Facebook Violates Canadian Privacy Law

← Back to Stories (view on slashdot.org)

Facebook Violates Canadian Privacy Law

Posted by kdawson on Friday July 17, 2009 @03:55AM from the over-sharing dept.

Myriad and a number of other readers passed along the news that the Canadian Privacy Commissioner has made a determination that Facebook violates Canadian privacy law in four different respects. Canada has the highest per-capita facebook participation in the world — about a third of the population — according to coverage in The Star. The EU is also expressing similar privacy concerns, though Canada's action "represents the most exhaustive official investigation of Facebook privacy practices anywhere in the world," says Michael Geist. The CBC's coverage spells out the areas of privacy concern, in particular that nearly a million developers of Facebook apps in 180 countries have full access to the entirety of users' private data. Also of concern: Facebook holds on to your data indefinitely after you quit the site. The BBC notes that Facebook is working with the privacy commission to resolve the issues, and quotes a Facebook spokesman thus: "Overall, we are looking for practical solutions that operate at scale and respect the fact that people come to share and not to hide." (Schneier recently blogged about research on "privacy salience," and cited Facebook's practices among others' as practical examples of how social networking sites have learned not to push the privacy issue in users' faces.)

10 of 179 comments (clear)

Min score:

Reason:

Sort:

Draconian Laws by A.+B3ttik · 2009-07-17 03:58 · Score: 4, Insightful

Does anyone actually expect privacy from these networking sites anymore?

Besides, who puts something on Facebook that they _want_ to keep _private_?
1. Re:Draconian Laws by schon · 2009-07-17 04:01 · Score: 4, Insightful
  
  who puts something on Facebook that they _want_ to keep _private_?
  People who don't know any better, who are (incidentally) the same people the privacy laws were written to protect.
2. Re:Draconian Laws by Beardo+the+Bearded · 2009-07-17 04:40 · Score: 4, Insightful
  
  That's not the point.
  The point is that Facebook is disclosing personal information to any developer that asks for it, without regard to what the information is, or what use the developer has for the information. That's against Canadian law.
  The quote in the article states it most clearly: "Why does a hangman developer have to know your address?"
  
  --
  
  ---
  ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
3. Re:Draconian Laws by psyklopz · 2009-07-17 04:48 · Score: 4, Insightful
  
  It is worth noting that Facebook violates privacy of more than just its members.
  The summary does not mention this, but one of the things the Canadian study found was that users of Facebook can post photos and Tag the names of each person in the photo (whether they are on Facebook or not).
  I believe there are good reasons why a non-Facebook user would not want their images posted, and for that matter, have a searchable Tag posted against that image.
  Presently, I can't 'opt-out' of images of myself being posted by members, even though I am not on Facebook.
  And on the same subject-- should I even need to 'opt-out'? Maybe they should require 'opt-in'?
4. Re:Draconian Laws by Ephemeriis · 2009-07-17 05:40 · Score: 3, Insightful
  
  You're right, but I don't think Joe Sixpack necessarily understands the concepts of data mining, profiling, etc and how they might relate to social networking sites. Nor do I think he, or the average teenager, understands the permanence of data or the associated implications.
  And frankly, what may make sense to post on a gigantic billboard in your front yard may not make sense, or even be legal, tomorrow. Times change. Governments change. Social mores change. I think expecting your average internet user to consider these things is asking a little much.
  
  No it isn't.
  People have been making decisions (sometimes stupid ones) and living with the consequences for centuries. Ok, maybe it's easier to squash a verbally-distributed nasty rumor than a digitally-distributed incriminating photo, but that doesn't mean that common sense no longer applies.
  Look back at some printed statements over the years... Things that were appropriate at the time and showed up very proudly in newspapers all over the united states, and now look very embarrassing.
  Political careers have been ended because of a youthful indiscretion or an incriminating photograph.
  Tons of people have tattoos that they wish they hadn't gotten.
  Plenty of people have taken pictures they shouldn't have, and had it used against them.
  Ever hear of Nixon? Recorded some tapes he probably wished he hadn't.
  How about Sotomayor? Bet she wishes she hadn't said some things right about now.
  This isn't about understanding data mining or profiling, this is about simple common sense - which is apparently in short supply these days. If I proudly proclaim that I like big butts on FaceBook you don't need to mine any data - you know that I like big butts. You don't have to profile anything, I've stated it in plain text. Oh, now my mother read it and I'm embarrassed? I guess I shouldn't have written it where she could see it, now should I?
  Twitter, FaceBook, MySpace, blogs, text messaging, cell phones... They're all just ways of distributing a message. The problem isn't that distribution has become insanely quick, easy, and efficient. The problem is that nobody is thinking about the message anymore.
  Folks will call up a friend and have a running conversation about the random people walking by them and what they're wearing - why? Just because you can tell your friend that somebody wearing a Penny Arcade t-shirt doesn't mean you have to.
  People actually report on their bowel movements! Why?!
  
