Facebook, the world's biggest social networking site, could be fined up to $130,000 if it does not comply with the orders of Irish regulators within four weeks.
According to The Guardian, Facebook was warned last year by the office of the Irish data protection commissioner (DPC) to make widespread changes which included tightening its privacy practices and deleting unneeded data sooner.
Concerns were raised about how the company targets advertising, utilizing sensitive data. Concern was also expressed about the retention of data on inactive or deactivated accounts, and the transparency of privacy settings.
DPC carried out an audit on Facebook Ireland as the international headquarters is responsible for millions of users outside the US and Canada. Currently Facebook still has to comply with several of its recommendations.
Commissioner Billy Hawkes informed the Guardian that the maximum penalty the company faced for non-compliance was a $130,000 court fine if enforcement action had to be taken.
Hawkes said he was satisfied that Facebook had made clear commitments to comply with its data protection responsibilities in line with Irish and EU laws.
The DPC review found the majority of its recommendations had been fully implemented, particularly in the areas of better transparency for the user in how their data is handled; increased user control over privacy settings; the implementation of clear retention periods for the deletion of personal data or an enhanced ability for the user to delete those items.
In a statement, Facebook said it was confident it could continue to resolve the outstanding issues with the DPC given the progress it has made on other matters in recent months.
The company also promised to work with the Irish regulator to ensure it remains compliant with European data protection laws as new products and features are created.
'As our regulator in Europe, the Irish office of the data protection commissioner is constantly working with us to ensure that we keep improving on the high standards of control that we have built into our existing tools,' said a spokesman.
Facebook has voluntarily switched off its facial recognition service in Europe following a privacy audit by the DPC. The company says it wants to reinstate the new feature once a form of consent can be found that meets the guidelines.
The facial recognition function was based in part on technology developed by an Israeli start-up, which Facebook acquired earlier this year for $60 million.