Facebook ED S dule
advertisement
Schedule of R eco rd s for FOI Request No. 156/455/2012
Record
No
I
Brief Description
Data Protection and
Page No
Grant/H.cfuse
Page I
Part Granted
Part of page 1 refused under
Section 28(1)
Page 1
Part Granted
Part of page 1 refused under
Section 28( 1)
Pages 2. 3, 4
Granted
Page 1
Part Granted
Part of page 1 refused under
Section 28(1)
Page I
Part Granted
Part of page 1 refused under
Section 28(1)
Pages 2. 3, 4
Cover page.
Granted
Part Granted
Submission
Pages 1 & 2
Granted
Part Granted
Facebook
2
3
4
5
6
Briefing fo r Minister re
Facebook meeting - Refonn
of ED Data Protection
Regime
E-mail - Proposals for
General Data Protection
Regulation
Briefing note prepared for
meeting with Facebook
E-rnail - Facebook's
submission on the European
Data Protection Proposals
Note of Meeting with
Facebook
Bas is of Refusal; Section of
FOI Act
Part of (cover) page re fused
under Section 28(1)
Part of page 1 and 2 re fused
under Section 28( I)
7
Update to Facebook's data
use pol icy
Page I
Part Granted
8
Meeting with Facebook
Page I
Part Granted
9
Proposals for general Data
Protection Regulation
Page I
Part Granted
10
Proposals fo r general Data
Protection regulation
Page I
Part Granted
Part of page 1 refused under
Section 28(1)
11
Briefing for meeting with
Facebook on 9 February
Page I
Part Granted
12
EU Data Protection
regulations - more detailed
perspecti ve
Major developments in the
Data Protection field
Pages 1 & 2
Part Granted
Part of page 1 refused under
Section 28(1)
Part of page 1 and 2 refused
under Section 28 (1)
Page I
Part Granted
Part of page 1 refus ed under
Secti on 28(1)
Major developments in the
Data Protection field
Major devel opments in the
Data Protection field
Page I
Part Granted
Part of page 1 refused un der
Sectio n 28(1)
Page I
Part Granted
Part of page refused under
Section 28(1)
16
Major developments in the
Data Protection field
Page I
Part Granted
Part of page refused under
Section 28( 1)
17
Major developm ents in the
Data Protection field
Page I
Part Granted
Part of page refused under
Section 28(1)
18
Major deve lopments in the
Data Protection field
Page I
Part Granted
Part of page refused under
Section 28(1)
Page 2
Page I
Granted
Part Granted
Page 2
Page I
Granted
Part Granted
13
14
15
19
Major developments in the
Data Protection fie ld
20
Catching up
Part of page I refused under
Section 28( I)
Part of page 1 refused under
Section 28(1)
Part of page I refused under
Section 28(1)
Part of page refused under
Section 28( I)
Part of page refused under
Section 28(1)
.--..;:-I
I ''';'
Data Protection and Facebook
1010412012 12:30
I refer to your recent e-mail in relation to the above,
The position is that paragraph 1 of the Second Schedule to the Data Protection Act 1988 provides that
the Data Protection Commissio ner "shall be independent in the peliormance of his functio ns".
From:
T o:
i nfo@jusl ice.ie
cc:
Date, 26/03/2012
Subject:
Data P rotection an d Facebook
Hi , I'm working on an article regardi ng Data Protection on li ne and Facebook. l have in that
regard made Data Access Req uests to facebook and numerous other companies, and I know
by fact that Facebook won't give me (or anyone else asking for access) the amount of data I
am entitled to.
Everyone are, according to EU -regulations, entitled to be given the total amount of
information held on them within 40 days. This also applies to a co mpany like Facebook, but
I've been in touch with the Iri sh Data Protection Commisioll. They told me that Facehook has
been allowed to not hand out all the information they ho ld about their users until this July_
Meaning that the Irish Data Protection Comm ision effectively are allowing Facebook to
operate outside of the legal borders until thi s summer, and that Facebook at the time being are
iIlegaly withelding information about its users.
What does the department of Just ice think of this?
The lrish Data Protection Commision is allowin g Facebook to avoid data request from
throughout Europe for several months in order to give FB time to make sure everything else is
complying to Irish and European laws and regulations. Does the department of Justice agree
that this is the right way to do it?
Thanks for your response.
With regards;
·=-1
IL
__
Briefing for meeting with Facebook on 9 February
I
---~
08f02/20 121 3:23
«< Attachment 'Briefing for Minister - Facebook meeting.doe' has been archived by user
LR/JSECTOR' on '09/081201218:24:06'. >>>
•
Reform of EU data protection regime
Briefing Note
Existing EU Data Protection Framework
I. The centrepiece of existi ng EU legislat ion on personal data protecti on is
Directive 95/46/EC (Data Protection Directive) whi ch seeks to reconc-ile the
protection of personal data wi th th e free now of such data wi thin th e internal
market and to count ries outside the EU. The Direc tive has been transposed into
national law in the Data Protection (Amendment) Act 2003
2. This Directive is comp lemented at EU-Ievel by Fram ework Decision
2008/977IJHA (Data Protection Framework Decision) which makes provision
for the protection of personal data in the context of police and judicial
cooperation in crimi na l matters. The Fra mework Decision app lies to th e crossborder exchanges o f personal data within the EU and not 10 domestic
processing operat ions in Member States.
Lisbon Treaty
3. The Lisbon Treaty con tai ns new data protection provisions which are in tended
to fu rther strength en EU data protection sa feguards. Art icle 16 of th e Treaty on
the Functi oning of the European Union (TFEU) has introduced a speci fic legal
basis for the adopti on of rules on the protection of personal data. In addition,
Article 8 of the Charter of Fundamental Ri ghts of the EU enshrines protection
of personal data as a fu ndam ental ri ght.
European Commission proposals
4. Foll owing completi on of an extensive consultation process, the European
Commission has tab led an ambit ious pac ka ge of proposals that are intended 10
replace both the Directive and Framework Dec.ision referred to above. The
proposals were adopted on 25 January.
5. The proposals are due to be di scussed by national data protection experts in a
Council Working Group: the first meeting is sc heduled for 23124 February.
These discussions will take place under the Danish and Cypriot Presidencies
during 2012 and wi ll continue under the Irish presidency of the Work ing Group
in 2013. The European Parliament will also become involved in discussions at a
later stage under co-decision arrangements.
6. The Commission's proposals are lengthy, detai led and complex (while the 1995
Directive contains 34 sections, the proposed replacemenr contai ns 91 sections).
It is also notab le that the Commission is proposing to rep lace a Di recti ve. which
mLlst be transposed into national law. with a directly-applicable Regulation .
Wh ile the Commission \vil l seek to justify th is on the basi s that uneven
transpos iti on of the Directive across member States has created barriers fo r
e. The Comm iss ion wan ts to 1:1cilitate 'data po rlabi lity". i.e. make it easier
in future for individuals to tran si't: r their own persona l data fro m one
serv ice provider to another (art icle 18). It remai ns to be seen whether
this requi res reso lution of any tcch n ieal difficu lti es.
f. The Com miss ion is propos in g that in certain cases data contro ll ers will
be requ ired to perform ' data protec tion impact assess ments' (a rticl es 22
and 33). Here also. it w ill be necessary to respect propol1ionality.
g. Where, fo r whatever reason. breaches of security lead to unauthorised or
acci denta l loss or disc losure of data. the Commi ss ion is propos in g th e
com panies and bodi es concerned report them imm edi ate ly to national
Data Protection Commissioners. Thi s may encounter prob lems and
invo lve additional expense because. for exam ple, an unauthori sed breach
may only come to light some time a tte r it has happened. Moreover,
indi vidua ls wi l! be permitted to report such breaches even where the
infringements have happened outs ide the EU.
9. For the benefit of US companies w ith establi shments in th e EU, the European
Commiss ion is organi sin g a conference 0 11 "Privacy and Protection of personal
data" on 19 March in Washington D. e. This wil l provide an opportunity for
US-based executives to interact w ith relevant Commiss ion officials; the
Commiss ion also wants member state representati ves to attend and has issued
an invitation. No decision has been taken here yet on whether to attend .
Next steps
10 . The Department of Justi ce and Eq uality is see king the views and inpu t of
relevant stakeho lders in the co min g week s prior to th e com mencement of
detailed di sclIssions in late February. Any su bmission from Facehook would be
welcome. The ove rall objective in th e f011hcoming negotiati ons will be to
ensure that an appropriate balance continues to be mainta ined between the need
to sa feguard personal data and ensurin g the free flow ofsllch data within the
intemal market and, subject to appropr iate safeguards_to countries and
destinations outside the EEA. We must also seek to ensure that the interests and
jobs created by stakeholders operating in Ire land are protected.
February 2012
3
Fw: Proposa ls for General Data Protection Regu lation
10102/201209:44
Facebook met w ith the Minister yesterday and will make a submission to us on the DP proposals.
Regards
••••• Forwarded by
From:
To:
Date:
D2/2012 D9:42 •••••
ICE
Subject:
- -.-----
For info .
.RfJSECTOR on 09/02/2012 17:21·····
From:
To:
Cc:
Date :
~ubjec!..-. ___
"
Apo l og i es f or not getting ba c k to you - I've forwarded t he message to
Goog1e (a n d ·.-lil l folIo .... up \.... i t h t hem by phone tomor ro ....· t o confirm) . I ' m
·...·a i ting on contact deta i ls for Facebook, but I ' ll h a ve t hose i n th e morni ng
also a n d wi ll dea l wit h th e~ t hen .
I ' ll confi ::m bo t h of t h ese \"i t h you v i a e:na i l
i n t he ::lo rr.'..ng.
Rega!:d~
Fro:n
Sen t
To : I
S'. .:.bject : P:- oposa ls fcr Gene r al Data Pro te c t:' on Re gula::ion
Hi
: a :n ...·or.de r ing if yo u r Depa :::: trr. en t has decided to consu l t in re l at i on : 0 the
Data Protect i on Regu':"ation or i: yO\; 'd':' :"'l give us co n tact detai l s so : 01.at
;,-.'e ca n do t r . e necessary con s'Jl t a ,:i or.?
