Facebook saves everything forever, has ‘shadow profiles’ for non-users

Posted on October 18th, 2011 Dan

From http://www.identityblog.com/?p=1201

no date topic status files
01 18-AUG-2011 Pokes.
Pokes are kept even after the user “removes” them.
Filed with the Irish DPC Complaint (PDF)
Attachments (ZIP)
02 18-AUG-2011 Shadow Profiles.
Facebook is collecting data about people without their knowledge. This information is used to substitute existing profiles and to create profiles of non-users.
Filed with the Irish DPC Complaint (PDF)
Attachments (ZIP)
03 18-AUG-2011 Tagging.
Tags are used without the specific consent of the user. Users have to “untag” themselves (opt-out).
Info: Facebook announced changes.
Filed with the Irish DPC Complaint (PDF)
Attachments (ZIP)
04 18-AUG-2011 Synchronizing.
Facebook is gathering personal data e.g. via its iPhone-App or the “friend finder”. This data is used by Facebook without the consent of the data subjects.
Filed with the Irish DPC Complaint (PDF)
Attachments (ZIP)
05 18-AUG-2011 Deleted Postings.
Postings that have been deleted showed up in the set of data that was received from Facebook.
Filed with the Irish DPC Complaint (PDF)
Attachments (ZIP)
06 18-AUG-2011 Postings on other Users’ Pages.
Users cannot see the settings under which content is distributed that they post on other’s pages.
Filed with the Irish DPC Complaint (PDF)
Attachments (ZIP)
07 18-AUG-2011 Messages.
Messages (incl. Chat-Messages) are stored by Facebook even after the user “deleted” them. This means that all direct communication on Facebook can never be deleted.
Filed with the Irish DPC Complaint (PDF)
Attachments (ZIP)
08 18-AUG-2011 Privacy Policy and Consent.
The privacy policy is vague, unclear and contradictory. If European and Irish standards are applied, the consent to the privacy policy is not valid.
Filed with the Irish DPC Complaint (PDF)
Attachments (ZIP)
09 18-AUG-2011 Face Recognition.
The new face recognition feature is an inproportionate violation of the users right to privacy. Proper information and an unambiguous consent of the users is missing.
Filed with the Irish DPC Complaint (PDF)
Attachments (ZIP)
10 18-AUG-2011 Access Request.
Access Requests have not been answered fully. Many categories of information are missing.
Filed with the Irish DPC Complaint (PDF)
Attachments (ZIP)
11 18-AUG-2011 Deleted Tags.
Tags that were “removed” by the user, are only deactivated but saved by Facebook.
Filed with the Irish DPC Complaint (PDF)
Attachments (ZIP)
12 18-AUG-2011 Data Security.
In its terms, Facebook says that it does not guarantee any level of data security.
Filed with the Irish DPC Complaint (PDF)
Attachments (ZIP)
13 18-AUG-2011 Applications.
Applications of “friends” can access data of the user. There is no guarantee that these applications are following European privacy standards.
Filed with the Irish DPC Complaint (PDF)
Attachments (ZIP)
14 18-AUG-2011 Deleted Friends.
All removed friends are stored by Facebook.
Filed with the Irish DPC Complaint (PDF)
Attachments (ZIP)
15 18-AUG-2011 Excessive processing of Data.
Facebook is hosting enormous amounts of personal data and it is processing all data for its own purposes.
It seems Facebook is a prime example of illegal “excessive processing”.
Filed with the Irish DPC Complaint (PDF)
Attachments (ZIP)
16 18-AUG-2011 Opt-Out.
Facebook is running an opt-out system instead of an opt-in system, which is required by European law.
Filed with the Irish DPC Complaint (PDF)
Attachments (ZIP)
24-AUG-2011 Letter from the Irish DPC. Letter (PDF)
15-SEPT-2011 Letter to the Irish DPC concerning the new privacy policy and new settings on Facebook. Letter (PDF)
17 19-SEPT-2011 Like Button.
The Like Button is creating extended user data that can be used to track users all over the internet. There is no legitimate purpose for the creation of the data. Users have not consented to the use.
Filed with the Irish DPC Complaint (PDF)
Attachments (ZIP)
18 19-SEPT-2011 Obligations as Processor.
Facebook has certain obligations as a provider of a “cloud service” (e.g. not using third party data for its own purposes or only processing data when instructed to do so by the user).
Filed with the Irish DPC Complaint (PDF)
Attachments (ZIP)
19 19-SEPT-2011 Picture Privacy Settings.
The privacy settings only regulate who can see the link to a picture. The picture itself is “public” on the internet. This makes it easy to circumvent the settings.
Filed with the Irish DPC Complaint (PDF)
Attachments (ZIP)
20 19-SEPT-2011 Deleted Pictures.
Facebook is only deleting the link to pictures. The pictures are still public on the internet for a certain period of time (more than 32 hours).
Filed with the Irish DPC Complaint (PDF)
Attachments (ZIP)
21 19-SEPT-2011 Groups.
Users can be added to groups without their consent. Users may end up in groups that lead other to false impressions about a person.
Filed with the Irish DPC Complaint (PDF)
Attachments (ZIP)
22 19-SEPT-2011 New Policies.
The policies are changed very frequently, users do not get properly informed, they are not asked to consent to new policies.
Filed with the Irish DPC Complaint (PDF)
Attachments (ZIP)

Comments are closed.