UMBC ebiquity
Canada: facebook violates privacy law

Canada: facebook violates privacy law

Tim Finin, 12:20pm 17 July 2009

APF and others report that Canada considers facebook’s practices to violate its privacy law.

“Canadian officials on Thursday said Facebook was breaking national privacy law by holding on to personal information from closed accounts at the social-networking service. A Canada privacy commission report expressed “an overarching concern” that privacy information Facebook provides its more than 250 million users is “often confusing or incomplete.” Facebook said it is working with the commission to resolve its concerns in ways that safeguard privacy without disrupting user-experiences at the world’s most popular online social-networking community.”

The Office of the Privacy Commissioner of Canada conducted an investigation into a wide-ranging complaint about facebook’s privacy practices filed by the Canadian Internet Policy and Public Interest Clinic (CIPPIC).

In a July 16 press release describes the highlights of the Report of Findings into the Complaint Filed by the Canadian Internet Policy and Public Interest Clinic (CIPPIC) against Facebook Inc.. These include the following:

“An overarching concern was that, although Facebook provides information about its privacy practices, it is often confusing or incomplete. For example, the “account settings” page describes how to deactivate accounts, but not how to delete them, which actually removes personal data from Facebook’s servers.

The investigation also raised significant concerns around the sharing of users’ personal information with third-party developers creating Facebook applications such as games and quizzes. (There are more than 950,000 developers in some 180 countries.) Facebook lacks adequate safeguards to effectively restrict these outside developers from accessing profile information, the investigation found.

The investigation also found that Facebook has a policy of indefinitely keeping the personal information of people who have deactivated their accounts – a violation of the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s private-sector privacy law. The law is clear that organizations must retain personal information only for as long as is necessary to meet appropriate purposes.”


Comments are closed.