Facebook violates Canadian privacy laws

Facebook violates Canadian privacy laws
By David Gelles in San Francisco
Copyright The Financial Times Limited 2009
Published: July 16 2009 20:20 | Last updated: July 16 2009 23:19
http://www.ft.com/cms/s/0/08c09c54-723a-11de-ba94-00144feabdc0.html


Facebook has “serious privacy gaps” and must make changes to comply with Canadian laws, according to a report issued by the country’s privacy commissioner on Thursday.

This is the first time a government has found Facebook in direct violation of its laws, and comes as the world’s largest social network with 250m users, is pushing its users to share more of their information with everyone on the web.

“Facebook has to be more transparent about telling people what they do with their personal information, how long they keep it, and who is able to use it,” said commissioner Jennifer Stoddart. There are 12m Facebook users in Canada, more than a third of the country’s 33.6m citizens.

Ms Stoddart identified four areas where Facebook should make changes to increase users’ privacy. Topping the list was concern over the ability of third parties to access sensitive user information through applications on the Facebook platform. “Our major concerns are about the broad access third parties have to individual’s information,” said Elizabeth Denham, assistant commissioner.

The report also criticised the company’s policy of retaining user information after an account has been deactivated and its ambiguous rules for maintaining accounts of the deceased. Finally, the report suggested Facebook modify its policy of retaining the e-mail addresses of non-users who are invited to join the site, but decline.

Facebook has 30 days to respond to the report. If the company fails to make the suggested changes, the privacy commission can turn to federal courts to enforce their recommendations.

The commissioner said the courts had jurisdiction over Facebook because the company operated and had offices in Canada.

As Facebook expands, regulators around the globe are taking a closer look at its privacy settings.

Last month, an advisory group to the European Union also issued concerns about data on social networks being shared with third party sites.

Marc Rotenberg, president of the Electronic Privacy Information Centre, a US-based advocacy group, expressed concern that regulators in the US were not taking a similarly close look at privacy issues. “There is staggering silence in the US on emerging privacy issues,” he said. “The US Federal Trade Commission either lacks the ability or the interest to produce similar findings.”

The report was issued in response to a complaint filed in May 2008 by the Canadian Internet Policy and Public Interest Clinic, a group based at the University of Ottawa law school. The complaint covered 12 distinct subjects, but the commission’s report only made recommendations on four of them. Of the others, four were deemed invalid and four had been addressed by Facebook.

“Facebook is pleased that the Canadian Federal Privacy Commissioner has dismissed most of the inaccurate claims brought by CIPPIC,” Facebook said in a statement. “Facebook and the Canadian Privacy Commissioner’s Office share the common goal of making the internet more privacy friendly for Canadians and users across the world.”