Oct. 27 (Bloomberg) -- Facebook Inc.’s Irish offices became part of an investigation by the national data-protection agency into how the company handles personal data.
Ireland’s Data Protection Commissioner started the on-site portion of the audit by visiting Facebook’s offices in the country this week. The goal of the audit is to check the company’s compliance with Irish and European Union data- protection rules, said Lisa McGann, a spokeswoman for the commissioner.
“The on-site element of the audit has commenced,” said McGann in a telephone interview today, “and takes a number of days in this instance because it’s such a large organization.” The agency plans to complete its investigation before the end of the year, she said.
A group of watchdogs from the EU’s 27 nations have said they will probe possible privacy violations in a feature on Facebook that uses facial-recognition software to suggest people’s names to tag in photos without their permission, Gerard Lommel, a Luxembourg member of the so-called Article 29 Data Protection Working Party, said in June. Norway’s privacy watchdog is also looking into data use at Facebook, which has its European base in Ireland.
“We believe that we are fully compliant with EU data- protection laws and look forward to welcoming the DPA to our EU headquarters in Dublin to demonstrate this,” Facebook said in an e-mailed statement. “The Irish DPA audits several companies each year and we expect the whole process to be complete by January 2012.”
The Irish audit was planned before the office received 22 complaints related to an Austrian law student’s experience with how the Palo Alto, California-based social-networking service kept storing data users had removed from their pages. Those complaints will now form part of the audit.
The goal is to provide Facebook with recommendations on data handling, McGann said. While the agency doesn’t have the powers to impose fines, if companies don’t comply it can pursue summary proceedings that can result in a maximum fine of 3,000 euros ($4,238). If convicted of serious breaches of data policy, a court may fine a company as much as 100,000 euros.
“The key issue here is that we would not have any expectation of this arising as we fully expect that Facebook will implement any necessary changes as we are receiving full cooperation,” McGann said.
--Editors: Christopher Scinta, Kenneth Wong
To contact the reporter on this story: Stephanie Bodoni in Luxembourg at firstname.lastname@example.org
To contact the editor responsible for this story: Christopher Scinta at email@example.com