-------- Original Message --------
Subject: [IRP] facebook and privacy - canada
Date: Wed, 22 Jul 2009 09:02:20 +0100
From: Lisa Horner <lisa@global-partners.co.uk>
To: irp <Irp@lists.internetrightsandprinciples.org>


Thought this might be of interest to people looking at privacy and social networking – extracted from the EPIC newsletter…

 

=======================================================================

[4] Canadian Commissioner Holds that Facebook Must Strengthen Privacy =======================================================================

 

The Office of the Privacy Commissioner of Canada released a Report of "Findings into the Complaint Filed by the Canadian Internet Policy and Public Interest Clinic" against Facebook, Inc. The complaint was filed by the CIPPIC under the Personal Information Protection and Electronic Documents Act, and contained twenty-four allegations concerning a range of Facebook business practices.

 

The PIPEDA covers privacy protections by private data holders, including the actions of third parties to whom the data holders provide information. It requires data holders to obtain individual consent for any use of such data, and requires data holders, upon request, to provide details regarding the nature of information held, and a list of all third parties to whom the information has been provided.

 

The charges include allegations that Facebook fails to inform users:

how it uses the personal information it collects; the extent of disclosures of such information to the more than 950,000 third-party application developers; of new uses of the personal data collected; of monitoring for anomalous behavior; and, of persistent cookies in mobile Facebook. The complaint further alleges that Facebook fails to allow for deletion (as opposed to deactivation) of user accounts or obtain consent from non-users for upload and storage of personal information.

Privacy Commissioner Jennifer Stoddart stated that while Facebook has clearly made efforts to maintain user privacy, "we found serious privacy gaps in the way the site operates."

 

Facebook has agreed to many of the Commission's recommendations, and has also proposed what the Commission calls "reasonable alternatives"

to others. The company has not, however, addressed all of the recommendations, noting that under the current "statement of rights and responsibilities" it would have to consult users regarding changes to certain policies. The Commission, however, states in its report that "[w]hile we understand the importance Facebook places on user feedback, the legislative requirements and obligations imposed by the Act are not contingent on user approval."

 

The Commission will review Facebook's new policies in 30 days to assess that the company is in compliance with the ruling. If Facebook's changes are unsatisfactory, the Commission can take the issue to Federal Court to enforce the recommendations.

 

In June, the Article 29 Working Party warned about the dissemination and use of information available on Social Networking Sites for other secondary, unintended purposes. Earlier, in February, Facebook had announced that it was opening its site governance to user voting after the new Terms of Service were widely criticized, and were to be the subject of an EPIC complaint to the Federal Trade Commission. Facebook restored the old terms and sought user feedback on the new terms. About

75 percent of the users voted to adopt new terms re-drafted from user feedback. Under the updated terms, users have the right to "own and control their information." Facebook had also taken some steps to improve account deletion, to limit sublicenses, and reduce data exchanges with application developers. EPIC supported the adoption of the new terms.

 

 

Office of the Privacy Commissioner of Canada:

      http://www.priv.gc.ca/index_e.cfm

 

Report of Findings into the Complaint Filed by the CIPPIC against Facebook, Inc. under PIPEDA:

      http://www.priv.gc.ca/cf-dc/2009/2009_008_0716_e.cfm

 

Personal Information Protection and Electronic Documents Act (PIPEDA):

      http://www.priv.gc.ca/cf-dc/2009/2009_008_0716_e.cfm#appendixB

 

Article 29 Working Party Opinion of Social Networking Sites:

      http://epic.org/privacy/socialnet/Opinion_SNS_090316_Adopted.pdf

 

Facebook Privacy Policy:

      http://www.facebook.com/policy.php

 

Facebook Statement of Rights and Responsibilities:

      http://www.facebook.com/terms.php

 

EPIC - Facebook Privacy:

      http://epic.org/privacy/facebook/

 

EPIC - Social Networking Privacy:

      http://epic.org/privacy/socialnet/

 

 

___________________________________________________________

Lisa Horner

Head of Research & Policy  Global Partners and Associates

338 City Road, London, EC1V 2PY, UK

Office: + 44 207 239 8251     Mobile: +44 7867 795859

lisa@global-partners.co.uk  www.global-partners.co.uk