Facebook is denying allegations that it's building excessive data profiles as it faces an audit by the Irish Data Protection Commissioner (IDC). The charges are filed against Facebook Ireland, which controls data for users outside of the U.S. and Canada, and stem from one of 22 complaints filed with the IDC by Austrian student Max Schrems after he discovered that the company keeps data thought to be deleted. In this particular complaint, he accused Facebook of building so-called "shadow profiles" using names, email addresses, and phone numbers collected without notice or consent from data subjects.
In response, Facebook states that it keeps invitee names and email addresses "to let you know when they join the service," which it claims is a common practice "among almost all services that involve invitations." It also points out that although users can delete their own sent and received messages, people have no control over whether sent messages are deleted by recipients or received messages are deleted by the original sender.
The IDC is scheduled to begin a comprehensive audit next week that looks into Facebook's general compliance with Irish data protection law, part of which includes Schrem's complaints. The social network has also been under fire recently for its new "frictionless" sharing policy.