If you delete an email or remove a tag from a photo on Facebook, you have a right to believe that the email is gone, or that there is no longer a record of the tag. But in a recent case in Austria, a 24-year-old law student found that Facebook saved everything forever, even items he had explicitly deleted.
According to an article on the Guardian's Website, Max Schrems requested a CD from Facebook with all his content after attending a lecture by a Facebook executive and apparently not liking what he heard. To its credit, Facebook complied, but to Schrems' surprise, he found his entire Facebook history was intact on the site, including Friend requests he ignored, people he had un-Friended, deleted emails, and photos retaining tags he had removed.
Shrems complained to the Irish Data Protection Commission, which is responsible for these complaints in Europe. The commission is investigating. If found guilty of violating Schrems' privacy, Facebook could be subject to a 100,000 euro fine ($137,750 in US dollars, according to Sunday's exchange rate). That may be a drop in the bucket for a company like Facebook, but a ruling against the company could open the floodgates for similar complaints, and that could get very costly indeed.
And after spending some time last week at the ARMA International Conference & Expo for recordkeeping and data governance professionals, I watched this story through a different prism than perhaps I normally would. That's because recordkeepers are a particularly paranoid bunch. They don't really like social media on the open Web -- or just about anything that's outside their direct control.
One of the issues that recordkeepers have with cloud services in general is the idea of deleting data. When your company could be subject to e-discovery requests regarding social media or any content stored in the cloud, you need to know that deleted content is actually deleted. And when you read an article like the one on the Guardian site, it could make you want to lock down the entire operation, rightly or wrongly.
Sure, it's definitely better to set realistic governance policies around all social media and to establish realistic social media archiving policies. It's all well and good to tell the folks responsible for records in the enterprise to be realistic, but they need to have some reasonable assurance that when someone deletes something, it's actually deleted.
That's because businesses are sued all the time, and they are subject to rules of electronic discovery. When a plaintiff's lawyer asks for information on a certain topic and you say confidently those records have been deleted within your clearly defined record retention policies, you want to know they really have been taken down.
If Facebook isn't actually deleting those emails or other interactions, and you believe they were deleted, your company can be in big trouble if it turns out those records actually exist somewhere.
That's why Facebook must establish a clearer policy on deleting content. Individuals and businesses have a right to delete their content, and there has to be a way to ensure that, once you've deleted it, it's going to be gone -– really gone -- in a reasonable amount of time.
This is a case where the stricter privacy policies in place in Europe might end up benefiting us all in the long run if Facebook is forced to change its policies and remove deleted content from its servers once and for all.
— Ron Miller is a freelance technology journalist, blogger, FierceContentManagement editor, and contributing editor at EContent magazine.