December 04, 2012, 7:42 AM — Privacy campaign group Europe vs. Facebook has threatened to take the Irish Data Protection Commissioner to court if it is not satisfied with the DPC's final responses to its 22 complaints about Facebook's privacy policies, and appealed for donations to cover the costs of such an action.
The group made its threat on Tuesday as it published its 73-page response to the Irish DPC's September audit of the social network's policies. It said that if the DPC did not act in the best interests of Facebook users, the cost of challenging it could reach ¬300,000 (US$390,000).
The DPC's September audit concluded that Facebook had complied with most of the recommendations it had made in an earlier investigation of the campaign group's complaints. Facebook's Irish subsidiary, responsible for the data of users outside the U.S. and Canada, is subject to Irish and European Union data protection law.
Facebook even went beyond the DPC's recommendations in one instance, deciding to delete all facial recognition data it had stored about its E.U. users.
That wasn't enough for the Europe vs. Facebook campaigners, who after analyzing the audit report accused Facebook of fooling the DPC in some cases, and not sticking to its promises in others.
"After a detailed analysis of the 'audit' documents it became clear that the authority has taken very important first steps, but that it has not always delivered accurate and correct results," the group said in a news release. "In some cases we also had to wonder if the authority has really checked Facebooks claims, or if they have blindly trusted Facebook," it added.
A Facebook spokeswoman commented: "We have some vocal critics who will never be happy whatever we do and whatever the DPC concludes."
The campaign group acknowledged that the audit has led to improvements in Facebook's behavior, but said many are "halfhearted" in their compliance with E.U. law. For example, Facebook sent incomplete responses to more than 40,000 users who requested a copy of all the data Facebook held about them, the group said. "In our test the tools which allow to access all data have often times just produced white pages," it said.
The group also questioned why Facebook only deleted facial recognition data concerning E.U. citizens, while the Irish data protection watchdog is responsible for all users outside the U.S. and Canada, they added.