Facebook's use of personal information

Facebook has responded to the questions concerning the company's storage and use of personal information. The letter was sent from the Norwegian Data Protection Authority on behalf of the Nordic Data Protection Authorities.

In a nine-page long letter sent from Facebook's European headquarters, the company has answered all submitted questions. Facebook also express that they wish to continue the constructive dialogue.

- Facebook has, for certain areas, to a great extent confirmed our assumptions, while they in other areas state that "this is not the case". This is useful feedback both for us as the Data Protection Authorities and for all Facebook's Nordic users, says Mr Bjørn Erik Thon, Director General of the Norwegian Data Protection Authority.

Targeted use of information

In their reply, Facebook confirms that what their members write on their own wall is used to target advertising. However, the company emphasises that this personal information is not passed on to other companies, with the exception of what the user accepts when installing so-called third party applications. This also applies to photography and video. With regards to IP-addresses, Facebook state that these are stored for up to 90 days, but that these are only used by management and for security, never for marketing purposes. Facebook also confirm that they consider themselves to be subject to European privacy laws because their European headquarters are situated in Ireland.

- We hope to arrange a follow up meeting with the company before Christmas, says Mr Bjørn Erik Thon. – In this meeting we wish to find out more about what is recorded by "like function", "Facebook analytics" as well as the use of cookies, says Mr Thon.

Open and constructive dialogue

Thon emphasises that Data Protection Authorities through this open and constructive dialogue with Facebook gain an opportunity to better understand how social networking are working and will develop. - In the continuous dialogue with Facebook, we will aim to argue the company should give their users the opportunity to "opt in" to new features when they are released, rather than being signed on automatically and then having to "opt out" later. The principle of opting in rather than opting out is in better accordance with European privacy policy than Facebook present practice. - It is important that privacy settings are continuously developed in order to enable Facebook's users to protect their privacy in the best possible way, states Mr Thon.