Facebook has agreed to make several changes to its services to improve transparency and better protect the personal data of its millions of users outside of the U.S., following an in-depth audit of its international headquarters that was released Wednesday.
The social media company, based in Palo Alto, California, agreed to changes including asking European users if they wanted to partake in its Facial Recognition, reworking its policies of retaining and deleting private data, and reducing the amount of information collected about people who are not logged into Facebook, the company said in response to the report of the Irish Data Protection Commissioner.
Facebook's international headquarters are based in Dublin, Ireland, a member of the European Union. This means the company is required to comply with European data privacy laws, which are more stringent than those that apply in the United States, particularly regarding how long data can be retained.
"Facebook has committed to either implement, or to consider, other 'best practice' improvements recommended by the data protection commissioner," the company said following the announcement of the report. "Meeting these commitments will require intense work over the next six months."
The company has agreed to present its results in a follow-up to the report in July.
Facebook has been scrutinized for its privacy practices in the U.S., too. In November, the company agreed to submit to government audits of its privacy practices every other year for the next two decades as part of a settlement with the Federal Trade Commission. The FTC's complaint had alleged that the company exposed details about users' lives without getting their consent, as legally required.
It is standard for Ireland's data protection commissioner to audit any high-tech companies in the country to ensure that their practices are in keeping with the European law, and make recommendations to help them to meet those standards, should they fall short.
"It is not the object of the audit, to decide whether there is a breach of law," Billy Hawkes, the data protection commissioner, told reporters. "It is to help an organization achieve full compliance with law, put their compliance into best practice.
Facebook has repeatedly come under fire in Europe for a raft of complaints ranging from accusations that it sells personal data to advertisers — a charge that the Irish authority said its findings did not uphold — its Friend Finder application and "archiving" of data that users have deleted.
This is especially the case in German-speaking nations, where laws protecting individual privacy and the use of personal information are even more far-reaching than those covering the European Union, where Facebook has run up against several complaints from local data protection authorities.
A group of Austrian students calling themselves Europe vs. Facebook also took up the crusade, filing a series of 22 complaints directly with the Irish authorities in what they said was an attempt to force Facebook to follow the rule of the law.
"We are thrilled," said Max Schrems, 24, who speaks for the group. "It is far more than what has previously been achieved in Europe. There are a lot of things that they have to change, far more than what they have had to change before."
Barbara Ortutay in New York contributed to this report.