Published October 21, 2011
Eight hundred million users are not enough. Facebook, the world's biggest social network, is now building profiles of non-users who haven't even signed up, an international privacy watchdog charges.
The sensational claim is made in a complaint filed in August by Ireland’s Data Protection Commissioner. It alleges that users are encouraged to hand over the personal data of other people -- including names, phone numbers, email addresses and more -- which Facebook is using to create "extensive profiles" of non-users.
Facebook categorically denies the allegation, but experts tell FoxNews.com that it could well be true.
“There can be little doubt that Facebook collects from its current users information about individuals who are not currently Facebook users, and collects from its current users information about other Facebook users,” said Kelly Kubasta, who heads the Dallas law firm Klemchuk Kubasta’s social media division.
Ciara O'Sullivan, a spokeswoman for Ireland's Office of the Data Protection Commissioner, told FoxNews.com that its audit of Facebook Ireland's privacy policies was part of a "statutory investigation" that the office anticipates will lead to immediate changes.
"The Office of the Data Protection Commissioner will be commencing a comprehensive audit of Facebook Ireland before the end of the month," O’Sullivan said.
But Facebook flat-out denies that it is creating "shadow profiles" and tracking users and non-users alike.
"The allegations are false," Facebook spokesman Andrew Noyes told FoxNews.com. "We enable you to send emails to your friends, inviting them to join Facebook. We keep the invitee's email address and name to let you know when they join the service. This practice is common among almost all services that involve invitations -- from document sharing to event planning."
"The assertion that Facebook is doing some sort of nefarious profiling is simply wrong," Noyes added.
But that isn’t what they’re thinking in Ireland. The complaint makes clear that it believes Facebook is doing just that -- and enumerates several scenarios that would give any social-networker shivers.
“Facebook Ireland is gathering excessive amounts of information about data subjects without notice or consent by the data subject," the complaint states, adding that in many cases the information "might be embarrassing or intimidating for the data subject. This information might also constitute sensitive data such as political opinions, religious or philosophical beliefs, sexual orientation and so forth."
European law carries heavy penalties for companies that violate "information privacy" laws -- in contrast to the relatively lax U.S. laws. But the U.S. has issues with Facebook as well: Privacy rights litigation is proceeding in Mississippi, Louisiana, Kansas and Kentucky. The U.S. Federal Trade Commission is also probing complaints about Palo Alto-based Facebook, while Congress is calling for an inquiry.
Kubasta noted that -- for better or for worse -- Facebook's best defense may be a good offense. After all, it's not alone: Several other websites are undertaking this kind of tracking as well.
“Regardless of what Facebook is doing, many websites collect and propagate personally identifiable information about individuals who have not entered into any agreement with the website. Just a few examples include Spokeo, iSearch, WhitePages.com,” Kubasta told FoxNews.com.
"In other words, ‘the horse may be out of the barn,’” he said.
Noyes told FoxNews.com Facebook's features are "consistent with people's expectations. We look forward to making these and other clarifications to the Irish DPA."
Other experts say these lawsuits may be at the forefront of a new trend -- increased consumer demand for data privacy online, and improved corporate response to those demands.
Marilyn Prosch, co-founder of the Privacy by Design Research Lab at Arizona State University, has conducted extensive research on online privacy, electronic commerce and other IT subjects.
She is working with social media and other online industry leaders to create guidelines for businesses worldwide to effectively protect personal data.
“Privacy assurance must ideally become an organization’s default mode of operation,” Prosch told FoxNews.com.