Should Facebook and Google users in the U.S. thank the Canadian government for protecting their privacy? A pretty good case could be made that they should.
Both Internet giants have had their hands slapped by the Canadian Privacy Commissioner and have had to alter their policies as a result (although Facebook is still considering its full response to the CPC complaint), and those changes have had the net result of protecting the privacy of U.S. users as well.
In the case of Facebook, the Privacy Commissioner's office filed notice last week that the social network provider's protection of personal data didn't meet federal standards on a number of points -- 22 of them, to be exact. The government department advised Facebook to alter its practices to bring them into compliance, or possibly face court proceedings that would compel the company to abide by the rules.
One of the aspects of Facebook's privacy protections that caught the Commissioner's eye was the amount of personal data that is shared with the creators of third-party applications that Facebook users often agree to add to their profiles.
The Facebook investigation raised what the Commissioner's office called "significant concerns around the sharing of users’ personal information with third-party developers creating Facebook applications such as games and quizzes." The agency said the company "lacks adequate safeguards to effectively restrict these outside developers from accessing profile information."
Under the company's rules, these third-party app creators don't have to provide much detail about what they plan to do with your personal data. What's more, Facebook collects a lot of data that isn't really necessary, according to Privacy Commissioner Jennifer Stoddart.
This is something that many users have noted (and programmers as well), but in Canada, that kind of personal data collection and retention isn't just an irritation or curiosity, it's potentially a breach of Canadian law.
The law in question is the federal Personal Information Protection and Electronic Documents Act (or PIPEDA), which sets strict limits on what information can be collected, the amount of disclosure required, the purposes to which it can be put, and how long it can legally be retained. It is different in many key respects from U.S. privacy laws.
The Commissioner's report recommended a number of changes, including "technological measures to ensure that developers can only access the user information actually required to run a specific application" as well as taking steps to "prevent the disclosure of personal information of any of the user’s friends who are not themselves signing up for an application."
The investigation also found that Facebook has a policy of indefinitely keeping the personal information of people who have deactivated their accounts.
This is the second time that Canada has stepped in to advise a major Internet player of its neglect of privacy rules. Last year, Google (Nasdaq: GOOG) came under fire from the Commissioner's office over its “Streetview" service, which hasn't even launched in Canada yet. After reports emerged that cars belonging to Google had been seen filming in Toronto and other major cities, the federal agency released a statement calling on the company to change its methods to better protect people's privacy.
In particular, the Commissioner said that revealing the faces of specific individuals without their consent was a breach of Canadian privacy laws, and so was revealing personal information such as car license plates. In the U.S., taking a photograph of someone in a public place without their consent is legal, but in Canada such photos are considered an invasion of privacy, unless they are taken for artistic or journalistic purposes, such as reporting on a news event.
Google responded by using automated technology to blur the faces of people in its Street View photo montages -- a feature it is also rolling out in the U.S. and other jurisdictions.
— Mathew Ingram, technology writer for The Globe and Mail in Canada
This is worth noting for anyone that is worried about protecting more of their privacy on Facebook. This is an example of exactly what the Privacy Commissioner of Canada is deeply concerned over:
Facebook has agreed to let third party advertisers use YOUR posted pictures WITHOUT your permission. To forbid this, click on "Settings" up at the top where you see the "Log out" link. Select "Privacy". Then select "Newsfeeds" and "Wall". Next, select the tab that reads "Facebook Ads".
There is a drop down box, select "No one". Then save your changes.
"Facebook occasionally pairs advertisements with relevant social actions from a user's friends to create Facebook Ads. Facebook Ads make advertisements more interesting and more tailored to you and your friends. These respect all privacy rules. You may opt out of appearing in your friends' Facebook Ads below." (Cited source: Facebook Advertisers section).
"The government department advised Facebook to alter its practices to bring them into compliance, or possibly face court proceedings that would compel the company to abide by the rules."
Well that sounds great, but I think we'll find it's an empty threat. Facebook has made some changes to how it handles user data, not enough to fully satisfy the Privacy Commissioner, but perhaps enough for its users.
Sure the government could take Facebook to court, but how far does it press its case? If Facebook fails to comply, what's the penalty? Would the government attempt to block Facebook from the Internet in Canada? Ban users from logging in? The 12 million user accounts represent over 1/3 of the entire population. Any attempt to restrict their access to the site or shut it down would be an act of political suicide (and I wouldn't rule out rioting in the streets, either).
More likely the pressure will mount on Facebook from other governments now that Canada, which is often seen as a role model, has cast the first stone at their privacy policies. By that point, appeasing its critics by changing its policies will be far less than the cost and distraction of multijurisdictional court battles.
As much as I applaud Facebook for at least looking at taking privacy more seriously (only after threats of legal action mind you), I find it rather saddening that it had to take a large and unnecessary government bureaucracy's action in order to have Mark Zuckerberg and Co. pay attention.
Firstly Facebook users in Canada (I'm one of them) should become more educated about what their information is doing and where it's going. Facebook could help by having better disclosures of this, because just like the Privacy Commissioner of Canada, I too am concerned about what third party applications are doing with personal information. I've tried to find out and quite frankly I came up short; the way Facebook shares details with third parties is a literal black box. Who knows where the information is going or what is even shared. I was left with no choice; I turned my security settings way up and completely remove third party apps, and willl continue to do so until I get an answer.
