Facebook Agrees to Implement Federal Privacy Commissioner’s Recommendations
As previously reported, the Office of the Privacy Commissioner of Canada (Office), after investigating the privacy practices of Facebook, concluded that it was in breach of Canadian privacy law (see E-TIPS®, “Facebook Breaches Canadian Privacy Law, Says Federal Privacy Commissioner”, Vol 8, No 3, July 29, 2009).
Facebook has now agreed to resolve the Office’s privacy concerns by implementing a number of changes, some of which are noted below. The changes will be implemented over the following 12-month period.
The Office was concerned that Facebook lacked adequate safeguards to restrict the disclosure of personal information to third-party developers retained to create Facebook applications. Facebook has agreed to require developers to specify the categories of personal information they wish to access and require express consent from users for each category.
Another privacy concern was that Facebook indefinitely retains personal information of users who have deactivated their accounts. Facebook has agreed to allow users the options of deactivating their account or deleting their account.
Regarding the protection of non-user’s personal information, Facebook agreed to include more information in its Terms of Use statement and also confirmed that it does not retain the e-mail addresses of non-users invited to join Facebook.
For a press release from the Office, visit
http://www.priv.gc.ca/media/nr-c/2009/nr-c_090827_e.cfm
For a press release from Facebook, see:
http://www.facebook.com/press/releases.php?p=118816
Summary by: Lauren Lodenquai
