Facebook's European headquarters in Ireland are to undergo a thorough data protection audit next week, according to an Austrian law student who complained to the Irish Data Protection Commissioner (DPC) alleging the social network had breached EU laws.
Max Schrems and his 'Europe vs. Facebook' campaign group appears to have prompted Irish authorities to probe Facebook's data protection compliance, after revealing that sensitive personal information collected by the site about users' browsing habits was not being disclosed as required in subject data requests made under European law as we reported on Wednesday.
Europe vs. Facebook has been urging European citizens to make the access requests, under which Facebook is required to provide a CD containing all personal data it holds about a user. thinq_ explained how you can obtain your information in an article last month.
The group said on Wednesday that "according to different sources the audit at the Irish headquarters of Facebook will be done this coming week," adding that the audit would last four to five days.
When thinq_ contacted the DPC, spokesperson Ciara O'Sullivan told us that the audit would begin "before the end of the month", with the results announced by the end of the year.
An audit of Facebook's data protection procedures had, she told thinq_, been scheduled for some time, but that "the timing has been brought forward" as a result of 22 complaints received from Schrems and others.
Although the audit was a general investigation of procedures, O'Sullian said, "we will be bearing those complaints in mind".
Asked what action could be taken against Facebook if the social network were to be found in breach of data protection law, O'Sullivan admitted that the DPC had no powers to directly fine the company, but said that failure to comply with a legal notice from the Commissioner could result in prosecution. So far, she said, "Facebook is co-operating fully with the audit, but we don't know yet what the outcomes will be."