[IRP] facebook and privacy - canada

Lisa Horner lisa
Wed Jul 22 11:02:20 EEST 2009 

Thought this might be of interest to people looking at privacy and
social networking - extracted from the EPIC newsletter...

 

=======================================================================

[4] Canadian Commissioner Holds that Facebook Must Strengthen Privacy
=======================================================================

 

The Office of the Privacy Commissioner of Canada released a Report of
"Findings into the Complaint Filed by the Canadian Internet Policy and
Public Interest Clinic" against Facebook, Inc. The complaint was filed
by the CIPPIC under the Personal Information Protection and Electronic
Documents Act, and contained twenty-four allegations concerning a range
of Facebook business practices.

 

The PIPEDA covers privacy protections by private data holders, including
the actions of third parties to whom the data holders provide
information. It requires data holders to obtain individual consent for
any use of such data, and requires data holders, upon request, to
provide details regarding the nature of information held, and a list of
all third parties to whom the information has been provided.

 

The charges include allegations that Facebook fails to inform users:

how it uses the personal information it collects; the extent of
disclosures of such information to the more than 950,000 third-party
application developers; of new uses of the personal data collected; of
monitoring for anomalous behavior; and, of persistent cookies in mobile
Facebook. The complaint further alleges that Facebook fails to allow for
deletion (as opposed to deactivation) of user accounts or obtain consent
from non-users for upload and storage of personal information.

Privacy Commissioner Jennifer Stoddart stated that while Facebook has
clearly made efforts to maintain user privacy, "we found serious privacy
gaps in the way the site operates."

 

Facebook has agreed to many of the Commission's recommendations, and has
also proposed what the Commission calls "reasonable alternatives"

to others. The company has not, however, addressed all of the
recommendations, noting that under the current "statement of rights and
responsibilities" it would have to consult users regarding changes to
certain policies. The Commission, however, states in its report that
"[w]hile we understand the importance Facebook places on user feedback,
the legislative requirements and obligations imposed by the Act are not
contingent on user approval."

 

The Commission will review Facebook's new policies in 30 days to assess
that the company is in compliance with the ruling. If Facebook's changes
are unsatisfactory, the Commission can take the issue to Federal Court
to enforce the recommendations.

 

In June, the Article 29 Working Party warned about the dissemination and
use of information available on Social Networking Sites for other
secondary, unintended purposes. Earlier, in February, Facebook had
announced that it was opening its site governance to user voting after
the new Terms of Service were widely criticized, and were to be the
subject of an EPIC complaint to the Federal Trade Commission. Facebook
restored the old terms and sought user feedback on the new terms. About

75 percent of the users voted to adopt new terms re-drafted from user
feedback. Under the updated terms, users have the right to "own and
control their information." Facebook had also taken some steps to
improve account deletion, to limit sublicenses, and reduce data
exchanges with application developers. EPIC supported the adoption of
the new terms.

 

 

Office of the Privacy Commissioner of Canada:

      http://www.priv.gc.ca/index_e.cfm

 

Report of Findings into the Complaint Filed by the CIPPIC against
Facebook, Inc. under PIPEDA:

      http://www.priv.gc.ca/cf-dc/2009/2009_008_0716_e.cfm

 

Personal Information Protection and Electronic Documents Act (PIPEDA):

      http://www.priv.gc.ca/cf-dc/2009/2009_008_0716_e.cfm#appendixB

 

Article 29 Working Party Opinion of Social Networking Sites:

      http://epic.org/privacy/socialnet/Opinion_SNS_090316_Adopted.pdf

 

Facebook Privacy Policy:

      http://www.facebook.com/policy.php

 

Facebook Statement of Rights and Responsibilities:

      http://www.facebook.com/terms.php

 

EPIC - Facebook Privacy:

      http://epic.org/privacy/facebook/

 

EPIC - Social Networking Privacy:

      http://epic.org/privacy/socialnet/

 

 

___________________________________________________________

Lisa Horner

Head of Research & Policy  Global Partners and Associates

338 City Road, London, EC1V 2PY, UK

Office: + 44 207 239 8251     Mobile: +44 7867 795859

lisa at global-partners.co.uk <mailto:lisa at global-partners.co.uk>
www.global-partners.co.uk <http://www.global-partners.co.uk/>  

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.internetrightsandprinciples.org/pipermail/irp-internetrightsandprinciples.org/attachments/20090722/68fc55dc/attachment.htm>

More information about the IRP mailing list