Slashdot Mirror
Facebook Faces the Canadian Privacy Commissioner
dakohli writes "Canwest's Sarah Schmidt writes that Facebook has until Monday to find a way to fix its 'serious privacy gaps.' And if the Canadian Privacy Commissioner isn't happy with the Web Company's response, then she has two weeks to push it to the Canadian Federal Court in Ottawa. 'A spokeswoman for the commission said it's premature to say whether the feud will end up in court. This would be an international first for Facebook, which has grown to more than 200 million users since its launch in 2004.'"
At least one country is going to try to close this massive loophole of never destroying a user's information when they want to remove their account. I mean I can understand that being able to just "deactivate" an account is useful when a user just wants to stop using facebook for a while but how hard is it to have a remove feature that deletes a users information?
Keep your private information private by not posting it on Facebook!
Facebook announces that it will open up a new data center in Ontario.
This is my sig.
That one phrase is one of the most interesting and most insulting that can be used. Void where prohibited is the same as saying we're not sure where a judge will rule this illegal, but in case they do, you lose. Why not be user friendly (anyone remember that phrase?) and say what laws you ARE in compliance with, perhaps listing a reference to your licensing documents? Even lawyers are prohibited from practicing law in regions they are not licensed for. Yes, I realize that the WWW is not quite the same thing, but in the EULA you should mention all the regions where it is legal and above board since the L in EULA stands for license. As a user, if you don't know where you are in compliance, how the hell am I supposed to know? While 'buyer beware' always applies, in this day and age, it's not unreasonable to expect that a service list where it is in compliance with privacy laws in their privacy statement.
As far as Facebook users should be concerned, if the government of Canada thinks there are privacy violations, there are... at least until Facebook clears the matter up unequivocally and publicly. After all, how can I in good faith sign or accept a EULA if I cannot be sure your service is in compliance with the applicable laws? DING That is to say that EULAs are wrong from word one, but staying on point, if there is to be one, shouldn't the burden be on the provider to show what privacy laws they are in compliance with?
Support NYCountryLawyer RIAA vs People
Or, how about, users research what they are getting into in the first place? Do you seriously expect facebook to go through the law books on every national and local level and state which laws, where, they are in compliance with, AND keep up-to-date on them? That's impossible, and ridiculous. I can't seriously fathom how you could seriously consider forcing someone to go through laws everywhere stating how they are in compliance with them.
Do you own a web site? Any sort of a web site? Good, because that same onus is now upon YOU to do the very same thing, if you collect any sort of user data. Have fun!
The Privacy Commissioner is an officer of parliament (who reports directly to the Senate and the House of Commons), not an official of the Government of Canada.
Atheism is a religion to the same extent that not collecting stamps is a hobby.
I can see it as being reasonable in some cases. One of the most common is with contests and giveaways, which essentially means, "if contests with cash prizes such as this one aren't allowed where you live, then you can't enter this contest, obviously".
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
Do you seriously expect facebook to go through the law books on every national and local level and state which laws, where, they are in compliance with, AND keep up-to-date on them?
Just provide a link to Pacer and the Canadian equivalent. (grin)
Reminds me of the old joke:
GIVEN: The entire body of current mathematical thought;
PROOF: The proof follows by examination. QED.
Do not mock my vision of impractical footwear
Given: ZFC
Prove: Fermat's Last Theorem
This exam has a time limit of 2 hours. Begin.
In this case it's probably more akin to -
Given: ZFC
Prove: The continuum hypothesis
Given the legal systems of every country on Earth, I'm pretty sure you can find at least two contradictory laws.
Nobody has to do it. This is just how the world works. You figure out what to do when/if somebody finds a problem/some non-compliance. The internet is such a different beast that you simply cannot (it's both a time and money issue) be assured of compliance. We tacitly accept this by using the internet. Throw in the fact that there are no reliable ways to find locations, and you really see the world the internet creates.
Also, your portrayal of the lawyers is kind of ridiculous. Lawyers aren't being lazy. These companies do not have unlimited budgets. So because there are no clean solutions (laws change all the time, all over the world), you have to hedge your bets a bit.
