ReadWriteWeb

Canada Tells Facebook to Improve Its Privacy Practices

Written by Frederic Lardinois / July 16, 2009 8:21 AM / 4 Comments
« Prior Post Next Post »

facebook_logo_feb09.pngIf Facebook wants to comply with Canadian privacy laws, the company will have to make some changes to how it collects and retains information about its 12 million Canadian users. Privacy Commissioner Jennifer Stoddart singled out a number of issues her office found with Facebook's practices. These include the fact that the company's privacy policies are often incomplete and confusing, and that third-party applications can access far more information about a user than would be necessary for the application to work well. The complaint that triggered this investigation was filed by the Canadian Internet Policy and Public Interest Clinic (CIPPIC).

Stricter Default Privacy Settings

Among other things, the commissioner, who reports to Parliament and can force companies to make changes to their privacy practices, asked Facebook to change the default privacy settings of photo albums to "Your Networks and Friends" instead of "Everybody," and to make sure that user profiles are inaccessible to search engines by default. Facebook is working on implementing these changes and with the per-object privacy settings that were recently introduced, most of these issues had been resolved already anyway.

Third-Party Apps

The area the commissioner focused on most, though, was third-party application and the amount of private information developers can access through these, and as of now, Facebook has not agreed to make any of the recommended changes. The commissioner recommends that Facebook should limit developers' access to only those pieces of information that are necessary to run an application, and that the company should also implement measures to prohibit the disclosure of personal information of users who aren't actually using an application themselves.

Deleting Accounts Will Remain Difficult

As for the retention of user information, Facebook apparently does not agree with the commission's recommendation to add information about account deletion to its privacy policy. For the time being, actually deleting a Facebook account will remain difficult. Under Canadian law, Facebook would have to have "appropriate purposes" to keep this information.

Facebook was also asked to add a section to its privacy policy about what happens to the accounts of deceased users (they are currently kept active), but here, too, Facebook refuses to make any changes because it considers "them unnecessary under the law."

Some Good News for Facebook

facebook_privacy_settings_jul09.pngIt's important to note that the original complaint that set off this investigation also alleged that Facebook should not ask users for their date of birth, name, and email address when registering for a Facebook account. Stoddard, however, argues that this is a reasonable request, even if Facebook didn't make the reasons for why it asks for this information very clear.

You can find more details about all the different allegations and the commissioner's recommendations, as well as Facebook's reaction, in the full report, as well as in this press release.

Overall, most of these recommendations seem quite reasonable, though especially with regards to third-party applications, it's a bit puzzling why Facebook doesn't want to do more to ensure its users' privacy.

As Facebook expands, its privacy settings have gotten more and more complicated, to the point where most users probably are just baffled by the number of choices and decide to just leave everything in the default setting.

« Prior Post Next Post »
Posted in and tagged with

Related Entries


Comments

Subscribe to comments for this post OR Subscribe to comments for all ReadWriteWeb posts

  1. Great article... check out http://www.sprezzcentral.com

    Posted by: Sprezz | July 16, 2009 9:36 AM



  2. Hi Fred, this is a terrific review and your comments are bang on. Personally, I'm hoping the rest of the planet will follow Canada's lead in ensuring privacy and ultimately identity management within Social Media in general. Without this happening, eventually Social Media will not realize its full potential. People will stop using it if they cannot trust either the people they are following or the ability of the platform to ensure their identities and privacy is protected. If people stop using it, the value is lost.

    Thanks again for your great insights!

     Posted by: Steve Dodd Author Profile Page | July 16, 2009 10:36 AM



  3. While I agree that we need more security of personal information, it would be great if we could turn the focus to the applications trying to discover the data. Having rich data available to applications can be used for some really interesting and useful purposes. If Facebook could find a way to screen the requester to filter out the spammers, identity thieves etc. the people doing good work would be free to add value to the Facebook community.

    Posted by: Kim Feraday | July 16, 2009 11:18 AM



  4. Canada are probably first of many who want more security on Facebook. The amount of times my friends have been hacked by unknown sources and just don't know who it was or what to do since it was anonymous. Would this article spark "hackers" to try and hack facebook...?

    Posted by: TechCombo | July 16, 2009 2:29 PM



Leave a comment

Optional: Sign in with Connect Facebook   Sign in with Twitter Twitter   Sign in with OpenID OpenID  |  
RWW SPONSORS


FOLLOW @RWW ON TWITTER

ReadWriteWeb on Facebook



POPULAR TAGS

TEXT LINK ADS