Facebook denies "Shadow Profile" claims; Risks €100k privacy fine

Facebook has struck back at accusations that the social network is maintaining so-called "shadow profiles" of unregistered users, claiming the only information kept is an email address and name so as to later flag-up new members. The Irish subsidiary of the site will be investigated by the Irish Data Protection Commission this week, with other allegations including that it saved copies of messages users had deleted, and according to the Guardian could face a fine of up to €100,000 ($140,000) if found guilty of data protection breaches. However, Facebook has strongly denied any wrongdoing, as well as the extent of its information gathering.

Communications and Policy Manager Mia Garlick told The Register that, in fact, the only information on non-users that is used in any way is their email and names. That, she says, is so that new sign-ups can be highlighted to friends that may have searched for them by name and/or email at a previous time, or indeed invited them through Facebook's sharing tools.

"We keep the invitees' e-mail address and name to let you know when they join the service ... This practice is common among almost all services that involve invitations ... the assertion that Facebook is doing some sort of nefarious profiling is simply wrong" Mia Garlick, Communications and Policy Manager, Facebook

As for allegations from privacy-advocate Europe Versus Facebook that the data, as well as other information culled on each non-user, is analyzed for further purposes, Garlick denies the claims. A similar denial comes over suggestions that Facebook is storing old messages that, as far as the user is concerned, had been deleted. In fact, the exec argues, this is a normal part of message services that has been misconstrued:

"People can't delete a message they send from the recipient's inbox, or a message you receive from the sender's sent folder. This is the way every message service ever invented works" Mia Garlick

The Irish investigation had been prompted by complaints by Europe Versus Facebook, after data access tools allowed those behind the site to request copies of what information Facebook stored on them. A CD containing a 1,000+ page PDF document, comprising old messages, email addresses others had searched for him using, IP addresses and times of different logins, rejected friend requests, detagged photos and more. Part of the group's complaint was that, even if Facebook is not using this sort of data for profiling purposes, the potential leak danger should the social network be compromised by hackers is huge.

[Image credit: Adib Roy]