Re gards
Fw: Briefing for meeting with Facebook on 9 February
13/02f2012 10:48
Here is the briefing note Seam us prepared for the meeting with Facebook . It is probably too detailed
for your purposes but you may be in terested in the first 5-6 paragraphs.
Regards
Noreen
Noreen Walsh
Civil Law Reform Division
- - Forwarded
b~
on 13102120 12 10:42 -----
From:
To:
Cc:
Date:
Subject
'@JUSTICE
USTICE, I
08l02r2U1213:23
Briefing for_meeling with
F~~.,:k
~.~
Briefing for Minister - Faeebook meeting.doe
on 9
I/JELRlJSECTOR@JUSTICE
F ebrua~ _ _ ,____ _ _•_
_ _ ___ _ _
_ __
._
Reform of EU data protection regime
Briefing Note
Existing EU Data Protection Framework
1. The centrepiece of existing EU legis lation on perso na! data protection is
Directive 95 /46/EC (Data Protection Directive) which seeks to reconcile the
protection of personal data w ith the free flow o f such data within the interna l
market and to coumries outside th e EU. The Directive has been transposed into
nat ional law in th e Data Protection (A mendm ent) Act 2003
2. This Directive is complemented at EU ~level by Framework Decis ion
2008/977/JHA (Data Protection Framework Dec ision) which makes prov ision
for rhe protection o f persona l data in the context of police and judicia l
cooperation in cr imi nal matters. T he Framewo rk Decision app li es to the cro ss ~
border exchanges of personal data \vithin the EU and not to domestic
processing operations in Member States.
Lisbon Treatv
3. The Lisbon Treaty contains new data protecti o n prov isions which are intended
to further strengthen EU data protection safeguard s. Articl e 16 of the Treaty on
th e Functioning of the European Union (TFEU) has introduccd a specific legal
basis for the adopti on of rule s on the protection of personal data. In addi tion,
Arl icle 8 of the Charier of Fundamenta l Righ ts of the EU enshrin es protection
of personal data as a fund amenta l right.
European Commission proposals
4. Follow in g completion of an extensive consu ltation process. the European
Comm ission has tabl ed an ambitious package of proposals that are intended to
rep lace both the Directi ve and Fra mework Decision re ferred to above. The
proposa ls were adopted on 25 January.
5. The proposals are due to be di sc ussed by nati onal data protection experts in a
Council Workin g Group; the first meeting is scheduled for 23/24 February.
These discuss ions w ill take place under the Dani sh and Cypriot Presidencies
during 2012 and will continue under th e Irish pres id ency of the Working Group
in 2013. The European Parliament will also become involved in disc ussions at a
later stage under co-decision arrangements.
6. The Commission' s proposals are lengthy. detail ed and compl ex (while the 1995
Directi ve contains 34 sections. th e proposed replacement contains 91 sections).
Tt is also notab le that the Commi ssion is proposi ng to replace a Directi ve. wh ich
mu st be transposed into national law. with a di rect ly-app licabl e Regulat ion.
While the Commiss ion wil l seek to justify thi s on the basis that un even
tran spos ition of th e Directive across member Stat es has created barri ers for
e. The Commission wants 10 facilitate 'data portab ility", i.e. make it easier
in future for individual s to transfer their own personal data from one
service provider to an other (al1 icle 18). It re mains to be seen whether
thi s requires resolution of any technical di fficu lt ies.
f.
The Comm ission is proposing that in certain cases data controllers w ill
be required to perform 'data protection impact assessments ' (artic les 22
and 33). Here also, it wi ll be necessary to re spect proportionality.
g. Where, for whatever reason, breaches of security lead to unauthorised or
accidental loss or disclos ure of data, the Co mmission is propos ing th e
companies and bod ies concerned report them immed iately to nat ional
Data Protection Com mi ss ioners. Th is may encounter problems and
involve add itiona l expense because. for examp le, an unauthorised breach
may only come to ligh t some tim e after it has happened. Moreover,
individu als will be permitted to rep0l1 such breaches even where the
in fringements have happened outside the EU.
9.
For the benefit of US companies w ith establishments in the EU. the European
Com mi ss ion is organisin g a conference on " Privacy and Protection of personal
data" on 19 March in Washington D.e. Thi s wi ll prov ide an op portunity for
US -based executives to interact with rel evant Com mi ss ion officia l s~ the
Com mission a lso wa nts member state representatives to attend and has issued
an invitati on. No decision has been taken here yet on wheth er to attend.
Next steps
10. The Department of Justice and Equa lity is seeking the views and input of
re levant stakeholders in the com in g week s prior to the commencement of
detailed di scussions in late February . Any submission from Facebook would be
welcome. The overall objecti ve in the fort hcoming negotiations will be to
ensure that an appropriate balance continues to be maintained between the need
to sa feguard personal data and ensuring the free 11 0w of such data within the
internal market and. subject to appropriate safeguards. to cou ntries and
destinat ions outside the EEA . We must also seek to ensure that the interests and
jobs created by stakeho lders operati ng in Ireland are protected .
February 2012
3
From:
To:
"data p rOlCClion p roposals@iusllce.ie" <da taprotection proposals@j ustice ,ie>
cc:
Date: 301 03/2012
Facebook's subm ission o n the European D ata Protection Proposals
Subject:
Dear Sir/Madam
Please fi nd attac he d Facebook 's submission to the Irish government's cons ultation on
the EU Data Protection proposals. Please don't hesitate to contact me should you have
any further enq uiries.
Best
Facebook's view~ on W Data Protect ion ReglJlatlon - 30" Ma"h 2012
This
p ap~ r
sets out the views of Fac ebook on the Europear. Comm iss ion's proposal for a
"on the protect ion of individlJals with regard to the processi ng of personal
and on the fr ee movement of such data" (hereafter referred to as the 'Regu latilm'),
R~gulat i on
d~ta
Facebook's mis sion Is to give peop le the power to share and ~ake the world mo r~ open
and conn ected , With over 800 million users worldw ide, the impact on peop le's lives
ranging from act ive participation in poHtica l dia logue to pe rsona l stories of familiu
being reunited is unpreceden~ed.
faceboo k is also a driver of econom ic growth and Job creation. A recent study f rom
Delo itte found that Facebook adeed more than US bil lion in value in the European
Union in 2011, support ing more than 230,000 jobs. Facebook th~r~for~ 'Nt'lcom~s
fact that one of t he obj~ct ives of the European Commission in propos ing th e n~w
leg isl ative fram ework on Data ?ro t~ctio n is to foster growt h ~nd jobs,
th ~
The revis ion 01 the Data Prot ect ion Directive has the potentia l to facl l itat~ innovation,
and prov ide .onsumers with greater transparency ar,d control. Fa~~boo k bel ieves t hat it
il possible to have sound privacy regulat ion and a thriving digitalsectof, The new
legisla tive framework 5ho~ld focus on encourag ing best pra~t i ces by companie~ like
Ficebook rathe,. than on set1 ing out detaile d teChnical rule~ that will not stand th e test
of time and may be frustrating and costly for both se rvice providers and user s.
This paper addresses tM key as pects of th e Regulation indicating which elements
i'acebook encourages policy makers to consider revising. We stand ready 10 discuss
po ints of detail about how the legislation might be improved with policy ma kers,
In ternet user group~ and other organisations In the Inte, ne! eco-wste m.
We hope that these comments wil l assist the Irish Governmer.: in making its input to tne
debate at EU level.
1. Rata Protection Authority (OPAl competenc e
of a ~ingl e OPA having competence acroSS the EU for multinational
Is we lcome, though w e have ,0ncerrlS about related provisi"", which
could undermine this, It should also be Clarified that th~ "one stop shop" principle
applies to a co-eontr()lI~r bas~d outsid~ the EU when there Is already an EU based
contro ller within the same corporate group,
The core
principl~
companie~
The proposed Regulation pro','idn thilt the DaU ProtC'Ction Authori ty (OPAl of the
~o u n try hos ll t he European He adQuarte" of a bu si nen it hu jurisdict ion on behalf of
th e rest of the EU.
Facebook we lcomes th is provi sion and the Eu ro pean Com ml ulo n' s inl ll.t ive to bring
about mor e harmonilat l~n to EU Dau Protection legis lati on and upecially DPA
jurisdiction by creating a 'one -stop·shop' - ie iI sin gle regu lil tory authori ty tor the who le
EU market . Since 2010, Facebook Irelan d Ltd hiS provided facebook use rs In Europe
with their service, ilnd has bee n subject to oversight by tMe Office of the Duta Pro tectio n
Commissioner [D PC) for compliance wIth Irish dilla prot ec ti on law.
FlCeboo~ is a leader among global Internet service providers Irl lts tran sparency ilnd
willingness to engage wit h European OPAs and will continue to take this COfl$!ructive
approach t o meetin g its ob ligations to its users. 8eine eJtablish~ in Iretand. th e o pe h
Fi(e boo~'sleild DPA . facebook hils rece ntly been the subject of i thorough IInd
det ail~ audit by the ope, published at our volition on 21 December 2011, on Itl
pr.cHces and policies. Sul»lanl i.1 resout~~S were dedicated to ensure t hat the ope Mad
ill the Information it needed to ccnd uct a comprtheMm audit. The iudlt Involved
three mor.ths of rigorous e xam ination, and tile final DPC report demOt"lstrated how
F~cebook adhe res to Eu(ope~n data protection principles and complies with Irish taw.
Facebook believes that these practices are e~tremely important in demonstrating
compliance with the law and would like to obtain tegal certainty tnat a true 'one-stopshop' will be apptied in Europe.
