BBC News
watch One-Minute World News
Last Updated: Friday, 18 January 2008, 17:39 GMT
Facebook faces privacy questions
By Chris Vallance
Reporter, BBC iPM

Facebook worker
Facebook says it does not use information from deactivated accounts
Facebook is to be quizzed about its data protection policies by the Information Commissioner's Office.

The investigation follows a complaint by a user of the social network who was unable to fully delete their profile even after terminating their account.

Currently, personal information remains on Facebook's servers even after a user deactivates an account.

Facebook has said it believes its policy is in "full compliance with UK data protection law".

"We take the concerns of the ICO [Information Commissioner's Office] and our user's privacy very seriously and are committed to working with the ICO to maintain a trusted environment for all Facebook users and ensure compliance with UK law," said a statement from the site.

Protecting principle

At present, Facebook users who wish to remove their profile from the site are given the opportunity to deactivate their account.

Facebook page
Details are stored on Facebook servers after a profile is deleted

But once deactivated the information, though no longer accessible, remains on Facebook's computers.

This is useful if you might reactivate your account later, but not the same as full deletion.

Users who wish to completely delete their information must, according to the automated response from Facebook's Customer Service, żlog in and delete all profile content".

For some users that can be a very laborious process and that concerns the ICO.

"One of the things that we're concerned about is that if the onus is entirely on the individual to delete their data," Dave Evans, Senior Data Protection Practice Manager at the ICO told BBC Radio 4's iPM programme.

"An individual who has deactivated their account might not find themselves motivated enough to delete information that's about them maybe on their wall or other people's site."

The over-riding data protection principle motivating the ICO is that organisations should only hold information as long as necessary.

Facebook maintains it is in compliance with all data protection legislation and says it does not use information from deactivated accounts.

Network problem

Mr Evans said that he believed that Facebook were committed to being seen to do as much as possible to safeguard people's privacy.

"We've agreed with Facebook to discuss with them issues around what they do with my information if I wish to deactivate my account".

In addition, he said that the ICO would look at Facebook's privacy policy, the rights to data the company asserts and the privacy implications of applications embedded in Facebook.

Although Facebook and many other social networks are based outside of the UK, Mr Evans believes that UK law could still apply.

"They are established in the UK for UK legislation to cover their activities."

He said it was the clarity of information users receive on signing up with social networking sites that is the central concern of the ICO.

"One of the things that we'll be working with the sites to achieve is to get better quality information to users to make it absolutely clear to people what exactly will happen to their information once it's posted."

Facebook opens profiles to public
06 Sep 07 |  Technology
Facebook dismisses privacy fears
12 Sep 07 |  Technology
Protests force Facebook to change
30 Nov 07 |  Technology
Facebook founder apology over ads
06 Dec 07 |  Technology
Researchers plunder social networks
15 Jan 08 |  Technology


The BBC is not responsible for the content of external internet sites

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Americas Africa Europe Middle East South Asia Asia Pacific