News

Canadian Group Charges that Facebook Violates Privacy Laws

Complaint seeks review of social network rules by Canadian Privacy Commissioner.

MORE ON CIO.com

Canadian Law Clinic Files Privacy Complaint Against Facebook

Facebook Pushes Ahead with Profile Redesign

Facebook CEO on Google Friend Connect: Privacy Issues a Problem

The Canadian Internet Policy and Public Interest Clinic (CIPPIC), based at the University of Ottawa, asks the Privacy Commissioner of Canada to investigate what it describes as Facebook's failure to inform members how their personal information is disclosed to third parties for advertising and other commercial activities. The complaint also alleges that Facebook has failed to obtain permission from members for disclosure of their personal information.

Facebook did not respond to a request for comment.

The complaint alleges that Facebook violates the Canadian Personal Information Protection and Electronics Documents Act, which Philippa Lawson, the clinic's director, said is much stricter than U.S. personal information protection laws.

"In Canada we have data protection legislation that applies to all commercial entities that require [them] to get informed consent from individuals before they collect, use or disclose personal information," she said. "You can't collect more personal information than you need for the purpose you get consent. We think Facebook is violating those rules in a number of respects."

The group contends that Facebook violates the law in three areas: social networking; social advertising; and third-party applications.

On the social networking side, the complaint says that Facebook is not clear enough about broadly user information is shared with people they don't know, Lawson said. For example Facebook allows users to join groups called Networks based on geographical location, hobbies and interests. The complaint acknowledges that upon joining a Network, users are informed that they will be sharing their profiles with other users in the network, and are informed they can change their privacy setting to prevent this sharing. However, the complaint notes that they are not prompted to go to a page to change the settings.

"There are problems with that in that it is not clear enough to users how broadly their information is being shared with people they don't know," according to Lawson. "The default privacy settings are set to share with strangers. Under Canadian law they would have to get opt-in consent— rather than defaulting people to share and then expect them to figure out how they can opt out."

The complaint alleges that Facebook violates the same parts of the law with its social ads that share information about user purchases and other activities with their Network friends. The social network does not provide enough information about how their personal data will be used, and it doesn't require users to opt-in to the social ads, the complaint noted.

1 | 2 |next page »

Comments

Share [+]

TOOLS

Comments

Digg This

SlashDot

CENTER OF EXCELLENCE

Security

» Prudential Financial Protects its Brand with Symantec Data Loss Prevention Solutions
FORTUNE 100 insurance leaders rely on the Symantec Data Loss Prevention solution to protect sensitive customer data.

» Information Security: Data Drains and How to Prevent Loss
Do you know where your confidential data is, where it is going, and how to prevent it from leaving your organization.

» Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands
Learn what the thought-leaders at PricewaterhouseCoopers have to say on the risks associated with data security.

» 7 Requirements of Data Loss Prevention
Incorporate best practices from many companies using DLP solutions as you establish your organization's requirements and safeguard confidential data.

» Ponemon Study: How Much Does a Data Breach "Cost"?
35 U.S. organizations that lost confidential information and had a regulatory requirement to publicly notify affected individuals are studied in this report.

Center sponsored by