Artiele SI provides that when a datil controller and/or dala pre<essor Is esta blishe d In
sever. 1 Member States of the European union th e respo nsible DPA wll! be the one ot
th e main e stab lishm ent. Howev er, it remil lns undear wh ethe r th e 'one-nop-shop'
principl e applies in the case where a controlle r or pro ~e$Sor Is bued oUl$id e of th e W.
In th e case of Facebook, facebook Inc (based In th e US) is a dUi pro cuso r for Fi cebook
Irela nd . If the relationship between these entit ies was 10 chinle, Ind Faceboo k Inc were
t o be regarded as it data cont rolle r for th e purposes 01 the regulation, It wo uld not be
uble to benefit fro m the "one-stop-s hop" prin ci pl e. in ord er to bring about more clar ity
Bnc le g, 1cert3 inty F".ebcok wcu lc urge po li;y makers to amend the rules deal!ng with
the applicabil ity 01 Ihe 12W (Artic le 3). 50 that il t here is already an EU based contro ller
within a corporate group, th at contro lle r .hould be respons ible for comp liance in
res pect of the relevant ca:a proc essing, as tha t pro~id!5 t he grn test degree 01 certainty
for both In ternational cempanies .. nd individuals. Facebook believes that t~11 would
~nhane~ the objectives th~t the EUlopean Commission had In mind In ensuring t ha t the
'one-stOP-IMOP' ;s ro::ust and applies to illI cont.ollers and proceuorl regardless of
where they .. e established when the ~egul ation applies.
2
Fac ebOOk I~ also concerned th~ 1 t he re ~re I ~ e,ie § of articles t hat undermine th e power
of the lead ing OPA, wh ich cou ld lud to incon!i5!e n,lu in the application of Ine
regulalion "nd create legal uncertainly lor businesses. In pa'liculaor:
Mut ual ils si stance· Un.:! er Art icle 55(8), an W OPAcan la ke a provisiona l measure, 11
tt.e lead OPA does not answer the ir reque51 witnin one ,"o:'l\n. rne OPA ol lt.e main
es:abllst.ment milht t. ave legitimate reasons for delaying It.e adoplion of a
provisio nal measure 3nd Ihls shou ld nct und ermine 115 to mpete ncQ .
Joint ope, allOn! cf supervisory authorities (Atticle ~61- The tight for each OPA to
pa rticipa te to JOint operations equally raise. sign ificant risks witt. regards to the
'one-sto p-shop' princi pl e. As we unders l3nd it th e propon l ls th at a ny EU OPA
would have the right 10 be Involved in I joint inves\lgation wilh tne IHd OPA. The
lead OPA could even confer their investlgalive: and e~ecutive power to ano tner OPA.
This crea les signlflcan t iegal unl;ertalnty for busineues. which have been dedica ting
reso urces to !;oope rat in g I nd dealin g with the ir lu d DPA.
Consistencv mech~n lsm {Articles 57 - 631· This provision is aimed at ensurlng unity
of application of Ihe Regul!tlo n in ,,,Iatlon to process ing oper~ l ions, whic h ma y
concern da ta ~ubJect! in several Member States. flCehook $uppo rt5 the obj~ctive,
however some of tt.ese provlS'or., raise a risk for the le~d OPA havin, its po",er
undermined by the European Ollta Protection Boa rd (fOPSl. the Europlll n
Commissio n and et her DPAs . This is anoth er potentia l a rea of legil l unce.til in:y fe r
bUlinesses and risks ereatinlleng delays in key decisions, whith could have a
s.>gnlfitanl imp.ct on innovation CVde!>.
2. ~! rlProCluor
Propo"ls ' !I.ardl nl t he dellnitlon of the dala ~nt roller need to be narrowed down to
ensure t hat u mpanles can operate efficie nt ly with lel al ce rtainty.
For the purposO"S of Ihl!> Regulation, Ihe (lata controller for EU Fuebook use's Is
:o.~ slder4d 10 be Facebook Ire!~nd Lld and F~cebook Ireland Ltd's data ;:>roce sso rs
In cl~de facebook Inc in Californ ia. Fac ebook wou ld like 10 main t' in t he clar ity 01 thi s
SfrUtlure. Faceboo k has lor a lo.,g time ful ly iltI;epted its responsibility 10:15 users in
Europe and since 2010. these users ""'e been p.ovided with theif service by Facebook
Ireland rh .s Sl'uc:u.e is compl iant with Irish da:a protection law and is subject to
ove rsight by the ope.
Facebook Is concerned, however, that Ihe concept of dlta processor In the Relula lion Is
not cleartydefined and, as , resul t, the re ~Iy be situations where a d ~l a pro!;e~~or may
unjultiflab 'y be r!garded as a data con troller. Fo r example, under Arl icle 2614), if a
3
;>rocenor is considered to be ta king Inde pende nt decilionl tllen tlla! proceuof will be
deemed as a con troller. Fa ceboo~ believes thU Ih e intera ctio n betwee n the two
concepu might raise prat tle.! difficu lties wllen a datil controller " nd iI da! iI procenor
are part of the sa me company group an d both parts of the Iroup collaborate on a (hily
basis. The policies iln d prot ocols will be de~in e d by the data control ler, but oft en
interpreted and implemented Independently by the data pratessor. To avoid any legal
uncer tainty, Facebaok sugges ts therefore \hilt the defi nition of data proc eno r is
mOdifi ed to Il low certa in e lementl of decis l on·m .~ in8.
Article 22 int ro duce s new ~ccount f bIlit y pr ov ision s on cont rollers. These includ e
requiremenu 10 demonnrate compliance witll the Regula tion tllroullI tile Ic!option of
inte rn.t policies, assign men t of Int er n.1 rel po nsibilitiel an d ve rific 41 ion of co mpliance.
Faceboo k agr ees with the st provis ions. 1I0wever tllere may be so me di fficulty in
situ ations where Ihe levef of prescription in th! Regulation Is such th at lhey ma y nOt
renec t practices thU are oth erwis e appro pri ate to safeg uard perso nal dau.. F~ ce boo k
the refore suu:es ts tllat t his Article requires further conside ration by policy makers.
1. Privacy by default/privau b!f dulUl
by design' is a wekome princip le b ut Ihe accompanying 'privacy by default'
principle takes Ins ufficient .cco ~nt of the t Morlnc ethos underplnnlni so cial network
se rvlcfl. The ReCU!aUDn sh ould have resped for th. 'Dnte~t In whlctl dall Is coll.cted
and prtKessed.
'Priv~cy
facebock welcomes the mtro duet!on of the 'privacy by design' prindple in Article 23.
Privacy is at th e core 01 everything that Fac eboo kd oes and, in pa rt of ih work wi~ h the
ope. facebook has made privacy by design a key component of 115 privacy progra mme.
Face book believes that people should lIave control over each piece of content tlley post.
Th at is why fleebook empowe rs people witll robust tools a nd e ducates them with too l
tips and confirmation dial081 th e II,.,tt lme th ey share, whi ch he lps to ensure tn at th ~
ue sh.ring with the people they want and that they know how to adjust
fer the future.
:~elr
settings
Facebook regrets however thlt Ihil provision does no t ta ke into accou nt the sp ecific
nat vre of soc ial networ king wlle re the ve r·,. rU!On Ih" moU people join is to share and
tonnect with others. Specific,lIy, Article 23 1150 intreduces the notion of 'priva=v by
dehult' and requires :lIal, by default, only pe rSOna l da ta th at are necessary for a
speCIfic p~ r pose are to be processed. It further requlre~ t h ~t by default 'pe/sonal data
a.e not m ~de a~cessible:o an indefinite number of Individuals' .
•
At Fa cebook, the recomt':1ended Initial account seWng, are chose n to alTow peop le to
ea l llv find and connec t wit h tftel, friends whi le protect ing more le"s,!ive in formnion.
More importantly, with the Inline conlrol, Intro duced in August 2011 , peop le are ah! e to
choose their privit~y settin,s each ~no every time they pOSI conl ent by deciding the
audience 10 whom il ls vi ewlllle.
Facellook allo Ileliev!s that se tt ings shou ld be age-appropriate . This Is why special
limitations are in phtce for uleu under the ~se of Ig. These automatltllly limit the
under 18's sha rlns to a much sm~lIer sullset of people, which substa ntia lly reduces Ihel,
vlslllllity. Under lBs ilso cannot have pullli~ ~earch listings, so :helr profiles do not show
up 1~ pullllc search engin es unt il th ey have lu rned 18.
Fac ebook therefore 5uggU tS t hat thi S provision I~ revisited 10 take Into account services
Ihtlre e~preuly designed for the Ih arlng of per~onal d~u . such as $CClal networking
sites. Th e Re gu l ~tjo n sho uld have relpeet for th e context In which data is colleCleo and
procused.
4. ChJ.!1kt.!!.
hcellook broad ly supports the specifk pro posals ;lfOUnd children Ind eau
pro tectio n and $ugge$ls that a hl rmorllzed definition of I child for rhe purpose of
doto prQ cesslrIIJ Is SIt at uncler 11.
FacebooK b~lieves that Internet services should Ile desi,ned In an age·appropriate
Our p,e sent policy Is thl! yo~ must be 13 to have" flCebco k account and
t he,e ale d ifferent privacy set:in,s in pl.ce for users aged Iletw!f'n 13-l7 IS
t!escrilled' above.
w~y.
The Regula ti on defin es a "chi:d" as Ile ing ~nyonl und er lB. F~, e book quest ion s wh<!llIer
"gene,al definition is .pproprlale In the context of this re&ulation and wh elher this is
th e approp ria te aG e in re lation:o da ta processing of a chi ld In all conte-a. If th e
deflnilion Is to rl!main In the regul'lion facellook would recommend' ha,rnolliled
definition of a childfor Ihe purposes of dO l a prrx:esslng, set al th e ag l! of unde' 13. in
line with current practices.
