Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook Violates Canadian Privacy Law

Posted by kdawson on from the over-sharing dept.

Myriad and a number of other readers passed along the news that the Canadian Privacy Commissioner has made a determination that Facebook violates Canadian privacy law in four different respects. Canada has the highest per-capita facebook participation in the world — about a third of the population — according to coverage in The Star. The EU is also expressing similar privacy concerns, though Canada's action "represents the most exhaustive official investigation of Facebook privacy practices anywhere in the world," says Michael Geist. The CBC's coverage spells out the areas of privacy concern, in particular that nearly a million developers of Facebook apps in 180 countries have full access to the entirety of users' private data. Also of concern: Facebook holds on to your data indefinitely after you quit the site. The BBC notes that Facebook is working with the privacy commission to resolve the issues, and quotes a Facebook spokesman thus: "Overall, we are looking for practical solutions that operate at scale and respect the fact that people come to share and not to hide." (Schneier recently blogged about research on "privacy salience," and cited Facebook's practices among others' as practical examples of how social networking sites have learned not to push the privacy issue in users' faces.)

13 of 179 comments (clear)

  1. Draconian Laws by A.+B3ttik · · Score: 4, Insightful

    Does anyone actually expect privacy from these networking sites anymore?

    Besides, who puts something on Facebook that they _want_ to keep _private_?

    1. Re:Draconian Laws by schon · · Score: 4, Insightful

      who puts something on Facebook that they _want_ to keep _private_?

      People who don't know any better, who are (incidentally) the same people the privacy laws were written to protect.

    2. Re:Draconian Laws by RiotingPacifist · · Score: 5, Interesting

      Does anyone actually expect privacy from these networking sites anymore?

      Yes many people do, not all countries believe so strongly in the market as the US and we often want restrictions put on businesses to keep our data the way we want it.

      Besides, who puts something on Facebook that they _want_ to keep _private_?

      People with friends, FB is not myspace (its not a site to go meet random people off the internet with) it's a site to allow friends (of varying levels of technical competency) to keep in touch and communicate. I put stuff i want my friends to see on my facebook profile that perhaps i don't want everybody in the world to know about! embarrassing pictures people take of me can be tagged on facebook, tbh i don't care if my mates see me passed out in a field but i sure as hell don't want everybody on the internet (including prospective employers) to see it. If i have a choice between
      1)total privacy
      2)a convenient way being able to organise events and nights out much easier at the expense of privacy.
      I'm going to choose 2, however if that expense can be reduced then that is great.

      --
      IranAir Flight 655 never forget!
    3. Re:Draconian Laws by ceoyoyo · · Score: 4, Interesting

      Some people use Facebook to keep in touch with friends, not to post compromising pictures of themselves. Most Facebook profiles these days are only available to friends of the owner.

      The apps thing has always bothered me about Facebook. The vast majority of apps are stupid and easy to ignore but there are a few interesting ones that I might use except that the only way to do so seems to be to give the free run of any and all personal information. Why did a game of Scrabble need to know anything more than my user number?

    4. Re:Draconian Laws by sodul · · Score: 4, Interesting

      There's one thing that disturbed me about Facebook: I wanted to apply for a position there, but you need a Facebook account in order to do so. So why not ? You have to provide some personal information especially your birth date, which is illegal for a prospect employer to ask.

      I understand the recruiters might not look actively look for your birth date, yet now it's there for them to look at, forever in their database.

    5. Re:Draconian Laws by Beardo+the+Bearded · · Score: 4, Insightful

      That's not the point.

      The point is that Facebook is disclosing personal information to any developer that asks for it, without regard to what the information is, or what use the developer has for the information. That's against Canadian law.

      The quote in the article states it most clearly: "Why does a hangman developer have to know your address?"

      --

      ---
      ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
    6. Re:Draconian Laws by psyklopz · · Score: 4, Insightful

      It is worth noting that Facebook violates privacy of more than just its members.

      The summary does not mention this, but one of the things the Canadian study found was that users of Facebook can post photos and Tag the names of each person in the photo (whether they are on Facebook or not).

      I believe there are good reasons why a non-Facebook user would not want their images posted, and for that matter, have a searchable Tag posted against that image.

      Presently, I can't 'opt-out' of images of myself being posted by members, even though I am not on Facebook.

      And on the same subject-- should I even need to 'opt-out'? Maybe they should require 'opt-in'?

  2. Easy data mining for 3rd parties by Locklin · · Score: 5, Interesting

    Everybody seems to expect that Facebook has all this information, the issue is with applications/quizzes. By setting up some stupid quiz, you can collect contact and network data on everyone who fills it out. This could be used for everything from marketing research to "investigation" of various social/political groups.

    --
    "Knowledge is the only instrument of production that is not subject to diminishing returns" -Journal of Political Econom
  3. Re:Simple solution by MadCow42 · · Score: 4, Insightful

    I agree - if Facebook doesn't have a Canadian legal entity, nor Canadian hosting, the answer is "who cares"? I'm Canadian, BTW.

    Just because there's users on FB from all around the world, it doesn't mean that FB has to abide by all countries' laws. If that were the case, the Internet would be a hobbled and useless mess.

    MadCow.

