tailieunhanh - Report of Audit 21 December 2011

Another issue which was legitimately highlighted in the complaints from “Europe-v-Facebook” was that the relative size of the links to the privacy policy and statement of rights and responsibilities on the second page of the sign up process were much smaller than the remaining information on the page. We have accordingly recommended to FB-I that this matter be addressed and it has agreed to do so. However, the concern of this Office is not focused on specific issues such as these but rather the bigger picture around appropriately informing, in a meaningful way, a new or current user. | Data Protection Commissioner An Coimisinéir Cosanta Sonrai Sr Facebook Ireland Ltd Report of Audit 21 December 2011 Table of Contents Chapter 1 Chapter 2 Chapter 3 Introduction 21 Audit 24 Subject Matter Areas examined during the audit 30 Privacy Policy 30 Advertising 43 Access Requests 62 Retention 68 Cookies Social Plug-ins 80 Third-Party Apps 86 Disclosures to Third Parties 97 Facial Recognition Tag Suggest 100 Data Security 105 Deletion of Accounts 112 Friend Finder 118 Tagging 126 Posting on Other Profiles 128 Facebook Credits 132 Pseudonymous Profiles 134 Abuse Reporting 138 Compliance Management Governance 143 APPENDICES Appendix 1 Technical Report and Analysis Appendix 2 Summary of Complaints Appendix 3 Overview of Team Functions Provided by Facebook Ireland Appendix 4 Structure of European Offices Provided by Facebook Ireland Appendix 5 Law Enforcement Requests Provided by Facebook Ireland Appendix 6 Minors 2 Executive Summary This is a report of an audit of Facebook-Ireland FB-I carried out by the Office of the Data Protection Commissioner of Ireland in the period October-December 2011. It builds on work carried out by other regulators notably the Canadian Privacy Commissioner the US Federal Trade Commission and the Nordic and German Data Protection Authorities. It includes consideration of a number of specific issues raised in complaints addressed to the Office by the Europe -versus-Facebook group the Norwegian Consumer Council and by a number of individuals. The audit was conducted with the full cooperation of FB-I. It found a positive approach and commitment on the part of FB-I to respecting the privacy rights of its users. Arising from the audit FB-I has already committed to either implement or to consider positively further specific best practice improvements recommended by the audit team. A formal review of progress is planned in July 2012. The audit was conducted by .