Facellook welcome s the specific prOYlSiOIl ill Article 8 th at for onll ne services paren ta l
cons ent is only requ ired for chi ldren under 13. Under {he sam e provision ·verifiilllle
pa 'en: ~l (o"sent" is reQuired "taki ng in lO consideration availallle techno logy" Although
helpf.Jl. ill s stili unc lur In what form verifi able consen t sllo", ld "Ke lino this isleh to be
defined Ily the iu,opun Commission ill i luer dlte. Facellook believe <thlt many
inno vat ive so lu:lol15 can be fOlind for challen,es on Ihe Internet, including the provision
5
of parental con~nt.. and would therefore wish to ~ee the~e provision, implemented in
such. way that they ellcourage rather thin !Imlt this innovation.
Facebook supports initi<ltivu aimed ilt providillg children with specific educational
ma te rl.1 using simple I"r,guale. e ~pl';l'Iinl the privacy pol icy and ",mpowering them to
live informed consen t about th e protenin, of their dau.
be IOf1Ql!!!l..
The ri&hll o be lor,onen needs very nrelul consld ~r'lion. As drll ft ed, il raises major
conearns with re, .rd to the fl l ht of others to remember and of fr eedom of expre u lon
on t he Illte rnet. There Is aiso a risk that It could resul! In measures which are
A ri,hl
technlu lly Impo ul ble to apply In praC1k e and there fore m"ke fot bad
b, lance shou'd be foune! between datalubJert's . is ht to ,et their d aU deleled, the
fund.me ",il l n,hts of other Indlvldua ls.nd the fuli\)' of Ihe enli ne environment.
5. HOlM to
'''1' .
i he pro posa l pre scribes a ,ight for people to have the ir dall deleted IInd also requ ires
data (onlrollers, to take 1111reuon<lble steps. 10 obt"in e.asure 01 content copied 10"
third plrty website or a ppli~Jllon. It Is ImpClrtant to differenti ate between three quite
different asp~cts to the 'right ICl be forlotten' :
The pm Is how peop le who have posted perSCIna llnformJ tio n online can la ler
delete Ihl1lnlClrmatiClIl. Fa ceboo~ believes thlt thi s i1 ~ righ t peo ple ~ho~ld have
81 any time I nd the ir decisi ons shoy ld be com pli ed with in d rn pecled. TIlII b
some thl n, that Facebook alrudy offe rs - ys.trs can de lete individual items of
conlelll they have posted on :o the service including their w~.ole accoynt "I illly
time.
Th e suond rela tes 10 the provlsion ytlder Art ide 17(2). which woyld require
delet ion 01 dala that hils been copied to iltlother urvlce . Such obligations are
ullreilsonabte and not feaS ible tor services li. e Filcebook since we cantlol control
data that has been copi ed to an ot her servic e. In ord er to meet such obligat ior.1 It
wClu ld mun Ihll service providers would be obliged 10 'monitor' peoples'
IClivhles acr01S Ih'" I~ternet. FaceboClk 's strurtglV concerned th31 il could also
lu~ to :he interpr~tI:.o'" that hlermediarv services could be cons idered
res ponsible for erasing any c:o nlen! relaled to Ihe da~a subject th at req~;e$n it.
Thi , is techn ica lly Impossible and di re ct ly confl icts with th e way the In tern et
works and how Ihe currenl liability Ilatus 01 Inlermediaries Is designed.
Th e th ird Is the Idea that you can insist that Information llial o~hels have posted
about YOy be de leted ·thi s is partlcu lar lv contentious, It is ti el r that th ere is a
potelltial conflict betweelllhe right lor people 10 upress Ihemselves "nd the
6
pdVl()l rights of othe rs. Facebook urges poli()l mahrs to co"slder fully the
implications 0" the open In terne t .nd persor,~1 expreuio" .1 they determ i"e the
ri,h! bal.",e. The ddi"ition of freedom of exple~sio" cont.lned in Mlcle 81
and !u"her clu;fied in Redt.1 121 Is defined quite n.rrowly .nd should be
ext ended to cover for en mple mere exp resl.ions of opinion, user gener at ed
conten t ilnd mor e gene r. lly recognise th e naw re of new form$ of
com munication such IS bloUlng and sOda l networkin g,
Fin ally, the debate on the ' right to be fO'IOlten" affects a num be r of Internet se ..... icu.
whic h rely on use r·gene ra:ed conten t, This inue Is nOt unique to hcebook or social
networking. Policy ma kers should lake Into ilCCOunt the "right of others to remem!J.ef"
ind reach' balanced conclusion which respects freedom of upreulon .
6.
~!lI!H..ffi
Users sho"ld be able to eurclse conlrol o~e r what personal diltil companies collect
from them . nd how they "n it but t he requlremenl for consent sho" ld not lead 10 an
overly disrupted or disJointI'd Inlern et expe rience.
The Regr,illlion provides enhanced requlte ments when controllers rely on d~tl sutject
consenllo lesilimlre data proceuin,.
It is im po""nl to kup in mind th al service5 lik e Facebook I re de si gn ed for peopl e to be
~b le to connec t and ~ hare inform ation. The a ud it .; onducted by Ih e DPe itt the end of
ZOll determined that in th e t,lIe of J soel, l ne twork. a u~er provldu con5ent upon
registering with the se ..... i:e. Furthermore. Face bock pro vides e~t enslve informat ion on
Ihe site aboul how Infcrr.'I3tion is used ilnd people unde rstand how the servi ce worb. In
addit ion, users need to provide their specific and eX>""5! con5ent 10 developers at Ihe
time when Ihey downloa :l a new applicallon.
Th e highl y p:escrlp li ve nal~re of the requirements for connn t contili.,ed in Articles 4(8)
5(2) and reclt, I 25 could ~otential l y r equ~re mor .. intrusive mec ha nisms to Isk for
con5e nt for specifi c It:t ivi:ies, Th i5 c~rr i el tn! risk of in"nd3tlng user,S with tick box es
and warn ing! As well ilS ~tfect i r., the us!' expe rience, thiS inevitably will lead to it
potenl . ~1 'dt ... I~ation· of troe prirciple. and may make it I'.lder for ustrs 10 ma<e
judgrrents Ibout when I1 is approj:ri.te 10 live consent or withhold il.
Facebook urges poll()l ma~erl 10 con51der fully the implications ef s"ch overly
~relicriplive provisions rh a! would hilve in adverse effect on u5er-experience and could
ri sk und ermi ning the object ives 50",hl,
7. Secur ity I
O~la
Breach notifjmlon
7
Conlumers should h~ve ~ rilM 10 secu re and respon si ble ha nd linl of pe rso nal dlta
tho~ , h there 15 iI rl5k th~t the overly pr uc rlptive nature of th e Re(ul"tlon cou ld
crea te 3 leve l of bure ilucruy thit distracts orcanlliltions and relulnors from
uhievlnc the principII ob/ectl .... of nwr lng persona l diltl.
facebook takes th~ 5~wri ly of Its IlSers very seriously. The OPC commenceo Filcebook
on its onBoing focus on the proteClion Ind security of user d.Jl• . It acknowledged thl!
Facel100k ma~e5 IMova "ve use of tech nology to iden tify un~ s ~ 11 or susp icious actiyity
on an acco unt , Faceboo k be lieves that policy makerls hould recogn ize innova ll',e
ip]:lr<)lChes to secur ity. for e_ample Filcebook OIro mptly w"rns users if their itccount hlls
been tompromi!.ed. It allows .teen to the last 10&-11'1 ilttempu , nd providl'$ users with
one-time pilSswords when the y log in from unS<!cured locatioi'll. We work closely with
a n~ l ystS, engi neers, fraud e_ pe rts l nd security investigators to prev ent abuse, defut
crim ini ls and help mil lnlitin Fi Ce!:.ook is I trusted environment .
Facebook is con cerned about the overly prescriptive nat ure of the proposed secu rity
provi sio ns and ques tions wh eth er they ildd il nythin, 10 actuaHy enhancing SKu rity.
Under Ar ticle 31 datl bruches must be not ified to Ihe relevllnt DPA where fusible
within 24 haurs. The DPA nOl lfiU lion requirement Is an absol~te requirement, wh ich
mean s that. ;n the ory, ev~n the mo~t min or bre ad'le s must be re ported to th e DPA.
Facel!ook Is concerned thalth ls will nOl l llaw for effective priorill.at lon of the most
serious breaches. The obligations also cont"in prescriptive req ulremena for Ihe
provision of informUio n to th e OPAs. wnr~h creat es an . ddit ional laye r of b u re au.r l~y.
Furthermore, then require ments will force OPAl to redirect rtlaU rCl'S away fro m
pr ivacy e nforcemenl and towilrds Ihe procenlng of notlfiC.lli('lM. Thi~ new obligat ion,
imposed with 1'1::0 regud 10 the scale or Impacl of the breach, will likely neceSSit ate the
provision of at:!d il lonal fun~in, to OPAs. In the ab sence of such governm en t fundin g,
OPA's may not h've approp rille resources to promptly du i with the!.e continua l. a nd
often de m/nimus, not ifications IInd this would undermine their effecti~neS5 and the
confidence in their role in ensuring th at data <ontrolleno properly har,dle Important
personal dala bre ac hes,
S'MiTa,'y, ur~er Article 32 oata bre ac ~es r eee' to be notifIed to da~a $ubJects where the
creach Is likely to adversl'lv affect the personal data or privacy of the data subject. In
th is instance. th e no tification mus t be made wlthout undue de lay. Th is provision ra i!es
the same conce rns as In Art icle 31 namely Ihat, the 24 hour dead i'ne is too short, the
in formatio n to pfovld~ 10 tile da ta subjeet;s extensive ind the Ihe doti breach i$ nOI
elearly defined .
f urthermore, l iven the b-o, d defini tion 01dilit subje<:ls ir. the regu l;!tion th ere;s a risk
that Flceboo~ WOY!!! be obliged to Inform all users who have ' ' 'e ssed a ~ . ge, group or
,
plofile Ihat has been compromised. In order 10 avoid such ~ co~lly and cumber~ome
pr(l,e~~. facebook ~uggesls Ihal the s,o~e of Ihis article i~ narrowed down.
