Austrian student activists say they expect to meet Facebook representatives in Vienna next Monday in an attempt to resolve their disagreements over the social networking site's privacy policies.
Its audit report, released in December, made more than a dozen recommendations about how Facebook could improve privacy protections and data handling. The regulator said if the company complied with its recommendations it is unlikely it would be violating Irish and European privacy laws. Facebook agreed to many of the recommendations.
But Europe v Facebook thinks the company hasn't gone far enough, and Ireland's regulator has been too soft, said Max Schrems, a law student at the University of Vienna.
"We think the Irish Data Protection Commissioner did not seriously enforce European law," Schrems said.
The Irish DPC said the meeting between the two was not mandated by data protection laws. If the complainant is not satisfied with the outcome, the DPC will examine the issues further and make a formal decision, the agency said. If the complainant is still not satisfied with the formal decision, they have a right to appeal to the courts.
A Facebook spokesperson said via email that ''Facebook is always open to any constructive dialogue and discussion around privacy concerns with individuals and organizations across Europe. This meeting is no exception."
Schrems said he plans to attend the meeting next Monday with a colleague. He expects Richard Allan, Facebook's director of policy for Europe, will be there along with a company representative from the US. Schrems said he hopes the low number of attendees on both sides will make the meeting more productive.
Following the meeting, Facebook is not obligated to take any action, Schrems said. Europe v. Facebook expects to continue to press the Irish DPC to make a final decision on some of the issues, he said.
Following the audit, Facebook agreed to make changes such as removing part of the IP addresses it logs from the "Like" social plugin within 10 days. Facebook also said it will completely delete logs collected by the Like plugin after 90 days.
Schrems said his group still plans to push harder to see more action on the 22 complaints filed by his group with the Irish DPC. The regulator received in total more than 180 complaints on data retention and disclosure.