Billy Hawks, head the Irish data protection commission, which mounted the investigation because Facebook’s European operations are based in Ireland, praised the social network for cooperating.
“I am particularly encouraged in relation to the approach it has decided to adopt on the tag suggest/facial recognition feature by in fact agreeing to go beyond our initial recommendations, in light of developments since then, in order to achieve best practice” he said.
Facebook’s introduction of facial recognition software, which it uses to encourage members to “tag” their friends in photographs, ensuring they are shared more widely, has long been controversial. It was turned on by default last year, meaning members had to opt out if they did not want to be part of the system.
Mr Hawkes stressed he was satisfied Facebook giant had made clear commitment to comply with its responsibilities in line with Irish and EU privacy laws.
His statement came after a series of follow-up meetings, when regulators assessed how well Facebook was complying with earlier privacy recommendations.
Deputy Commissioner Gary Davis, who led the initial audit and review, warned the office would use enforcement powers if needed, however. Facebook could be fined up to £80,000 if it does not comply with the latest orders of Irish regulators within four weeks.
“There were a number of items on which progress was not as fully forward as we had hoped and we have set a deadline of four weeks for these matters to be brought to a satisfactory conclusion,” he said.
“It is also clear that ongoing engagement with the company will be necessary as it continues to bring forward new ways of serving advertising to users and retaining users on the site.”
Facebook said it was confident it could continue to resolve the outstanding issues given the progress it has made on other matters in recent months.
It also vowed to continue to work with Irish regulators to ensure it remains compliant with European data protection laws as new products and features are created.
“As our regulator in Europe, the Irish office of the data protection commissioner is constantly working with us to ensure that we keep improving on the high standards of control that we have built into our existing tools,” said a spokesman.
“This audit is part of an ongoing process of oversight, and we are pleased that, as the data protection commissioner said, the latest announcement is confirmation that we are not only compliant with European data protection law but we have gone beyond some of their initial recommendations and are fully committed to best practice in data protection compliance.”
Even as it pledged to improve its privacy practices, Facebook faced new criticism over messages it sent to members urging them to report friends who were not using their real names on the social network. Unlike Twitter, Facebook has a long-standing rule that accounts must be based on true identities.