8. Inl etn/l!IQnllJtllt!r.!!l1ful
Progress hiS been made on the International ~aU transfer front. But the Regulation
fails to re~o,nlle the Safe Harbor ilnd ~reates severill requIrements thilt wi ll be of
(on~ern for Inte'~ti(l n al orgiln intions.
The Regulltlon only allows data transfen outside of th e HA if thOl
Art icles 40-41 lie complied with.
con~ltions
set out in
As with the umenl DireCli"e, transfers to non·EEA territories with In adequacy finding
"e permItted . Under A41 (3) ,nd (S) the Europun Commission can decide Ihill a
country, bUI also, an organililtion (Ior e~ample. iI private company) does not meet the
adequale level of prOIKtiD<l. Filcebook urses policy makers to amend thIs provisio~ and
exclude international organitatlons flom Article 41. The (Ulfe nt practice is that a DPA is
re sponsible for dec iding th e adeq uacy of a priv ue or,an llation to exec ut e Internati ona l
transfe rs and this shou ld rem ain the case.
To ensure Ihe complian(e ot Its Iruern,lI!ional data transfers. Fatebook employs differen:
mechalllsms Including: users' consent; strong dilUI tra nsfer dauses III Its data processi"g
ag,~ement; and also rel ies on the EU·US Safe HarbDr Agree""ent. FilC1!book regrets the
fact thal the regulllion does not make any refe rence to this inst rum enl, which has
he lped many 5tart·up compan ie5SrOw and offer th eir services to mor e people in Ir.!
confidence Ih a llheir legal obligations ~re met facebook has for a Ions lime fully
ac~epled Its responsibilil'{ to Its UH'S in Europe and pa"kipil ted in the EU·US Sa:e
Harbor Agrl!'emenl for da ta processing for sevelal yurs. This was a cood way to meet ilS
obligations 10 protect th e privacy rights of users in Ihe EU before il had ils operaliom
wel l established In Europe .
Fa(fboo~;s also concerned about the extra layer of bu~ eaucracy, which Is crutec b';
the req~ ireme nt unde r ""titl e 42(4 ). Th is refer~ to the situ allcn in wh ', n the c on:fa~t,- a l
tiauses intiuded In the data processing agrl'emenl are not s:anda,d and the controller is
re quired to ,et the prior authori"tion from the lead ilulhorily (Article 34), or from Ihe
European Dal' PrOleclion Bo.rd (Arlicle~ 57. 58).
fina !ly, Article 44 specifi"s Ihe derogiltions from the general prohibition en international
data t,ansfers , The data transfer will be autho riIl'd if (1) it is bilsed on a legitimate
in lerest of Ihe ~ontroller or pllxnsor and (2) the transfer cannot be qualified as
frequent or muslW'. ant: (3) Ihe controller or procenor hn asseued alllhe
tir(umSlanceS ""d ~ddu(ed ilp~ropriMe s~feBuardl with rupe(t 10 t~ e protecllon of
9
per lo nal da ta, Wh ilst thi s is a pO$ itive development, th e rele rence to "not being
frequent Or m,n b,e" is unht lpfullV vague and subjective an d re du~u the potenti . 1
beneficial effect of allowin& Ot&anizations to determine the appropriate safeguards that
mav otherwise leJilimil(' an int ern ~tional dau transfer,
9, ~jl nctio D1
The high levc l of potentlil l silnctlons for bru~hel of the Reguloltion risks tum ine
relations between complnies and reeulltors Into iI com~tive one ilnd miy
un dermine the Ince ntive of Inte rnet comp il nles to Invest In the EU,
The new prOPOSil' ha~ a re&lme that Includes very harsh fines for bl uches of data
protection law, These cl.'uld be ilS high ilS 2" 01 the cloba' r~venue of ill commercial
ent erpr ise,
flcebook is concerned tha t the magnitude of potentl.1 fines will create I disincentive
for innov ation ilnd ilsscx:iated Job creat io n . mon& internet service compilnies. This could
be a major blow for the turopu n Union liven thalln e In ternet sector is widely
recog nized as the major driver of jo b ue atlon and growth in an otherwis e moribu"d
economic environment.
Moveover, it shou ld be borne In mi nd th ' t the level of pot ential sanctions might create
a dl~lncentive lot o.,e n . ng~g.me nt by com~anies with regu lators. Face boo k' s
Interaction with the ()f'( and other regulators across the EU has shown thal a lot can be
achieved through Optn ilrld tran1parerl t dia logue, eve n en difl ltulllnue$. Irish datil
protection law, al present, obllge~ the ope to see~ an amic able reso lution to d~spu tes.
This ap pro ach, with its fOCU i on developing solutions and Imp lementing bes: prac tice, is
partkularly benefiCial when grappling with the data protection challengu whien flow
oul of technological ;nnoviltlcn. A regime Ihat threlt ens bUSinuses with such heavy
fines would imperii this cooper at ion and drive ~eople aw ay horn an open relationship
with OP Al. Ultimate ly Ini, will not de liver privacy be nefits as effect ive ly a~01 less litigio~\
modrlli kely to be engendered bV the proposed sanct iOnS recim es. The proposed regime
will Jj~ ely lead to 'ength) cou rt cases, pc:tenllally al censiderah!e COlt for the state.
10. Powers ot th~ Commllslon to extend the; Regula tion
Proposals to Crant the Commission wide-ranging powers to extend th e Regul ation
shou ld be consider ed carefully.
The Regula ti on Incl ude! 26 insta nces wnere th e Commiss:cn hal granted Inelf the
power to extend the Reg ulation by ad op tin g del egated acts in Hco rda nce with Arti de
86. Faceboolt is concerned !hi! this appro~c h mlsht com:lromises the level of legal
10
(~lJS
ctrt~in tv
.fforded bV the I'I tBula tion Ind (ould undermine the legislat ive compete nce!
of the Eu ropean Plrliament and th e Cou ncil of the European Union.
fa(ebook urges P'Olicy ma~en to ensure gruter certain ty bV design;"B the proce.. is
trimpa re nlly as poss ibl e and give Ihe opportu nity to the Industry and ot he r
$llkeilolders to piul,lpate In It.
hcebook Ireland
10 March 2012
11
Note of Meeting with Facebook
Attendance:
Faceboo k:
Civi l Law Reform Division: Seamus Carroll ; Noreen Walsh.
Date: 2 May 2012
Subject: European Commission Proposa l for a General Data Protection Regulation
Mr Carroll explai ned that discussions on the Proposal for a General Data Protection
Regulation at EU Working Group level were progressing slowly. Dependi ng on
progress made during the Cypriot Pres idency we wo uld hope to seek to achieve
agreement on some aspects of the Proposal during the Irish Presidency.
We launched a public consultation process on the Proposal in March.
Mr Carroll explained that there are a number of impo rtant issues that need to be
clarified during the discussions on the Proposa l as fo llows:
(1) Definition of persona l data - there arc conce rns that the proposed defin ition is
100 broad; any reference to a person appears to be personal data. Based on the
definition and the recitals it appears that context is impo rtant in determining
whether or not data is personal data e.g. an IP address is not personal data per
se but in certai n circumstances it can become personal data.
(2) Scope of the ' household exemption'. The meaning of <gai nful' is not clear, in
particul ar it is not clear if it is onl y monetary reward or if it is broader. Mr
Carroll raised the question of targeted advertising by Facebook, in particular
the question as to whether Facebook remains the data controller in the case of
targeted advertising.
exp lained that an advertiser would indicate
who they wished to target; Facebook would tell the advertiser how many
members fall within the target audience; the advertiser will never know who
the recipients of their targeted advertising are.
(3) Requirement to have explicit consent - there are a number of concerns in
relation to this issue in particular that th is requirement could result in reduced
protection arising from 'click fatigue'; consumers may simply click 'yes' to
everything. In this context the Commission is anxious to distinguish between
contractual and non~contractual situations; the issue of consent does not arise
if processing is based on a contract. In this context
. ~~ ___ said that there is
a contractual relationship between Facebook and Facebook users.
wondered what happens when the terms of the contract are revised; Facebook
are concerned about what should happen every time they add a new
fea ture/app lication. They are concerned that they will have to seek consent far
more often that is reaso nable in the context of a soc ial network site.
(4) Profil ing: the Commission is proposing much stronger controls in relation to
profi ling; profiling is usefu l in some contexts but there are also concerns that
in some cases it can be damagi ng.
exp lained that Facebook does not carry out profiling; it does not
follow people around on the web or look at search histories; what it does is to
use infonnation provided to Facebook but if a person 'l ikes' a particular page
on Facebook it will be taken into account. If a Facebook user sees an
advertisement that he/she would rather not see he/she can block it.
(5) The meaning of the right to be forgotten will need to be clarified e.g. how it
will operate where data is no longer under the control of the data controller,
how it wi ll apply to public authorities, etc .
. indi cated that the scope of the right to be forgotten is of concern to
Facebook. Facebook has no problem removing personal data posted by an
individual about himse lflhe rself within Facebook over which they have
contro l but there are difficu lt ies in relation to data posted by others and data
cop ied onto third party sites over which Facebook has no control.
(6) There are enforcement issues in relation to the proposed territorial scope of the
Proposal.
More generally Mr Carrott expressed the view that privacy by design and
anonymising data should be encouraged and there shou ld be a greater emphasis on
risk assessment than on size of organisation in the Proposal.
. indicated that Facebook would have concerns in relation to the large
number o f delegated acts provided for in the d raft Regulation; this appears to defeat
the objective of replac ing the 1995 Directive with a more detailed and co mprehensive
Regulati on.
Noreen Walsh
Civil Law Refonn
2
Update to Facebook's data use policy
11105/201217:16
-
-
.
~ - ..
- --. ~" - . -
This message has been replied to.
