There are privacy laws somewhere that cover the case of "you published a photo, and sometime later changed your mind and decided you didn't want it publicly available any more."?
I'm not only not-at-all surprised at this, but I'm somewhat amazed that anybody even thinks it's a thing worth commenting about. You upload a photo to a website and make it public (or allow the defaults to make it public) - it's now out of your control. Changing your mind later is _exactly_ the situation the phrase "close the stable door after the horse has bolted" was coined for - and the used of stables and horses in that idiom shows at a minimum how old the type of problem is.
I love hating on Facebook as much as the next privacy-concerned-geek, but I find it hard to feel any sympathy for people who are calling this a problem - any more than I'd feel sympathy for people who want to unscramble their eggs.
Privacy laws in most Western countries outside the US (at least all of Western Europe) are based on the principle that you own your data.
The rest simply follows from that. If you tell Facebook to remove your data, they are, within reason, obliged to honor that request.
Now that photo may still be out there if it has been copied (of course when then come into the realm of copyright and such), but Facebook should no longer have it in their dataset, let alone be publishing it.
The privacy angle isn't about the photo being public, it's about Facebook having it in their database along with all the other stuff they have on you.
This is why American companies like Google and Facebook tend to run afoul of European privacy laws: even if the data they collect comes purely from public sources, doesn't mean they have the right to collect, and especially collate it. At least not in the European concept of privacy.
The purpose specification principle of the OECD Privacy Guidelines (which all substantial privacy laws are based on - EU, NZ, HK, etc.* ) says this:
"Finally, when data no longer serve a purpose, and if it is practicable, it may be necessary to have them destroyed (erased) or given an anonymous form. The reason is that control over data may be lost when data are no longer of interest; this may lead to risks of theft, unauthorised copying or the like."
Keeping an image URL online three years after it was requested to be deleted almost certainly counts as keeping personal data for longer than is necessary. When you upload a photo, it is usually for the purpose of sharing (as the case may be). When you decide to stop sharing, the data no longer serves that purpose and hence should be removed as soon as practicable.
* The US and Australia notably have not implemented the OECD guidelines.
There are privacy laws somewhere that cover the case of "you published a photo, and sometime later changed your mind and decided you didn't want it publicly available any more."?
Not yet, but the upcoming European Union new Data Protection Directive will give the public the right to forget " http://europa.eu/rapid/pressReleasesAction.do?reference=IP/1... ). This may offend your idea of basing things off quaint proverbs, but we do that all the time with laws.
However, this will soon be explicitly a legal requirement that Facebook (and other companies) will have to abide by.
You are not considering the case when a private picture is shared by some other person. Should allowing anyone to take a picture a themselves be a permission to do whatever he wants with that picture?