  --
  "Work is the curse of the drinking classes." -Oscar Wilde
5. Re:Draconian Laws by ToadProphet · 2009-07-17 06:00 · Score: 3, Insightful
  
  Yup, however...
  Your examples are ones that have easily recognizable consequences for just about anyone. My point is more about the ones that take considerably more thought. For example, you give a big thumbs up to some fringe political party that, in the not so distant future, is outlawed with the supporters being flagged. Hell, atheism could become illegal someday if some fanatics got their way.
  Extreme examples, for sure, but I believe the point is clear
  
  --
  It's on America's tortured brow, That Mickey Mouse has grown up a cow
Re:Simple solution by MadCow42 · 2009-07-17 04:08 · Score: 4, Insightful

I agree - if Facebook doesn't have a Canadian legal entity, nor Canadian hosting, the answer is "who cares"? I'm Canadian, BTW.
Just because there's users on FB from all around the world, it doesn't mean that FB has to abide by all countries' laws. If that were the case, the Internet would be a hobbled and useless mess.
MadCow.

--
I used to have a sig, but I set it free and it never came back.
Re:Simple solution by RiotingPacifist · 2009-07-17 04:13 · Score: 3, Insightful

They still do business in Canada when they sell ads for Canadian companies/sell stuff to Canadians/etc, now they could lose that revenue, or they could work with officials to improve the privacy of their users, thus keeping that revenue while improving their site. Do facebook really want to lose 11m users worth of revenue (and probably more long term as the EU may follow suit) ?

--
IranAir Flight 655 never forget!
Re:Simple solution by Guspaz · 2009-07-17 04:29 · Score: 3, Insightful

If you're serving, catering, and marketing to users in Canada, and even partnering with Canadian telecoms to get your software on their phones, then a physical presence might not be required.
The mere fact that I can walk around Montreal and see advertisements for Facebook indicates that at the very least they could be forced to stop advertising in Canada, and the telecoms could be forced to stop distributing/bundling the Facebook apps. Even if they don't have a legal presence in Canada, they certainly do have *a* presence, and that's enough to force changes. That gives the Canadian government leverage to force Facebook to make changes.
"Comply with our laws or we'll cut off all your marketing and partnerships in Canada."
The real situation by Anonymous+Brave+Guy · 2009-07-17 06:42 · Score: 4, Insightful

Twitter, FaceBook, MySpace, blogs, text messaging, cell phones... They're all just ways of distributing a message. The problem isn't that distribution has become insanely quick, easy, and efficient. The problem is that nobody is thinking about the message anymore.
Actually, the problems being cited by the privacy officials are more the kind of thing the average user probably would not realise/anticipate.
If I ask a site to delete my personal data when they no longer have any reason to hold it, I might reasonably expect them to delete it — not stick some flag in a database, and then find when they have a security breach in five years' time that the data was still there. If an organisation is unwilling to follow this rule, the law should make them; the consequences of failing to do so with modern technology are demonstrated all too frequently, and often with horrendous, underserved consequences for those affected.
If I flag my personal data as private and restrict access to only a select group of friends, I might reasonably expect that data to be kept private and accessible only to those friends — not made accessible, in its entirety, to a million arbitrary developers of Facebook apps around the world, many from countries with far less privacy protection than the law in my country (and other countries where Facebook is hosted) provides. Again, if a site that specialises in collecting personal data and attracts that data on the basis that it can be held in confidence is unable to keep that confidence, the law should compel them to do so.
The way Facebook doesn't really delete data and the way they allow app developers open-ended access to it are the two big reasons I personally don't use their service, and I would be interested to know how many of my Facebook-using friends would agree if they knew the full implications of signing up for one game of Scrabulous or whatever it's called these days.
The world has changed in the Internet age, because now transgressions that might have been forgotten or overlooked after a while in the past are kept on-file forever and searchable for all to see. That in itself makes both education (particularly for the young/vulnerable), privacy awareness, and explicit legal protections for personal information much more important.
Personally, I believe personal data protection and privacy laws are far, far too weak in most jurisdictions today, lagging well behind modern technology and its less constructive applications. I would like to see statutory safeguards on all collection, use and distribution of personal data, and awesome, business-destroying penalties for those who are not careful enough to do so.
Our current path, towards a database state and wholesale aggregation of personal data by private entities, using software that is frequently insecure, with low-level staff unreliable at following even basic security procedures, in a world where leaks can turn a victim's life upside down and the damage may be expensive or impossible to fix, is not a healthy path to follow.
Basically, it's reasonable to expect some common sense from those old enough to know what they're doing, but it is not reasonable to expect people to make decisions based on information they probably don't know or understand, and in any case, no-one is perfect and I personally think society would be a better place with stronger privacy laws governing organisations that compile massive databases of personal data. As I often comment in these discussions, just because we can do something does not mean we should, and just because someone who is only human once made a mistake does not mean we have to catalogue it and make it searchable by anyone for the rest of their life.

--
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.