Hi Seam us
I hope you've had a good wee k. I wanted to let you know about proposals
for updates to Faceboo k's Data Use Policy (aka privacy policy) which have
just been made public.
We are making improvements t o our Data Use Policy in response to
feedback from users and the results of a comprehensive aud it of
Facebook's international HQ, Facebook Ireland, recently undertaken by the
Irish Data Protection Commissioner. The audit concluded overall that
Facebook has a "positive approach and comm itment ... to respecting the
privacy rights of users" and encouraged us to enhance our Data Use Policy
to be even more detailed about how we use information.
Today we're pro posing improvements that respond to this feedback.
We're adding more examples and detailed explanations to he lp users
un de rstand our polici es. For example, we include additional t ips, marked
w it h a light bulb so users ca n find them easily . We've added new links to
our Help Centre. We created a new section expla ining how we use
" cookies" and similar technologies and updated the corresponding
explanations about cookies in our Help Centre. We also provide more
information abo ut how we use data to operate Facebook, to advertise, and
t o promote safety and secu rity for Facebook use rs. These examples and
expla nations are desig ned to help users understand what the Data Use
Policy mea ns in eve ry day practice.
In t erms of process, Facebook ' s new draft policy will circu late through our
sit e governa nce process. We have a t ranspa rent process f or proposing
updates to our govern ing documents. We post changes for not ice and
com ment before they become effective on the site. If t he comments reach
a certain threshold, use rs have an opportunit y to vote on t he changes. Our
users will be notified about th ese updat es from an annou ncement on t he
left-hand side of ou r home pa ge or from a megaphone announcement on
mobile devices.
The changes bui ld upon the privacy policy format we rolled out last year.
Facebook thinks we've struck the right balance with our layered, flexible
f ormat. You can get the most important information up f ront and then drill
dow n if you w ant more details in plain English.
For more information about tod ay's rol lout, you can f ind our blog post to
user s here which includes a li nk to deta il ed information and a st ep by step
guide for users.
And of course, do not he sitate t o let me know if yo u have qu est ion s or
concerns . I'm happy to explai n more abou t these change s.
Many thanks.
._"._._-. ,"_._,"-
..
F~ 1
:
1
- __ J
Re: Meeting with Facebook ~~:
~~('l:;:1US s . C,,;moll .,' Pau l. O'Brien
02/02t201 2 13:47
(, :
bLC: Noreen X. Walsh
Paul,
I am happy to attend.
Regards
From :
To:
Paul.
"$eamus S. Carroll"
Cc:
Daie :
S ubje;;:c,-t_ _
Meeting with Face;;:b;;:o;;:o'-k_ _ _ _
02/021201212:25
Hi Seam us, Jane,
Arising from a meeting between Facebook seni or management and the
Taoiseach in Davos the Taoiseach promised to facili tate a meeting betwee n
- .. I wi th Facebook, a nd with Minister Sherlock and
relevant officia ls from D/JE I and D/Justice to discuss both data protection
and copyright legislation.
This meeting has been arranged for 7pm , Thursday 9th February in Ihe
Sycamore Room in Government Buildings.
Seamus, can the Depa rtment send the most appropriate officia l?
Jane , either you rself or Tom may wish to attend on beha lf of the Minister.
Best regards,
Pau l
Paul
•
:'a Roinr. a n Ta o: s:gh rr_eaite a r sel. lbi",i s p.~roif isiunta ,
eifeachtach agus ch''::'irteisea c h a sho1atha::: dar
gcustaill'.ei:::i go 1ei::: . Chun a:nharc ar an Cha irt do
Chustaii..eiri , clice a~ l ar
ht tp : 1 Iww·....· . taoise ach . gov . iel 1 i::: is h/i n dex . asp?do cIO-l 763
Is le haqhaidh an duine
~6
an aonain a r seolad h d6/di an
t - eo l as a seachadadh , agus d'fheadadh abhar fa oi run
ag'..ls/n6 abhar faoi ph:::ibhleid a bheith ist:"gh 1ei5 . Ta
RE: Proposa ls for General Data Protection Regu lation
Noreen X. Wa lsh
History:
Th is message has been lorwaraeo.
09/02/2012 17 :19
_._--_._--_._ ----
--
Noreen,
Apo l ogies '::0:: n o t getting back to you - I ' '''e fonJardee the IT.essage to
Google (omd wi ll fol l Q'.... up wi th t hem by phone tomorrow to confirm) . ! ' m
waitir:.g on c o ntact details for Facebook, but I ' l l h a ve Lhose in the Dorn in g
also a nd ·.... ill deal with them then .
1'11 confirm both of these ·...,ith you via e:r.ai 1 i n the mor ning.
Regards
R
-----Original MessageFrom: Noreen X. Wals h
Sent : 09 Feb r uarv 2 01 2 14 : 28
To :
Subject : ~roposals tor General Data ?rotection Regulation
Hi Richard
I am ·.... onderi n g if your Departme nt ~as decide d to cor:.sul t i n relation to the
Dat a Prot ec tion Re qulation or if you wi l l give us contact detai l s so t hat
we can do the necessary consultatio n ?
Regards
Noreen
N::n:een i'lalsh
Ci vil :' a·.-/ Re ': o r :n Di vi sio :1
I s le hagh aidh an duir,e no an ei:1titis ar a b t":. fu i l si di.ri.t~e , agus l e
haghaicih an d'..line no an ei ntitis sin aDhain, a bheartaitear a n fha i sneis a
t archu':':rea::ih agus feadfa idh se go bhf u':' l a::,har fa:)i r(;.:;. agc.s/n6 faoi
p~ribti l eici i n ti . Toirmisc t ear ao:l. a th bh:rei t hniu , ata:rchu :r no leathacih a
dheanar:-.h ar an bhfaisr.eis sea , aor, usa i d e il e a b:'1aint aisti. no aon ghniomh
a dheanamh ar a hi:):1taoibh, ag daoir.e no ag ei:l. ti ;: i s seachas a n faigr.teci r
beartait r.e . tIJa fuair tu e sec t ri dhearmac, teig h i dteagrr,hail l e is an
seclt6 ':' :::, :" e do tr.oil , agL:s scrios an "[-abhar as aon rio:r.ha ire . Is e
bea:r tas !"":,:;. Roinne DI i a gus Cirt ag 'Js CDm~ion':;'-.:l.dis, na nO i figi a;us r.3
nGniomhai reac hta'.. a usa.ide ann sei:rbh i si Tr" na Roin r.e seoladh abr.air choluiJ..
a dhicheadu .
Mas rud e go ~easan:l. tu g ur abha~ cc lu il a t a san a~ r. ar ata sa
teacht ai:r e ach t: sec is c ear t duit du l i d t eag:-:\~ai l leis an seo:"t6ir
l ai threach agus le :nai lminder [agJ j us':.ice. i e cnor:-.h mai th .
The i nfo:::IT.ation transIT.it te d is i ntended on ':' y : or the p e:::s on or e:1tity to
•
RE: Proposals for GenfH;:I.1
n.:.t", D~ ... to.r.tion
Regulation
10/02/201 2 11:12
Cc: "Noreen X. Walsh",
Seamu s ,
Tha n ks for t hat . I ' ve confirmed '.... itr. my cor.tact fr oIT. Googl e . She i s g oing
to dis cuss w ~t h m a~a gem e n t and will revert to me be:o re c l ose of play today
to l et me know if they will be maki:lg a scbm ~ss ion .
Re gards
R
---- - O=iginal Message - - --From: Seamus S. Carroll [mai l '.:.o
Sent : 10 Feb r uary 2 0 1 2 09 : 4 4
To :
Cc : Noreen X. Walsh
Subject: Fw: Pr oposal s for General Dat a Prot ect ion Regula tion
Richard,
Facebook met with the Minister yesterday and will ma ke a subr.,ission to us
on t he DP pr oposals .
Rega r ds
Forwarded by
From :
To :
Dat e :
Subj ect :
:012 0 9 : ';'2 -----
No reen X. Wals h
Se affi'.lS S . Carro l l
09/02/2012 17 : 22
fw: Proposals for General Data Protection Regulation
=0::- info.
No ree n
Forwarded by Noreen X . 'i;a lsh.
From :
To :
Cc :
Date :
Subj ec t :
" Richa r d
" Noreen X. Wal s h "
"
0~/U4'LV ~ ~
... _ ' >:j,-,v •
..t. e>
~, . ~~
RE : Proposals :or General Data ?rotect:on Regulation
Noree:1,
,
Apo lo gies for not ge tt i:;g back :0 yo u - I ' ve f crt~ard.e d th e me ss age to
Goog le (ar:.d l'>:i11 fo 1 101.... ut' \·d c::h cher.. by p~one tor.-.crr:o·. . . tc con:irrr. ) . I ' IT:
waitir:g on contact details fa::: facebook, but !'l': have those i:1 t:-te mor:ling
also and ",.ill deal with them ther. .
I'll conflrm both of these wit.h you vi a e:nail
~n
t::'e n orning .
Regards
10
_._-_
Re: Fw: Bri efina for meeting with Facebook on 9 Februal)' ,- "1
-
I: Noreen X. Watsh
This message has been replied to .
History
- ---_._._ -
..-...
1310212012 10:55
Thanks Noreen, w ill be in touch about date for meeting with Faeebook.
Anne
Anne Farre ll
A nne Here is the briefing note Sea mus prepared f..
From:
Noreen X. Welsh • • • • • •
To:
Date:
13/02/2012 ' U:4~
Subject_'_ __
Briefing for~ g w~h Facebook on 9f ebruary_
y w:
1310212012 1oA.il05
__
Anne
Here is the briefing note Seamus prepared for the meeting with Facebook. It is probably too detailed
for your purposes but you may be interested in the first 5-6 paragraphs.
Regards
Noreen
Noreen Wa lsh
Civil law Reform Division
---- FOrNarde d by Noreen X. Walshl
From:
To:
Cc:
Date:
~
S~
"~
bj~ec
=t~
,_
Seamus S. Carrol
--- - ..
