Update: Canada: Facebook Must Bolster Privacy Practices
By Brennon Slattery
(This post was updated July 16 at 6 p.m. ET)
The Privacy Commissioner of Canada has determined that Facebook does not meet Canada’s privacy legislation requirements. The ruling was issued following an investigation into the social network’s privacy practices by the Canadian government, which recommends that Facebook bolster its settings and simplify controls so users can make informed decisions about how much information they wish to share and know what happens to their information once it’s posted.
The investigation, prompted by a complaint from the Canadian Internet Policy and Public Interest Clinic, determined that Facebook should become more transparent.
Also criticized were Facebook’s relationships with third-party developers of games, quizzes, and other entertainments. According to the report, Facebook lacks safeguards preventing third-parties from parsing profile information. Privacy Commissioner Jennifer Stoddart noted concern because Facebook doesn’t know exactly what information these developers can access, and that information may be used for intrusive purposes. The investigation resulted in a recommendation that apps use only what’s necessary to run the program.
Facebook agreed to implement most recommendations. On some of them, it has proposed “reasonable alternatives.” Still, there are some recommendations Facebook has not agreed to implement. It is unclear as of now which ones these are.
“We urge Facebook to implement all of our recommendations to further enhance their site, ensure they are in compliance with privacy law, and ultimately show themselves as models of privacy,” Canada’s Assistant Commissioner Elizabeth Denham said.
* Update July 16, 6 p.m. ET *
Valerie Lawton of the Office of the Privacy Commissioner of Canada contacted PC World with the following additional information:
The four areas where we remain dissatisfied by Facebook’s response to our recommendations are the following.
Facebook should allow third-party application developers to access only the user information that is required to run a specific application. Facebook should allow no access at all to the information of users who are not themselves adding an application.
Facebook should implement a retention policy under which the personal information of users who have deactivated their accounts will be deleted from the site’s servers after a reasonable length of time.
Facebook should better protect the privacy of non-users who are either identified in photographs or invited to join the site.