Facebook’s international headquarters in Dublin, Ireland is facing an audit this month for keeping users’ deleted data. The company could face a $138,000 (€100,000) fine if it does not comply with Irish data protection laws.
The audit was triggered by an Austrian law student named Max Schrems, who requested a copy of all of his personal data from Facebook while writing a paper on privacy laws. What he received was a CD containing 1,200 pages of information on everything from his ignored friend requests to deleted messages.
Facebook’s international headquarters in Dublin supports all Facebook users in Europe, the Middle East and Africa. Because of its location, the Irish Data Protection Commissioner has jurisdiction over the non-U.S. and Canada segment of the company. Users in the U.S. and Canada, however, have contracts with Facebook Inc. in Calif., and their rights are covered under different laws.
After seeing the breadth of information on him, Schrems and 21 other students filed complaints against Facebook with the Irish Data Protection Commissioner, alleging the company is creating “shadow profiles” of its members, and even non-Facebook users, without their consent or knowledge. The Irish Data Protection Commissioner then decided to do its own audit of Facebook.
According to the complaints, Facebook is illegally holding on to information on members and non-members, including phone numbers and email addresses. Schrems says Facebook scrapes this information from the data its users synch with their profiles, say from a mobile phone or email account. The group has also started the Europe vs Facebook group, which includes instructions on how to request your own data from Facebook (for users outside of the U.S. and Canada only). Facebook has already received an influx of requests.
A $138,000 fine isn’t likely to harm a company valued at over $80 billion, but the real result of the audit will be increased attention to the issue and a requirement to comply with the law.