·_ ~' ,.... r
08/02/201213:23
_ _ • Briefin!L!.~~~eetinQ with F ~c e~ook on 9 F e bru ~2:. _ _ . __ . _ _ _ _ ._. _ _ __ _ _ _
[attachment HBriefing for Minister - Facebook meeting .doe"
•
·--..,
. :::"':-..)
'~j
Re: EU Data Protection regul ations - more detailed
perspective [:,
07/03/201214 :23
Jlook forwa rd to recei ving your paper. Perhaps we can meet up next time .
Regards
From:
To:
Date:
"Seamus S. Ca rroll"
07/03120 121 4 :17
S u bj e2c~t___ "__" ~e:
EU Data Protection
reg u l a tio~m~_e_de l ailed
per"'"p"e2cC
ti C
'e=-_____
That ' s a shame . Un f o r t u na t el y I ' m o n ly in Dubli n o n 1 4
an d 1 5 . We ' re
f in a l is i ng a p£per se t ting our F'aceb o o k ' s v i e\~ s on t h e
p r o posals ·...·hic h I
'l'Ii ll s e nd t o you at th e en d o f this ·"'eel<: . Hopeful l y
us e fu l fo r YO'.l r
me e t ing i n Bruss e l s .
Tha nk s
On 3/7/12 2 : 10 PM,
" Searnu s S . Cil. r ro l l "
>
> U n fort u~ a t el y I wil l be i n Brus s el s at a m ee~i n g t o
di s c uss t h e d a t a
>pro t ec t i on propo sa l s o n 14 t h and 15 t h ; \or'i l l b e he n~ on
1 6 t h i f t hat sui t s
>you .
>
>Re ga rds
>
>
>
>
>Fro!l\ :
>Tn :
e>
>D a t e :
07 / 0 3 / 2012 12 : 37
>S u b j ec t :
EU Da t a ?= otec ti on r egu l atio n s - mo r e
detailed pe r spect i v e
>
>
>
>E i
Seamu s
>
>I a.n g o':o g to be i n Du)Jl.i n next "'"e e :<: fer a cO\J p l e e f
d a y s a n d if
>c o nven i e nt
>I ' d l ike t o c atc h u p 'd i t h yO \J t o d i s c uss more deta i l e d
as p e ct s o f t h e
>d r af t
>D P regu l a tic-n f oll o wi ng o u r meet i ng wi t h you and yo u r
Mi n is te = la st ~ o nth .
>
.'
;
>Ar e you ava il ab le on the mo rning of 15
>
>Many than k.s
~a=ch?
>
>Desc~ iption : Description: Description :
oid: image001 .cna@ OlC8F888.8FCC£630
Lod Ireland I f acebook
>*~*~.*
•• * ••••••• ~ ••• * •• *.* ••••••••••••••••••••• * •••••••
** • • ** •••• * ••••••••
>* ...,. •• * ••
>15 le hagha idh an duine n6 an eintitis ar a bhfuil si
dirithe , agus le
>haghaidh an duine no an ein t itis sin amhain , a
bheartai tea r an f haisneis
>a tarchuireadh agus feadfaid h se go bhfuil abhar fa01
r un agus / n6 fao i
>phr i b hl e id inti. Toi r misctear aon at hhh r e i thniu ,
a tarc hur n6 leat hadh a
>dheanamh ar an bhfaisneis s e o , ao o usaid e11e a bhaint
aisti n6 aon
>ghniomh a dheanamh ar a hiontaoibh, ag daoine n6 ag
eintitis seachas an
>faight eoir beartaithe . M~ f~air tu e sec tri dhearmad ,
tei9hJ. dteagmhail
>leis "/rl seol t 6i r, l e do thoil , agus serios an t-abhar
a s aon riomhaire .
>ls e beartas na Roinne 01i agus Cirt agus
Comhionannais , oa nOi f 1gi ag us
>na nGniomhaireachta i a usaideann seirbh isi TF na Roinne
seoladh a bh ai:!"
>ehol~il a dhicheadu.
>Mas :!" ud e go measann tu gur aohar colui1 a ta san Abhar
a ta sa
"
>t eachtaireacht seo is ceart duit duI i dteagmhail 1eis
an seolt6':"r
>la i th re ach agus le rnailminder[ag]justice .ie chomh
ma i th.
>
>The information tra nsmitte d is intended on l y f or th e
pe:!"son or entity to
>wh ich it is addressed and may co ntain confidenti al
andlor pri vileged
>m~terial. Any review, retransm':"ssion, dissemination or
ot her use of, or
>taking of any action i~ reliance upon , this infor~at':"o n
by pers ons or
>entities other than the intended recipient is
p r ohibited. If yeu r ece ived
>t his in error, please contact the sender and delete the
ma t erial fro m any
>comp uter. It is the policy o f t:he Department of
J ust i ce and Equali t y a nd
>t he Agencies a nd Offices using its I T services to
di sall ow the s endi ng of
>o : fensi ve material .
>Shoul d you cons i der that the materi a l co .. tained in this
me s sage is
•
Cc:
Dale:
Subject:
03/041201 214:22
Major developments in the data protection fie ld - Developpements majeurs intervenus dans [e
domaine de la protection des donnees
---.::======~.-----Mesdames, Messieurs,
a
Nous travai1lons actueIJement la preparation de la prochaine reunion pleniere d u T-PD qui aura lieu
du 19 au 22 juin 20 12 Strasbourg et sur les documents qui vous seront soumis cette occasion.
Je vous serais recon naissante de bien vouloir nous informer des que possible des developpements
majeurs surven us dans le doma ine de la protection des donnees dans votre pays depuis la derniere
reunion pleniere du T-PD qui s'est tenue du 29 novembre au 2 decembre 20 11. Vas envois seront
compiies dans u n document figurant a I'ordre du jour de la pleniere du mois de juin.
Grand merci par ava nce de nous faire parvenir votre contribution avant le 16 mai 201 2.
Cordialement
a
a
Le Secretariat
Dear All,
We are currently working on the preparation of the next T -PO Plenary Meeting which will take place in
Strasbourg from 19 to 22 June 2012 and on the documents which will be made available on this
occasion.
I would be grateful if you could inform us. as soon as possible . on the major developments in the data
protection field in your Country since the last T -P D Plenary which was held from 29 November to 2
December 201 1. Your contribution will be included in a documen t mentioned in the draft agenda of the
Plenary of June.
Thank you very much in advance.
Best regards
The secreta riat
>
13,
•
Fw: Major developments in the data protection field - Developpements
majeurs intervenus dans le domaine de la protection des donnees
Noreen X. Walsh to:
- -
__
~,.~,
__
~~ .
-..,.,.,,-.....,..__.
.
I
03/04/20121 4 :26
."... .
,~._
•• ....,..,..."
UU
po
Gall'
See e-mail below from the Counci l of Europe. Is there anything you wou ld like to inc lude in the
document on major developments in the data protection fi eld since November 2011?
Regards
Noreen
Noreen Walsh
Civil Law Reform Division
.,. • • •
~,_._-.
__
Re: Major developments in the data protection field - Developpem ents
majeurs intervenus dans le domaine de la protection des donnees !
Gary .
History:
0: Noreen X. Wa lsh
03/04/20 1215:32
This message has been replied 10.
What so rt of things get reported on to give me an idea as obv ious ly we concluded our Facebook
Irel and audit report as an example?
Noreen X. Walsh
••••• Origina l Message •••••
From: Noreen X. ~al sh
Sent: 0 3/04/2012 14: 26 GDT
To:
Subject: Fw : ~ajor de velopments in the da~a protection field De v eloppe~ents majecrs inte rvenu s dans le domain e de la protection des
do nn~es
Gary
See e·mail below from the Council of Europe. Is there anything you would like to include in the
document on major developments in the data protection fi eld since November 20 11 ?
Regards
Noree n
Noreen Walsh
Civil Law Reform Division
<.
IS
Re: Major developments in the data protection field - Developpements
majeurs intervenus dans le domaine de la protectio n des donnees I J
Gi~ ry
)' Noreen X, Wa lsh
15/05/201220:00
This message has been replied to.
Hi5 Lt: ry :
Noreen,
Apologies for not replying sooner. In that case I would suggest that we reference our audit of
Facebook as a sign ificant development perhaps espeCia lly in light of the recent communication on
social networks. 11 you want me to send you a few lines I can do that tomorrow.
Rega rds
Gary
Noreen X. Wa lsh
--- Original Message ----FrOD: No~een X. Wa ls h
Sen t : 1 0 / 05/2012 12 :1 3 GDT
'!'o: Gary
Sub j ect: Fw : Major developments in the data protection field De veloppernents maj e u rs intervenus dans l e do~aine de la protection des
donnees
Gary
I am wondering if you have anything that you would like to include in the CoE report on developments
since November 2011 (see e-mails below) .
Thanks
Noreen
No reen Walsh
Civil Law Reform Division
-
I-orwaraeo ay Noreen J'.. vvalsn
From:
Noreen X. Walshl
To:
Ga"
10/051201212:12 ----
Date:
041041201215:22
Subject:
Re: Major developments in the data protection field - Oeveloppements majeurs intervenus
dans le domaine de la protection des donnees
_______ ,_ _ _ _ __,
- , -- -
-- - - -
Gary
Here is the report that was issued by the CoE for last December's T-PO meeting.
Regards
Noreen
(
\,
r.::.ttachment "CoE Maior Developments National Reports December 2011.pdf' deleted by Gary
Noreen Walsh
,r;;:- l
'-.-J
Re: Major developments in the data protection fi eld - Developpements
majeurs intervenus da ns le domaine de la protection des donnees
Nor':H':11 X. V,'1Ie:1
t(
Gary
16/051201209:41
Thanks Gary , it would be great jf you could send me a few lines on the Facebook audit.
