A Canadian university law clinic has filed a privacy complaint against Facebook, alleging that the social-networking site's policies include 22 separate violations of a Canadian privacy law.

The complaint, from the Canadian Internet Policy and Public Interest Clinic (CIPPIC), based at the University of Ottawa Faculty of Law, says Facebook has failed to inform its members of how personal information is disclosed to third-party advertisers, and has failed to obtain permission from members to disclose their personal information. Facebook's policies violate the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), CIPPIC said in its complaint, filed with the Office of the Privacy Commissioner.

CIPPIC targeted Facebook because the site is popular in Canada, with about 7 million members of the site in a nationwide population of 33 million, said clinic director Philippa Lawson. Social-networking sites are "proving to be a tremendous tool for community-building and social change, but at the same time, a minefield of privacy invasion," Lawson said. "We chose to focus on Facebook ... because it appeals to young teens who may not appreciate the risks involved in exposing their personal details online."

Canadian Privacy Commissioner Jennifer Stoddart has a year to act on CIPPIC's complaint. The commissioner's office focuses on negotiation to resolve privacy disputes, but it can seek court injunctions if negotiations fail to resolve the issues.

Facebook spokespeople did not immediately respond to requests for comments. Facebook has taken several steps in recent months to resolve continuing privacy concerns. In mid-March, the site rolled out new privacy controls that allow users to choose which of their friends can see personal information, and in April, the site released a plug-in to allow users to monitor and delete cookies created by the controversial Facebook Beacon advertising system.

The complaint is based on Facebook's privacy policies and controls as of March 27, Lawson said.

While Facebook says its users have a high level of control over their data, that's "not entirely true," said Harley Finkelstein, a law student who helped file the complaint. Even if a user has the highest privacy settings on Facebook, his information may be shared if his friends have lower privacy settings, he said. In addition, Facebook members using third-party applications on the site must share their personal information with the application developer, he said.

"If you and I are friends, and you are using one of these applications ... the third-party developer will, by default, have access to my personal information," Finkelstein said.