Facebook has come out of its corner swinging in response to the accusation that its “shadow profiles”, among other aspects of its services, break Ireland’s privacy law.
The latest round in the world+dog-versus-Facebook began last week, when a group called Europe-v-Facebook picked up research by Austrian student Max Schrens as the basis of a complaint to Ireland’s Data Protection Commissioner.
Schrens’s complaint covered the handling of Facebook user data, but also accused the company of creating “shadow profiles” of non-users. For example, he said, a non-user’s identity could be revealed to Facebook when a user uploads an address book to its servers.
Facebook’s Mia Garlick has told The Register that while Facebook does receive such information – since, for example, an e-mail address is provided by any user who sends a Facebook invite to a non-user – it does not use that data for profiling non-users.
“We keep the invitees’ e-mail address and name to let you know when they join the service,” she said. “This practice is common among almost all services that involve invitations … the assertion that Facebook is doing some sort of nefarious profiling is simply wrong.
“In addition, Facebook offers more control than other services, by enabling people to delete their e-mail address from Facebook, or opt-out of receiving invites.”
Regarding the accusation that user messages are retained by Facebook after the user has deleted them, Garlick says that Schrens has misunderstood the nature of messaging services.
Users can delete messages from their own inbox and sent folder, she said, and these truly are deleted. However, a message that a user sends also becomes part of the recipient’s inbox.
“People can’t delete a message they send from the recipient’s inbox, or a message you receive from the sender’s sent folder. This is the way every message service ever invented works,” she told El Reg. ®