This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Facebook privacy and personal data security criticised by Canadian information commissioner

Share this article:

Social networking site Facebook does not do enough to protect personal information, according to the Canadian Privacy Commissioner.

The office of Jennifer Stoddart investigated the website's use of personal information and found that Facebook is not clear enough about how users can control their information or restrictive enough in limiting other companies' access to it.

In a detailed report, the investigation found that users were told on Facebook how to deactivate accounts, but not how to delete them and remove personal information from the Facebook servers. The commissioner's office said that the company needed to be more transparent.

Its complaint comprised 24 allegations ranging over 12 distinct subjects. These included: default privacy settings, collection and use of users' personal information for advertising purposes, disclosure of users' personal information to third-party application developers, and collection and use of non-users' personal information.

It found that on four subjects, including deception and misrepresentation and Facebook Mobile, there was no evidence of any contravention of the Canadian Privacy Law and concluded that the allegations were not well founded.

On another four subjects including default privacy settings and advertising, the assistant commissioner found Facebook to be in contravention of the Canadian Privacy Law, but concluded that the allegations were well founded and resolved on the basis of corrective measures proposed by Facebook in response to her recommendation.

With regards to the entry and retention of a user's date of birth, the commissioner found that Facebook to be in contravention of two principles relating to identified purposes that 'should be specified at or before the time of collection to the individual from whom the personal information is collected'.
 
She also stated that 'the purposes must be stated in such a manner that the individual can reasonably understand how the information will be used or disclosed'.

Facebook has since responded by agreeing to amend the language of the pop-up in question as follows: “Facebook requires all users to provide their real date of birth to encourage authenticity and provide only age-appropriate access to content. You will be able to hide this information if you wish, and its use is governed by the Facebook Privacy Policy.”

With regard to the controversial privacy settings, the commissioner found that Facebook did not do as much as it should to inform users about privacy settings at registration, as there is no direct link to the privacy settings and no upfront message about these settings.

It also found that Facebook's notification efforts relating to privacy settings fail to meet a reasonable standard in the circumstances, and needed to do more to ensure that new users can make informed decisions about controlling access to their personal information when registering.
 
The report claimed: “Facebook has given its users tools to control their personal information; it needs to ensure that users better understand these tools.”

In a summary of the investigation, the commissioner found no evidence that Facebook is wilfully misleading or deceiving users about the purposes for which it collects information or is obtaining consent through deception. It also claimed that an allegation of misrepresentation is not well founded.

However in its conclusion, it claimed that once implemented, Facebook's proposed corrective measure of its privacy policy will meet its recommendation and bring the organisation into compliance with the Canadian Privacy Law. It will follow up with Facebook on the status of its implementation of this measure within 30 days.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

SharePoint users break own security rules

SharePoint users break own security rules

Privilege controls can work, but cannot cater for all eventualities, says Quocirca analyst Rob Bamforth.

Heartbleed slows down the internet

Heartbleed slows down the internet

As Hearbleed slows down the internet, experts say that two-factor authentication may the way forward to protect our web sessions.

Biometric data collection sparks privacy debate

Biometric data collection sparks privacy debate

You could be implicated as a criminal suspect, just by virtue of having that image in the non-criminal file, says the Electronic Frontier Foundation (EFF).