Canadian group charges that Facebook violates privacy laws
Complaint seeks review of social network rules by Canadian Privacy Commissioner
The Canadian Internet Policy and Public Interest Clinic (CIPPIC), based at the University of Ottawa, asks the Privacy Commissioner of Canada to investigate what it describes as Facebook's failure to inform members how their personal information is disclosed to third parties for advertising and other commercial activities. The complaint also alleges that Facebook has failed to obtain permission from members for disclosure of their personal information.
In a statement to Computerworld, Facebook said it prides itself in offering users "industry leading" over personal information.
Facebook added that it will work with the Canadian privacy commissioner to "set the record straight and will continue out ongoing efforts to educate users and the public around privacy controls on Facebook."
The complaint alleges that Facebook violates the Canadian Personal Information Protection and Electronic Documents Act, which Philippa Lawson, the clinic's director, said is much stricter than U.S. personal information protection laws.
"In Canada, we have data protection legislation that applies to all commercial entities that require [them] to get informed consent from individuals before they collect, use or disclose personal information," she said. "You can't collect more personal information than you need for the purpose you get consent. We think Facebook is violating those rules in a number of respects."
The group contends that Facebook violates the law in three areas: social networking, social advertising and third-party applications.
On the social networking side, the complaint says that Facebook is not clear enough about broadly user information is shared with people they don't know, Lawson said. For example, Facebook allows users to join groups called Networks based on geographical location, hobbies and interests. The complaint acknowledges that upon joining a Network, users are informed that they will be sharing their profiles with other users in the network, and are informed they can change their privacy setting to prevent this sharing. However, the complaint notes that they are not prompted to go to a page to change the settings.
"There are problems with that in that it is not clear enough to users how broadly their information is being shared with people they don't know," according to Lawson. "The default privacy settings are set to share with strangers. Under Canadian law, they would have to get opt-in consent … rather than defaulting people to share and then expect them to figure out how they can opt out."
- How Network Connections Drive Web Application Performance Users around the globe, on all sorts of devices, expect Web applications to function as seamlessly as desktop applications. This paper discusses the...
- Big Data, Big Mess: Sound Risk Intelligence Through Complete Context This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Web Apps White Papers | Webcasts