The Canadian Privacy Commission has publicly called out Facebook for its breach of the country’s privacy laws; in specific, failing to properly handle a user’s personal information.
The commission released a report on Thursday (July 16th) wherein Jennifer Stoddart, the commissioner herself, blasted the world’s largest social networking website about their privacy guidelines that fly directly in the face of Canadian law. It also included a 30 day ultimatum with the threat of possible legal action through the Canadian federal court system as the only course of action available if they do not comply.
At the centre of the debacle is Facebook’s rules that allow it to retain a user’s personal information indefinitely, even after the user deactivates their account. It also notes the confusing and misunderstood difference between simple deactivation and the hidden method of deletion, citing undocumented steps as to the process of permanently ridding an account of all personal information.
This social site’s privacy flaws fly directly in the face of the Canadian Personal Information Protection and Electronic Documents Act.
A spokesperson for the commissioners office has stated,” [We] think these are pretty important recommendations, and we are hoping Facebook is going to come back with somesolutions for us,”
Facebook however, appears to hold the view that their current privacy safeguards fall well within the guidelines set out by the country’s laws. Chris Kelly, the cheif privacy officer for the company retorted to the commisions report with the view that “we think that our approach right now is compliant with Canadian law, and to the extent that we would need to establish that, we’re ready to do that”.
A second major issue is also included in the complaint; Facebook provides unfettered access to personal information to an enormous number of developers across the globe.
The spokesperson outlined the concerns,”There are almost a million outside developers across 180 countries, we’re concerned that the door is open to 950,000 developers.”
“The developer is given a key to access information on a user’s profile for a 24-hour period after you decide you are going to use the application. Their contract with Facebook requires them to limit the information they get and to destroy information they don’t need after a certain amount of time.
“We would like to see more due diligence around that and technological measures to ensure the information is protected.”
While Facebook is based out of California in the United States, statistics estimate that approximately 12 million citizens (roughly 30% of the population) have subscribed to Facebook, thus giving it an substantial presence in the country and consequently it is not immune from legal action ordered by a “foreign” government.