manage personal data.
[ Prevent corporate data leaks with Roger Grimes' "Data Loss Prevention Deep Dive" PDF expert guide, only from InfoWorld. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]
Facebook has sought to deflect criticism over its data handling practices, maintaining that it complies with data protection laws around the world.
Many of the issues brought up by Europe v. Facebook came about after members of the group asked Facebook for personal data stored on them by the site. Facebook is required under European law to respond to such requests. The group published redacted data obtained by some of its supporters to show what kind information Facebook stores. The group's website contains instructions for how people can request the data Facebook stores about them.
The Data Protection Commissioner's office was already planning to audit Facebook before the complaints were filed, but the process has now been accelerated, said Ciara O'Sullivan, spokeswoman for the office.
The Data Protection Commissioner will undertake an investigation of the complaints and also an audit of Facebook, which will involve visiting the company's facilities in Dublin and "looking more generally at how they process personal data," O'Sullivan said. The audit will begin next month.
The commissioner is not obligated to make the findings public, but due to the size of the investigation and scrutiny of Facebook, O'Sullivan said she expects some findings to be publicly released by the end of the year.
Facebook said in a statement on Friday that it has regular contact with the Data Protection Commissioner, and "we look forward to demonstrating our commitment to the appropriate handling of user data as part of this routine audit."
The company did briefly address in its statement some of the issues in the complaints. People who requested their Facebook data found that information they thought they had deleted was still present in the file.
Facebook said that "this is mostly likely due to the user removing a post from a specific place on Facebook rather than deleting it, or because we needed to retain information for a limited period for an investigation. We're continuing to work on ways to make this process as seamless as possible."