The Information Commissioner’s Office, which oversees the implementation of the Data Protection Act in UK, will conduct an investigation into Facebook over a complaint from a British user who is unhappy that the social networking site seems to be keeping data from deactivated accounts.

While it is easy to join Facebook, it is difficult to remove all personal information once a user decides to leave the site.

Alan Burlison attempted to delete his Facebook account but was unable to properly remove all his details. To actually remove all information from the Facebook server, you have to go through a onerous procedure of deleting all profile content which includes wall posts, notes, application links, photos, tags on other people’s photos, and groups/networks memberships.

While the social networking site does allow users to deactivate their account, so the information is no longer displayed on the site, it does remain on the server. This could be a breach of the UK’s Data Protection Act of 1998.

One of the eight principles of information-handling practice in the Data Protection Act is that all data must be kept for no longer than necessary.

The Information Commissioner’s Office spoke to Channel 4 on the matter and said:

“Many people are posting content on social networking sites without thinking about the electronic footprint they leave behind. It is important that individuals consider this when putting information online. However, it is equally important that websites also take some responsibility.

“In particular they should ensure that personal information is not retained for longer than necessary especially when the information relates to a person who no longer uses the site.”

It will be interesting to see the outcome of the Information Commissioner’s investigation.

Related:

Entry was posted on Tuesday, November 20th, 2007 at 3:59 pm under Security.

Read more entries by Ruben Francia.
Stumble It!