    --
    I used to have a sig, but I set it free and it never came back.
  4. The answer is pretty simple by Minion+of+Eris · · Score: 5, Informative

    DO NOT RUN ANY APPS!!! Sorry for shouting, but I have been saying this to people for years now (since the first time i read the terms for FaceBook apps). I am not knocking FB as a tool in and of itself, in fact I am very grateful to them for letting my daughter find me after 16 years of seperation (true story - she searched my name and sent me a message) but come on, they state clearly that if you want to plant a garden (or whatever) the developer gets to see all of your info. just Don't Do It. thanks for the rant-space.

    --
    Please don't dominate the rap, Jack, if you got nothin' new to say.
    1. Re:The answer is pretty simple by eln · · Score: 5, Interesting

      I agree, but on the other hand it's foolish for Facebook to have taken such a lazy approach to apps. What they should have done (and should do) is allow a developer of an App to determine what information from a user's profile they actually need for their app to operate, and allow that app access to only that information. Further, instead of the blanket "allow this app to see everything about you" screen, they should tell you precisely what information that particular app is asking for (and will be allowed to see), and let the user choose whether or not that particular information is something they're willing to share. Most people will just blindly click through anyway just like they do now, but at least if the information to be shared is clearly spelled out, there's a chance someone will think twice before clicking, and at the very least they'll be more informed of what they're actually giving out.

      In addition, they should review apps (not sure if they do this now or not, if they do their criteria are laughable) before allowing them on to the site...and part of their review of an app should include whether or not the app is asking for more information than it actually needs.

      And for the love of God, instead of making every stupid little quiz a separate app, Facebook should maintain its own in-house developed "quiz app" and allow random idiots to submit quizzes to it. I'm tired of having to block every stupid quiz individually because they're all individual apps. This would also have the side effect of not needing to give all of your information to a random 14 year old so you can find out which Teletubby you are...your information would only be shared by the developer of the Quiz App (Facebook itself). Of course, this would only work in conjunction with the review process mentioned above, as any other quiz apps would be rejected by the review and the developers pointed to the Facebook Quiz App.

      Facebook strikes me as a company with a lackadaisical approach to privacy and a generally lazy approach to the design and implementation of site features. It angers me that the site could be so much better than it is if someone at that company gave a damn about these things.

  5. Re:They prompt you by ceoyoyo · · Score: 4, Interesting

    I agree with that one, but what if you want to play chess with your friend? You should be able to do that without giving someone access to everything. Either the Facebook API doesn't support requesting limited rights, or a I have never seen an app that uses that capability.

  6. The real situation by Anonymous+Brave+Guy · · Score: 4, Insightful

    Twitter, FaceBook, MySpace, blogs, text messaging, cell phones... They're all just ways of distributing a message. The problem isn't that distribution has become insanely quick, easy, and efficient. The problem is that nobody is thinking about the message anymore.

    Actually, the problems being cited by the privacy officials are more the kind of thing the average user probably would not realise/anticipate.

    If I ask a site to delete my personal data when they no longer have any reason to hold it, I might reasonably expect them to delete it — not stick some flag in a database, and then find when they have a security breach in five years' time that the data was still there. If an organisation is unwilling to follow this rule, the law should make them; the consequences of failing to do so with modern technology are demonstrated all too frequently, and often with horrendous, underserved consequences for those affected.

    If I flag my personal data as private and restrict access to only a select group of friends, I might reasonably expect that data to be kept private and accessible only to those friends — not made accessible, in its entirety, to a million arbitrary developers of Facebook apps around the world, many from countries with far less privacy protection than the law in my country (and other countries where Facebook is hosted) provides. Again, if a site that specialises in collecting personal data and attracts that data on the basis that it can be held in confidence is unable to keep that confidence, the law should compel them to do so.

    The way Facebook doesn't really delete data and the way they allow app developers open-ended access to it are the two big reasons I personally don't use their service, and I would be interested to know how many of my Facebook-using friends would agree if they knew the full implications of signing up for one game of Scrabulous or whatever it's called these days.

    The world has changed in the Internet age, because now transgressions that might have been forgotten or overlooked after a while in the past are kept on-file forever and searchable for all to see. That in itself makes both education (particularly for the young/vulnerable), privacy awareness, and explicit legal protections for personal information much more important.

    Personally, I believe personal data protection and privacy laws are far, far too weak in most jurisdictions today, lagging well behind modern technology and its less constructive applications. I would like to see statutory safeguards on all collection, use and distribution of personal data, and awesome, business-destroying penalties for those who are not careful enough to do so.

    Our current path, towards a database state and wholesale aggregation of personal data by private entities, using software that is frequently insecure, with low-level staff unreliable at following even basic security procedures, in a world where leaks can turn a victim's life upside down and the damage may be expensive or impossible to fix, is not a healthy path to follow.

    Basically, it's reasonable to expect some common sense from those old enough to know what they're doing, but it is not reasonable to expect people to make decisions based on information they probably don't know or understand, and in any case, no-one is perfect and I personally think society would be a better place with stronger privacy laws governing organisations that compile massive databases of personal data. As I often comment in these discussions, just because we can do something does not mean we should, and just because someone who is only human once made a mistake does not mean we have to catalogue it and make it searchable by anyone for the rest of their life.

    --
    If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.