The Guardian reports that social-networking service Facebook could face a large fine for holding onto user data even though the information was deleted by the user:
Facebook could face a fine of up to €100,000 (£87,000) after an Austrian law student discovered the social networking site held 1,200 pages of personal data about him, much of which he had deleted.
Max Schrems, 24, decided to ask Facebook for a copy of his data in June after attending a lecture by a Facebook executive while on an exchange programme at Santa Clara University in California.
Schrems was shocked when he eventually received a CD from California containing messages and information he says he had deleted from his profile in the three years since he joined the site.
After receiving the data, Schrems decided to log a list of 22 separate complaints with the Irish data protection commissioner, which next week is to carry out its first audit of Facebook. He wrote to Ireland after discovering that European users are administered by the Irish Facebook subsidiary.
A spokeswoman for the commissioner confirmed its officers would be investigating alleged breaches raised by Schrems as part of the audit. If the commissioner decides to prosecute and Facebook or any employees are found guilty of data protection breaches, the maximum penalty is a fine of €100,000. […]
A spokesman for Facebook said in a statement: “Facebook provided Mr Schrems with all of the information required in response to his request.
“It included requests for information on a range of other things that are not personal information, including Facebook’s proprietary fraud protection measures, and ‘any other analytical procedure that Facebook runs’.
“This is clearly not personal data, and Irish data protection law rightly places some valuable and reasonable limits on the data that has to be provided.”