"It is unacceptable that the company fundamentally changed the default settings on its social networking platform to the detriment of a user," the Article 29 Working Party, a group of EU privacy regulators, warned in a letter sent to Facebook on Wednesday (12 May).
The group insisted that the site should change its default settings to allow users to restrict their profiles to the contacts of their choice.
"Any further access, such as by search engines, should be an explicit choice of the user," the letter continued.
The concerns stem from a change the site made to its privacy settings in January, which makes complete Facebook profiles accessible by default.
Before January, profiles were private by default but now users have to change the settings to make their profiles private so that they can only be viewed by friends.
Site under growing scrutiny
The Canadian privacy regulator was the first to hit out against the changes made to the site's settings when it launched a new probe into Facebook on 27 January.
The European commissioner in charge of data protection, Viviane Reding, said she was following the Canadian investigation closely when she announced her own concerns about the site on European Safer Internet Day in February (EurActiv 09/02/10).
"Minors' profiles need to be set to private by default and questions or abuse reports have to receive quick and appropriate responses. The Internet is now vital to our children, and it is the responsibility of all to make it safe," Commissioner Reding said in a speech marking the occasion.
In a bid to quell accusations that the site infringes privacy rights, last week it hired former US Federal Trade Commission boss Tim Muris as its legal counsel.
In addition, last month the site launched a Safety Centre it claimed would "inform parents, educators, teens, and members of the law enforcement community about Facebook's tools for staying safe while using the service".
"There's no single answer to making the Internet or Facebook safer," said Elliot Schrage, vice-president of Global Communications and Public Policy at Facebook.
The Article 29 Working Party also condemned the access to user's personal information granted to "third party applications" such as games hosted by the site, and the fact that profiles may contain other contacts' data without their knowledge.
"Providers of social networking sites should be aware that it would be a breach of data protection law if they use personal data of other individuals contained in a user profile for commercial purposes, if these other individuals have not given their free and unambiguous consent," the statement read.
The EU watchdogs also pointed out that Facebook had made the change to its settings just days after it and other social networking sites took part in an EU hearing on privacy concerns on the Internet.