Students force Facebook to cough up more user data

Facebook has quietly expanded the amount of data users can request to find out what the social network knows about them — and it’s all down to a small band of disgruntled Austrian law students.
Not that the students, whose group is less-than-subtly named “Europe v Facebook”, are satisfied. They say Facebook holds way more information about its users than it generally lets on, and they remain convinced that its refusal to cough up is illegal in Europe.
To tackle their nemesis, the group complained last year to the Irish data protection commissioner (DPC), since Ireland is where Facebook has its HQ for all operations outside North America. In December, the DPC decided Facebook was breaching EU data protection law and gave the company a stern telling-off, along with a list of things it should change.
And now we see the fruits.
“Starting today, you will be able to download an expanded archive of your Facebook account history,” a note on Facebook’s somewhat-obscure European public policy blog stated on Thursday.
Since 2010, Facebook has provided a download tool that gives you some of what the company knows about you — timeline information, photos and videos, messages, wall posts and so on — but now it includes more than before.

Now you can access additional categories of information, including previous names, friend requests you’ve made and IP addresses you logged in from,” Facebook said in its note. “This feature will be rolling out gradually to all users and more categories of information will be available for download in the future.”

“Users are again fooled,” Europe v Facebook immediately retorted. The group reckons Facebook’s now including 39 categories of information in the downloads, but that it actually holds about 84 categories on each person. The company’s move is in line with what the DPC asked it to do.
So what are we still not getting to see? “One was ‘Like’ button information,” Europe v Facebook leader Max Schrems told me, explaining that this category kept a record of every webpage a user had visited which had a ‘Like’ button on it (the user doesn’t need to click the button for the tracking to happen).
“We found Like buttons on porn pages. Facebook holds this data in a personal form for 90 days and then — according to Facebook — depersonalizes it,” Schrems said. “According to EU law they have to give out all the personal information that they have about a user. They have to put out the information in raw format within 40 days.”
Clearly not satisfied with the changes forced by Ireland’s privacy regulators, the group is now urging people to complain directly the European Commission about Facebook’s alleged law-breaking.
Nitpickers? Perhaps. A Facebook representative pointed out to me that several categories of data can be viewed in the new ‘activity log’.
But this small group of students has managed to get one of the world’s biggest tech companies to alter its policies for all its users. They’re not satisfied, and I wouldn’t bet against them wrangling out even more concessions in future.