The French Data Protection authority (CNIL) announced on January 16 that it sent a letter to Facebook requesting information on how Facebook processes personal data.

This letter follows a meeting between the CNIL and Facebook’s representatives last fall.

The CNIL reportedly is asking for more information about the company’s data retention practice as it pertains to members’ personal data, the processing of IP addresses, and the treatment of e-mail addresses of individuals invited by members. The CNIL apparently is also interested in finding out more about how members’ profiles are analyzed in order to deliver targeted ads. The CNIL stressed in its letter that, in this particular context, individuals must be informed of the purposes of the data processing, the data recipients’ identity, and the existence of an individual’s right of access and rectification.

According to the CNIL, users of social networking tools often have insufficient understanding of, for instance, whether or not the defaults settings of the tools allow for an extensive disclosure of personal data. The CNIL further observed that users are not always aware that the disclosure of personal data such as habits, hobbies or even political opinions or religious views enables social networking sites to create pools of personal data that can be used for a variety of commercial applications.

The CNIL previously conducted the same type of investigation with regard to Google’s use of the personal data related to search results. These investigations illustrate the growing focus of the CNIL on the issue of behavioral advertising and how it impacts a person’s privacy.

Facebook launched its “Beacon” program, which allegedly offers innovative behavioral advertising features, in November 2007. It was originally designed as an opt-out system, but was changed into an opt-in last December following significant protest both from users and consumer advocates.