Regards
Noreen
Noreen Walsh
Civil Law Reform Division
n-----Gary T. Davi!?
From:
To:
Date:
Subject:
~o!~~n, ~pologjes for not replying sooner. In _1~§lJ :: ...
Gary
Noreen X. Walsh.
15/05120 12 20:00
Re: Major developments in the da ta protection fi eld· Developpements majeurs intervenus
______ dans le d~_
a i_
n~~::~_p_'_ot_
e_
cti_
on~es
don:cn~
.~
es,-_ ___ _
- - --- --------
Noreen,
Apologies for not replying sooner. In that case I would suggest that we reference our audit of
Facebook as a significant development perhaps especially in light of the recent communication on
social networks . If you want me to send you a few lines I can do that tomorrow.
Regards
Gary
Nomen X. Walsh
---- Original Message --•••
From: Noreen X. Wa:sh
Sent: 10/05/2012 12 : 13 GDT
To:
Subject : Fw : Major developments in the data prctection field Deve loppeme nts majeu!'s interv enus dans le do:nai:1e de la protection des
donnees
Gary
I am wondering if you have anything that you would like to include in the CoE report on developments
since November 2011 (see e·mails below) .
•
Thanks
Noreen
Noreen Wa lsh
Civil Law Reform Div ision
11-
Re : Major developments in the data protection field - Oeveloppements
majeurs intervenu5 dans le domaine de la protection des donnees G1
18/051201210;54
Noreen X. Walsh
--r"h"i,- m-:.",,"a-:,""'.-:h-as"C"Cb.:-.-nreplied 10.
HIstc ry:
Noreen,
My apologies. You should not have had to remind me twice never mind three times.
I hope this is sufficient.
Regards
Gary
~
FB Developments.doe
From:
To:
Date:
Subject:
Noreen X. Waist ·
Gary
181051201209:53
Re: Major developments in the data protection field· Oeveloppements majeurs rntervenus
dens le domaine de la protection des donnees
,
Gary
Would it be possible to send me a short nole on the Face book enquiry for the CoE major
devel opments report by early afternoon today as I have recei ved an e-mail from the CoE indicating
that today is the deadline for sending in malerial.
Thanks
Noreen
Noreen Walsh
Civil Law Reform Division
'1
[
'
~N.oreen, Apologies for not repl y ing sooner.
In
.•
t~at...
Noreen X. Walsh
----- Original Message -----
From : Noreen X. Walsh
Sent: 10 / 05/ 2012 12:13 G~T
To: Gary
Subjec t: Fw: Maj or de velopments iI'. the data protecticn field Deve l o9pements majeu r s intervenus dans l e domaine de la protec~ion des
do nn ~es
Gary
I am wondering if you have anything that you would like to include in the CoE report on developments
•
-'
The Ollice of the Data Projec tion Commissioner publ ished on 21 Decem ber 201 I the
outcome of its audit of face-boo k Irc!<llld( FH· I) which ~\as conducted du ring the last
quarter of 10 I J including olH,i tc in Faccbook Irebnd' s I kadqunrtl.' rs in Dublin. The
Repol1 was stated to be a co mprl.'hcn si ve assessmel1t of Facebook Irel and' s
compli ant!! wi th Irish Data Protect ion law and by cxt~nsi(lI1 EU la_w in this an~a.
facebook Ireland has responsibili ty [or all Faccbook users outsi de of the USA and
Canada.
The audi t [o und a positive app roach (Lnd commi tnll:!llt O il the part ofFB ~I to respectin g:
the privacy rights of its lIsers. Ari sin g from the audi t. FS· I agrel'd to a wide range o f
;·bcst practice" improvemc:nts to be impkmented during the first 6 month s o f 20 12
with a fo rma l review of progress to take place in July 2012.
The Audit \vas the most' comprehensive and ddai lcd ever undertaken by the Olliee of
the Data Protcc,tion Commissioner.
The Report records si gnificant recommendat ions and commitments from Facebook
Ireland in relation to:
a mec hani sm fo r users to convey an informe d chl)ice for how their
i.n fomlation is used and shared on the si te incl udi ng in relation to Third
Party Apps
a broad update to the Data Use Poli cy/ Pri vacy Poli cy to take account of
rccommendatil)ns a.<; to where the information provided to use rs could be
furt her improved
transpare ncy and contro l lor llse rs via the provision of all personal data he ld
to them on request and as part of their everyday in teraction with the site
the de leti on of i.nformat ion held on llsers and no n ~usc rs via what arc known
as soc ial plugill s and more generall y the de leli{)1l of data held from user
interacti ons \\/i lh the si te muc h sooner than prese ntl y
increased transparency and co ntro ls ror th e use of pe rsonal data for
advcl1i sing purposes
an add itional form of Ilotification for lIsers in relarion to facial
recognitionf' tag sug gest" that is co nsidered will 'ensure- Facebook Irdancl is
meeting best practice in this area from an Iri sh law perspective
(In enha nced ability for users to control t3gging and posting on ot her user
profiles
an enhanced ability lor users to control whether the-ir addition to Groups by
fr iends
the Compliance management/Governance functio n in Dublin which will be
further improved and enhanced (u ensure thal the introduction of new
products or new uSeS oJ" user data take full accoun t of Irish data protection
law.
•
J
Re : REMINDER/RAPPEL : Major developments in the data protection field
- Developpements majeurs intervenus dans le domaine de la protection
des donnees .:.
Noreen X. Walsh to:
18105120 12 15:48
Corinne
Material in relation to major developments in Ireland is attached as requested.
Regards
Noreen Walsh
Civil Law Reform Division
~
Major Developments Report - l B.OS. 12.doc
"'
' .'
_.
Ireland
Major developments in the data protection field since 28 th T -PD Meeting
(November - December 2011 )
On 21 Decemb.;-r 20 11 the Office oftht: DnHll'rotl..'c lion Commissioner publi shtd its
Report on the ouli..':OIllC of its ~udif of Facc book Ir('lnnd ( FB-I). T he Report prvvi des a
compre.he nsive assessme nt of Facl;'hllok Ircl and ' ~ COml)li .. n~e wi th Irish Data
Protection law and by extension EU \av,: in this urea. F ~lcebook Ireland has
responsibility for all Faeebook lI sers outside or the USA and Canada.
or
The audit fou nd a positive approach and C(lmlllitmc nt o n the part
FB-.I to respecting
the privacy rigbts of its lIsers. Arising from tilt.' audit. FB-l agreed to a v,'ide range of
"best practice" improveme nts to be implemen ted during the first 6 months o f 2012
\.... ith a formal rev iew ofprogrcss to take place in Jldy 20 12.
The Audi t was the mostl..'o mprehens iw and Jt.'tu iled ever undertaken by the o nice of
the Data Protec tiQn CQmmissioner.
The Report records s ignificant re-comnh::nlh.tti oIlS an d commi tm ents from Fucebook
[reland in relation LO:
a mechani sm for users tl) convey an in lo rmed choice for how the ir
infonnation is used and shared on the site induding in rdat ion to Third
Party Apps
a broad upd<ll~ to the Data US\! Policy/ Pri vacy Policy tQ lake accounl
recomme ndations as 10 wher~ the inf•.)nmllion provided 10 users could be
further improved
tmnspurency and control for lIsers via the provision of all persona l data held
to them on request and as pa l1 ol'tllcir cwryday interaction \vith the site
the de le tion ofi nforrnation l1eld on users ::m d non·uscrs via what are kno\Nn
as s~)cial plugins and marc gCllcnlll)· th(! (.klction of data hdd from lIscr
interacti ons with the site much SOQner than pre~ently
increased transparency and conlwls for the us.: of personal data to r
advertising putvoses
an additional fo rm of notificat ion for llsers ill rdat ion to facial
recogn iti onf'tag suggest"' that is c\)lls iJcred will ensure Facebook Ireland is
meeting best pr::lctice in this area from an Irish lav.' perspective
an enham;ed ability for users to control lagging and posting on other user
or
protiles
an enhanced ability for users to control their addition to Groups by friends
th~ Compl iallt:t: managemem/Govc rnanct' function in Dub li n which \\ ill be
further improved and ~nhanced 10 l'nSllrt" that the introductioll oCne\\'
products or new lISCS of user dnta take fu ll account of Iri sh data protection
law.
The repo11 is available o11 ll1e Data Protecti on Commissioner's wcbsite:
hltp :lldmaprotcction. i c.
,
Re: Catch in g up
CJ
14/081201214:34
Yes, 11.30 will be fin e; you know where our office is. See you then .
Regards
From:
To:
"Seamus S. Carroll~'
14/08/20 1214:3 1
Dale:
"S"ub",i"ec:.:':,..___Rc:e:;,,,C:.:a:::tc::h=in~!p_~._~ ____,____ _ _ •
----.--
Thanks SeaMUs. I have an event at b r eakfast time so I would most likely
p r efer a t ine after 11am . Shall \<>'e say 11.30 to be on the safe side?
On 8/1 4/12 2:26 PH,
" Sea~us
S. Carroll "
>All well here ; just back from holidays .
>
>Fr iday 14th September , at whatever time suits you , wi ll suit 1:'.e .
>Regards
>
>
>
>From :
>To :
>Date :
>Subject :
" Seamus S . Carroll "
14/08/201 2 13: 53
Catch ing up
>
>
>
>~i
Seamus
>
>I hope you ' ve been ab l e to have a break ov er the surr~er. I ' ll be in Dublin
>12-14 September a~d it would be great to catch up with you on all things
>DPD. I'd also like ' to introduce you to
who a lso works on policy
>i ssues for Irela:1d. Can you plea se let me know whe~ is good in your diary
>over those days?
>
>Man y t ha nks
>
>Descripti o n: Descr iptio~: Llescr ipt ion: c id: imcgeOO 1. pr.g@OlC.8f8 88 . 8 f'CCE:63 0
Id ! reiand I face book
,
,
,
,
,
,
,
"
>
>
>
>
,A
•
•
