Canadian Group Files Facebook Privacy Complaint

bergkamp writes "A Canadian public policy group filed a complaint charging Facebook with 22 separate violations of a Canadian personal information protection law. The Canadian Internet Policy and Public Interest Clinic, based at the University of Ottawa, asked the Privacy Commissioner of Canada to investigate what it describes as Facebook's failure to inform members (PDF) how their personal information is disclosed to third parties for advertising and other commercial purposes. The complaint also alleges that Facebook has failed to obtain permission from members for disclosure of their personal information. The claim is that that Facebook violates the Canadian Personal Information Protection and Electronics Documents Act, which Philippa Lawson, the clinic's director, said is much stricter than US personal information protection laws."

Re:I don't get it

[al3]

The issue is that in order for a company to do business in Canada it must respect this nation's privacy laws. In this case, it's about notifying people how their information will be used. Check it out: "[PIPEDA is] an Act to support and promote electronic commerce by protecting personal information that is collected..." http://www.privcom.gc.ca/legislation/02_06_01_01_e.asp Facebook is being accused of not following the law of the land. The interesting legal test will be to see whether or not a US-hosted site is required to conform to this law, and how this will impact application developers inside and outside of Canada.

Re:I don't get it

[hweimer]

It should be obvious to anyone with a level of intelligence higher then a chimp that Facebook shares information, it's an information sharing site! The problem is not so much the information being shared by using the site as advertized, but the unintended consequences. Why does an application developer (read: everyone interested in your personal data) need to have access to all your data?

You are probably right that when posting on Facebook one should assume that the information will be essentially available to the general public. However, Facebook claims otherwise and therefore they should be liable for this.

Re:Don't use it then!

[xaxa]

There are still privacy issues even if you don't use Facebook, as identified in the document. Facebook users can still tag non-Users in photos and videos, and invite them to events. Facebook collects and retains this information without the non-User providing any consent!

Here's one extract:

When Facebook collects non-Usersâ(TM) email addresses to send them invitations to Facebook, it collects this personal information from parties other than the individual in question. By retaining
such email addresses for its own purposes, Facebook is violating the âoeknowledge and consentâ principle outlined in Principle 4.3.3 of PIPEDA by not informing the individual why his or her email address is kept. The non-User has not consented to this retention of information, and is most likely unaware that it is taking place. The non-User only receives an automated email from
their friend via Facebook, which encourages the individual to join the Network. The email gives no indication to the receiver that their information will now be kept on file or that they must contact Facebook directly to remove themselves from the list. Furthermore, if the individual has received more than one invitation to join Facebook, all past invitations will reappear on the new invitation. This is a clear example of how Facebook retains non-Userâ(TM)s information.