Wondering what data Facebook are actually storing about you? That’s exactly the question that Max Schrems’ a 24 law student from Vienna has asked himself, and following a full data request of all his personal data from the service, coming up with some scary results.
European data protection laws state that all individuals have right of access to the data ‘held by the data controller’ in this case – Facebook, and must make it available to them. That’s how Max ended up with a personalized CD from Facebook that he printed out on a stack of paper more than a thousand pages thick. Analysing it, he came to the conclusion that Facebook is engineered to break many of the requirements of European data protection.
At the end of last month, the details of his original request recipe made their way onto social news service Reddit, prompting many other users around the web to request the same – flooding Facebook in the process.
Today, the plot thickened further with Max, not satisfied that his requested had been fully honoured asked for further details on his data, based on the information Facebook holds. The full extent of which can be read on the Identityblog article, along with accompanying written response from Facebook.
With Facebook arguing that some of the information being requested is part of proprietary algorithms used within the service, Schrems highlights just some of the information that Facebook are not willing to release via their online data extraction tool, with the main underlying concern for users – that your data is never really deleted in the majority of cases.
After receiving the data, Schrems decided to log a list of 22 separate complaints with the Irish data protection commissioner, which next week is to carry out its first audit of Facebook. (European users are currently administered by the Irish Facebook subsidiary). If the legal proceedings take place against the social media giant, Facebook or any employees found guilty of data protection breaches, could face fines of up to €100,000.