Finally, the casual user is the same person who makes Joe'sWebsite.com. You cannot hold corporations to a different standard, and these corporations have the same potential reach as the casual site owner: each jurisdiction in the world. And, believe me, just because you're a lawyer does not mean you have all the law down. Most lawyers never have even 1% of the law down. There's just too much of it. You're presented with problems (as a litigator) and you advocate. Or, if a transactional lawyer, you try to foresee problems, account for them, and then hedge your bets with some catchall language (which doesn't always work, mind you).
You say that like it's a joke, but it wouldn't be the first time a website had been blocked on a national level, and it isn't necessarily a bad idea. ...and somehow I suspect the lost advertising revenues would get facebook's attention long before the calls of irate citizens annoyed the answering service at the Canadian privacy commission. Only one in a thousand people will bother to call the government and complain, most will probably just fill out internet polls on whatever new social networking site they move to. Those advertising dollars are lost immediately though.
This will force the Canadians to Bomb the Baldwin family.
Linux - Because Mommy taught me to Share.
I don't think the EULA is particularly significant compared to their violations of Canadian copyright law. To throw up an unjust comparison: You can host child porn behind a strict EULA all you want, but they'll still toss in you in jail.
Take anything and everything that Canwest reports with several large grains of salt. This is a media company that forbids the editors of their local newspapers from writing their own articles. At Canwest all opinions must come from head office.
Why do I need opinions from the news?
More importantly to Canada, it means roughly a third of the entire country is on Facebook. That's getting into the realm of national security concerns when detailed information that much of your population resides in a foreign country.
Canada? Does it matter?
Is that another US-American saying I have yet to learn?
NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
Why should news publications not offer any editorials or analysis... as they've been doing for centuries? Raw data in and of itself is not particularly useful.
And why was this modded Informative when in fact it's just the opposite?
Il n'y a pas de Planet B.
Though one could also point out that as an officer of parliament, they -are- a part of the Government of Canada...
I would first like to take this opportunity to complain about the size of the margins on the paper supplied to students...
Ahh - My eye!
The doctor said I'm not supposed to get Slashdot in it!
They do business with people within those nations, but are not actually situated within those nations, unless of course they have some headquarters in that nation (or locality).
The principle here that applies to facebook also applies to Joe Normals' personal website where he allows people to post comments or perhaps even has his own message board. As he is collecting and storing user information, he, as per the parent's suggestion, as the obligation to go through each and every legal district in the world (as anyolne can visit his website). It doesn't matter if he's a commercial entity or not; the concerns behind privacy violations are still the exact same.
The only other solution is, of course, to restrict websites only to nations or localities where the legality of the website can be ensured. Is this how you want the internet to look? Sounds like a great way to censor oppressed peoples...! After all, I suppose there's a lot of people trying to say *illegal* things about the Iranian government (from within)...! I suppose when search engines are asked by oppressive foreign governments like the Chinese for information on what users have done or posted with them, it's a GOOD THING they are complying with the local laws--they are, after all, doing business with them, no?
There's a strange premise behind all this, and that's that *FACEBOOK* should be responsible. Why not shift the onus on Canadian citizens so only they can go to websites with government-approved "privacy" schemes, with penalties or fines for citizens that do not comply. That's very progressive, right? Social responsibility? Yes? No?
Someone who reports directly to the house and senate is beholden to them. This means committees not individual people like normal bureaucrats, which means there is a much higher level of standard regarding issues when push comes to shove in a body like this. The privacy commissioner is not a regulatory agency like the CRTC, it's an actual oversight board and committee meant to safeguard the privacy of the citizens of Canada.
Om, nomnomnom...
If you put the burden of websites to be compliant with every law in the world, it is going to be very difficult for small sites and startups.
Unless you're amazing enough to actually show up on a CSIS or RCMP watch list, then you're not getting your information shared with other governments. If you're at that point already, then there's a national security issue for nations which you're friendly with. Figure that one out yet?
