Europe versus Facebook’s 22 complaints

1. Pokes.
Pokes are kept even after the user “removes” them.

2. Shadow Profiles.
Facebook is collecting data about people without their knowledge. This information is used to substitute existing profiles and to create profiles of non-users.

3. Tagging.
Tags are used without the specific consent of the user. Users have to “untag” themselves (opt-out).
Info: Facebook announced changes.

4. Synchronizing.
Facebook is gathering personal data e.g. via its iPhone-App or the “friend finder”. This data is used by Facebook without the consent of the data subjects.

5. Deleted Postings.
Postings that have been deleted showed up in the set of data that was received from Facebook.

6. Postings on other Users’ Pages.
Users cannot see the settings under which content is distributed that they post on other’s pages.

7. Messages.
Messages (incl. Chat-Messages) are stored by Facebook even after the user “deleted” them. This means that all direct communication on Facebook can never be deleted.

8. Privacy Policy and Consent.
The privacy policy is vague, unclear and contradictory. If European and Irish standards are applied, the consent to the privacy policy is not valid.

9. Face Recognition.
The new face recognition feature is an inproportionate violation of the users right to privacy. Proper information and an unambiguous consent of the users is missing.

10. Access Request.
Access Requests have not been answered fully. Many categories of information are missing.

11. Deleted Tags.
Tags that were “removed” by the user, are only deactivated but saved by Facebook.
Filed with the Irish DPC

12. Data Security.
In its terms, Facebook says that it does not guarantee any level of data security.
Filed with the Irish DPC

13. Applications.
Applications of “friends” can access data of the user. There is no guarantee that these applications are following European privacy standards.

14. Deleted Friends.
All removed friends are stored by Facebook.

15. Excessive processing of Data.
Facebook is hosting enormous amounts of personal data and it is processing all data for its own purposes.
It seems Facebook is a prime example of illegal “excessive processing”.

16. Opt-Out.
Facebook is running an opt-out system instead of an opt-in system, which is required by European law.

17. Like Button.
The Like Button is creating extended user data that can be used to track users all over the internet. There is no legitimate purpose for the creation of the data. Users have not consented to the use.

18. Obligations as Processor.
Facebook has certain obligations as a provider of a “cloud service” (e.g. not using third party data for its own purposes or only processing data when instructed to do so by the user).

19. Picture Privacy Settings.
The privacy settings only regulate who can see the link to a picture. The picture itself is “public” on the internet. This makes it easy to circumvent the settings.

20. Deleted Pictures.
Facebook is only deleting the link to pictures. The pictures are still public on the internet for a certain period of time (more than 32 hours).

21. Groups.
Users can be added to groups without their consent. Users may end up in groups that lead other to false impressions about a person.

22. New Policies.
The policies are changed very frequently, users do not get properly informed, they are not asked to consent to new policies.

http://europe-v-facebook.org/EN/Complaints/complaints.html