Canadian group charges that Facebook violates privacy laws
Complaint seeks review of social network rules by Canadian Privacy Commissioner
The Canadian Internet Policy and Public Interest Clinic (CIPPIC), based at the University of Ottawa, asks the Privacy Commissioner of Canada to investigate what it describes as Facebook's failure to inform members how their personal information is disclosed to third parties for advertising and other commercial activities. The complaint also alleges that Facebook has failed to obtain permission from members for disclosure of their personal information.
In a statement to Computerworld, Facebook said it prides itself in offering users "industry leading" over personal information.
Facebook added that it will work with the Canadian privacy commissioner to "set the record straight and will continue out ongoing efforts to educate users and the public around privacy controls on Facebook."
The complaint alleges that Facebook violates the Canadian Personal Information Protection and Electronic Documents Act, which Philippa Lawson, the clinic's director, said is much stricter than U.S. personal information protection laws.
"In Canada, we have data protection legislation that applies to all commercial entities that require [them] to get informed consent from individuals before they collect, use or disclose personal information," she said. "You can't collect more personal information than you need for the purpose you get consent. We think Facebook is violating those rules in a number of respects."
The group contends that Facebook violates the law in three areas: social networking, social advertising and third-party applications.
On the social networking side, the complaint says that Facebook is not clear enough about broadly user information is shared with people they don't know, Lawson said. For example, Facebook allows users to join groups called Networks based on geographical location, hobbies and interests. The complaint acknowledges that upon joining a Network, users are informed that they will be sharing their profiles with other users in the network, and are informed they can change their privacy setting to prevent this sharing. However, the complaint notes that they are not prompted to go to a page to change the settings.
"There are problems with that in that it is not clear enough to users how broadly their information is being shared with people they don't know," according to Lawson. "The default privacy settings are set to share with strangers. Under Canadian law, they would have to get opt-in consent … rather than defaulting people to share and then expect them to figure out how they can opt out."
- The DDoS Threat Spectrum Bolstered by favorable economics, today's global botnets are using distributed denial-of-service (DDoS) attacks to target firewalls, web services, and applications, often simultaneously.
- Need to Replace MS Threat Management Gateway? Read this article to learn how F5's Secure Web Gateway solution provides a full set of features that can help you successfully migrate...
- The Shortfall of Network Load Balancing Applications running across networks encounter a wide range of performance, security, and availability challenges as IT department strive to deliver fast, secure access...
- Leave No App Behind with Software Defined Application Services F5 Software Defined Application Services (SDAS) is the next-generation model for delivering application services that enables service injection, consumption, automation, and orchestration across...
- What Does it Take to Deliver a Superior Customer Experience? The Two Top-Rated Online Retailers, B&H Photo and Crutchfield Electronics, Share Their Secrets Discuss practical CX tools and service methods such as contact center agents and the use of realtime speech analytics to help contact center...
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily... All Web Apps White Papers | Webcasts