So here's a big surprise, personal information of 10m citizens that are silly enough to post it is actually a rather big issue. And not to forget that the privacy act does exist for a reason, but I'm sure you've already read it and know what it means like most people who have a passing interest in law. Because if you didn't, you wouldn't understand the first part I posted.
Om, nomnomnom...
Wrong. If you put the burden of websites to be compliant with every law in the world, you make every site owner, hosting provider and ISP in the world a criminal.
They do business with people within those nations, but are not actually situated within those nations, unless of course they have some headquarters in that nation (or locality).
No. They don't need to headquarters in a nation. They don't even need a branch office. They don't need any staff at all. They only need to have a "presence".
So what is a "presence"?
Pretty much anything that is selling OR promoting your product or service in Canada would count -- "doing business in Canada".
Facebook in particular has deals with the major wireless carriers to promote 'facebook on your mobile phone', and that would qualify it having a Canadian presence. It is actively doing business in Canada.
But Joe Average American running a blog, per your example, is merely accessible from Canada, and he and his site don't have any Canadian presence.
Now if facebook doesn't actually have any offices or staff in Canada, there's not really much that the Canadian government can do directly to them, even if they are deemed to have a presence. But it can go after facebooks canadian partners (such as the aforementioned wireless carriers) and force them to cease dealing with facebook which gives them some limited leverage over facebook insofar as they can make it so that if facebook wants to continue running promotions in Canada, and have its 'app' and 'bookmarks' and whatnot preloaded on phones then it has to meet whatever laws are in place.
Meanwhile they would have zero leverage over your example Joe Average American blogger, who couldn't care what the Canadian governement does in Canada.
The Government of Canada is currently led by Stephen Harper. The Parliament of Canada is 308 House of Commons members and 105 Senators; the government answers to the House of Commons, and the Governor General asks the membership of the Commons to form a government from their membership which, by custom, is the leader of the majority party. Parliament is above the Government, and serves to keep the Government in check.
Technically, then, the Government is a part of the Parliament, not the other way around.
(Fun fact: There are actually three components of Parliament: The House, the Senate, and the Library of Parliament.)
An EULA is a contract, and the first rule of contracts is that they cannot constitute anything illegal. You may sign a contract giving a third party full permission to murder you, but since murder is illegal, a jury will still convict said third party.
"I'm a humble person really,
I'm actually much greater than I think I am"
I don't think most people realize that they also own facebook.ca. Registering a Canadian domain, by definition (as per the registration requirements), means that you have Canadian presence. They aren't just making themselves accessible to Canadians, but are in fact saying that they are Canadian too.
Last I checked, Facebook was a US company with no presence in Canada.
When was the last time you checked, exactly? And, yes, owning a .ca domain means they have a Canadian presence.
A. Create a new holding company in a different country (say USA or somewhere with desirable local laws) - transfer said .ca domain to new holding company. B. Change the main page to "This Site no longer exists. Try going to whatevermysiteis.COM" C. Tell offending government to go pound sand.
CIRA won't allow said holding company to take ownership of the domain unless said holding company has a Canadian presence. With .ca domains, they can't be under the control of anyone who isn't operating within Canada, for the most part.
I see what you're saying, but really, if I set up a website that is called SpeakingFrenchSucks.ca just to bash the French language, is that operating in Canada?
No, you've got it entirely backwards.
You *can't* register SpeakingFrenchSucks.ca *unless* you are "operating in Canada", as per the rules as set out by CIRA.
I think, correct me if I am wrong, what you're saying is, by registering this domain, I agree to be bound by the CIRA?
Correct. Specifically, by registering a .ca domain, you are bound by CIRA's Registrant Agreement, which, among other things, includes the Canadian Presence Requirements. Violating those requirements will result in the cancellation of your domain name registration (assuming you're caught, of course... odds are Facebook would be).
Once you register your domain with GoDaddy (or any other registrar), you'll get an email from CIRA asking you to accept their registration agreement and define what kind of Canadian you are (ie. a person, a corporation, a political party, Her Majesty the Queen, etc.). If you do not agree to the agreement or you don't complete this step, your registration is canceled.