| It seems Facebook and the Canadian Privacy Commission have come to an understanding. On one side, Facebook has agreed to limit the amount of personal information third-party software developers can collect from members. And on the other side, the privacy commission appears to be willing to wait for Facebook to add more controls over time to address other privacy concerns.
In a brokered agreement announced Thursday, the privacy commission has agreed to give Facebook one year to make “complex” technical changes to its service that are required to protect user privacy. Meanwhile, Facebook has agreed to limit the amount of personal information third party developers of such add-ons as games and quizzes can collect from Facebook users.
While the negotiations have largely taken place in Canada, the impact of the agreement will be felt by Facebook users globally as the company says it will implement the changes across its platform. In addition, the ruling is being closely watched by other social networking sites like MySpace and LinkedIn, which could also find themselves running afoul of the Canadian Privacy Commission and privacy bodies in other countries.
By way of background, last month the commission issued a report saying the social networking site had “serious privacy gaps”. An investigation into the service was launched after a complaint was filed by the Canadian Internet Policy and Public Interest Clinic, a research body at the University of Ottawa.
The privacy commission dismissed four of 12 complaints filed as being without merit, and Facebook addressed another four complaints in the interim. However, the commission ruled four remaining complaints were “well founded.”
The four areas the commission sided with the plaintiff were:
• Facebook's practice of allowing third-party application developers to access personal information of Facebook users. Facebook allows developers to provide its clients with access to such add-ons as personal fitness trackers, horoscopes, surveys, and a wide range of games. In so doing, it allows those third-party developers to access user information.
• Deactivation and deletion of accounts. Facebook does not have a policy where the personal information of deactivated account holders is deleted after a reasonable amount of time.
• The deletion of accounts of users who have died. Facebook states in its terms of usage that it retains the right to keep a deceased user's profile active for memorial purposes, however, the privacy commission found that the company should do more to make users aware of this policy and provide them with the ability to opt-out.
• The collection of personal information of non-users. It is possible for users to post personal information about non-Facebook users as well as the profiles of other users through such features as "News Feed" and "Wall". It is also possible to identify non-users by tagging photos or videos. The privacy commission recommended that Facebook implement measures to address the lack of consent, including placing a limit on the retention of non-users' email addresses.
In a press conference Thursday, Canadian Privacy Commissioner Jennifer Stoddart said she was pleased with the actions being taken by Facebook. “We are satisfied that with these changes Facebook is on the way to meeting the requirements of Canada’s privacy law,” she said. “The privacy of people using this site, not only in Canada but around the world, will be better protected.”
Only registered users can write comments.
Please login or register. |