When you are prompted to agree or disagree to the terms before adding an application to your Facebook account, you basically have to acknowledge that everything and anything will/could be shared with the third party that made the application; a third party who may or may not be an evil marketing or criminal organization. Has anyone sat down and thought about the implications of this? What is Facebook's screening process for third party developers? Does it even HAVE a screening process?
If Facebook had more flexibility with its privacy controls and actually disclosed everything to its users, and followed the statute (Personal Information Protection and Electronic Documents Act - PIPEDA) it is legally bound to, then an intervention by the Privacy Commissioner of Canada would not even be necessary. Facebook users would be able to make an educated decision about what information they decided to share and what information they decided not to share.
Facebook foresees a different kind of Internet in which information is shared and is open to trusted sources. However if we don't even know whom the trusted sources are and we aren't even given any choice in the matter, then in my opinion Facebook's vision is a rather flawed one.
Not that I'd ever say the Wikipedia is a foolproof, reliable source of information, but at this point I've seen as much evidence for your point of view as mine (i.e. speculation).
So from a third, completely uninvolved party: http://en.wikipedia.org/wiki/Google_Street_View#Canada
The quick highlights of the article are:
1. Canada isn't the only country to raise a fuss over privacy issues.
2. It's a planned expansion for Street View
Did Google create the face and plate obscurring technology just to appease Canada's privacy laws? Probably not. Will Google just ignore or pull services from any country that makes a fuss over privacy issues? Probably not.
It's bad business to exclude an entire country like Canada, so I doubt Facebook would simply pull its business.
Without insider knowledge of these companies, or at least some proof from reliable sources, it's all speculation and opinion.
Going back to the original article, it's probably very much in Facebook's interests to heed the advice of the Commissioner; it will offer more protection from lawsuits. Yes, Facebook can probably defeat a lawsuit pretty easily but even that is expensive.
It just makes sense to give people control over the information they supply, to expose, update, or delete it as they see fit. Less information means less liability. If Facebook had its data stolen, I think a class action suit of every person who had deactivated their account but had their personal information stolen anyway would have a strong case.
Sorry if you feel you're being dismissed, it's just my opinion that Google already had the "blurring" technology in the works it just happened to coincide with the Canadian Commission's little threat...
By the way, it appears that this complaint was filed in 2007 and now 2009 is just about over and still NO StreetView in Canada as yet!!
Google must be on the "SLOOOW" Roll Out plan on this one... ;-)
Saying that the Canadian government has no place in this matter is absurd. A critical role of the government is protecting its citizens. This is why Canada has a military. This is why Canada has privacy laws.
/applauds Canadian government
Canada, you may suck at keeping your word to the KYOTO accord, but thank you for protecting us from the Facebook monster.
Then why blur out the faces and license plates in a country that isn't affected by Canada's laws?
When you're as big as Google, the compliance could have been as easy as "Don't worry, we won't bring that service here", but instead they actually applied to to the existing service.
Maybe they thought they might get sued. Maybe they just thought Canada had a good idea.
Regardless, they changed something they didn't have to prior. Don't be so dismissive; it's not conductive to trust.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
Not that long ago, blogs were a mysterious animal that most reputable companies shied away from, an untrustworthy medium populated by cranks in their pyjamas.
The battle between eBay Inc. (Nasdaq: EBAY) and Skype Ltd. is escalating, and in the end, users of the Web-based phone-calling application could be the ultimate losers.
In 1891, Nicola Tesla held up a discharged light bulb and showed how it could be lit up anywhere in a room with a specialized magnetic field. More than a century later, businesses and consumers may soon be able to tap into commercial wireless electrical services, if a couple of entrepreneurs have their way.
While Google introduces its new Chrome OS (which I'm hearing will be widely available in one year? Did I mishear that?), IBM announced 10 new products today to help companies using IBM System z mainframe technology.
Smarter Collaboration: How to Thrive in a Challenging Business Environment Market conditions are changing faster than ever, and organizations need to improve their agility and adaptability in order to provide better service and improve processes. The ability to work with customers, business partners, and employees as effectively as possible - while at the same time holding down costs - is a key to success. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
Industry initiatives and government stimulus funds are giving enterprise software vendors a great opportunity to help build out and manage smart grid technologies.
The problem with telepresence is that it's not universally accepted, because video calling isn't. While we can all do video calling, we also apparently worry too much about how we look. If we want HD telepresence in our future, we have to dress down, mess up our hair, and dive into our online life.
The US loses about $20 billion a year on pirated software, movies, and music. But public policy can help stem the tide of digital theft. For example, France has recently passed a 'three strikes and you’re out' law, whereby if after two warning letters an individual continues to download pirated software then his Internet access will be cut off. US policy makers should consider adopting similar policies.
Financial management planning does not need to include Voodoo economics, but it does help to tap into the knowledge base of your team through some sort of real-time system. We explore your options.
When Reiter gets incensed over incompetent Verizon FiOS order-taking and support, he broadcasts it via Twitter. Did it do any good? How should your company offer Twitter support? Watch this for all the answers.
The successor to the BlackBerry Bold 9000 – the Bold 9700 – will be available soon in the US. Is it worth upgrading? Reiter's got one, and offers advice.
Digg
Del.icio.us
Reddit
Email This
TWEET THIS
