Facebook Addresses Canada’s Privacy Commissioner Concerns

Facebook Addresses Canada’s Privacy Commissioner Concerns

Several weeks ago the Office of the Privacy Commissioner of Canada, issued a comprehensive report about Facebook’s privacy policies and asked the company to address several privacy concerns they laid out or face imminent legal action. In response, Facebook announced today a series of changes that intended to address the concerns offered by the Commissioner.

Among the changes Facebook will be making:

• Updating its Privacy Policy to better describe a number of practices, including the reasons for the collection of date of birth, account memorialization for deceased users, the distinction between account deactivation and deletion, and how its advertising programs work.

• Encouraging users to review their privacy settings to make sure the defaults and selections reflect the user’s preferences.

• Increasing the understanding and control a user has over the information accessed by third-party applications. Specifically, Facebook will introduce a new permissions model that will require applications to specify the categories of information they wish to access and obtain express consent from the user before any data is shared. In addition, the user will also have to specifically approve any access to their friends’ information, which would still be subject to the friend’s privacy and application settings.

In my opinion, the most important change is related to applications. As I have previously discussed, the challenge of policing the activities of tens of thousands of independent developers around the world is a daunting but necessary task. The current process on Facebook allows users to opt-in to giving applications permission, but allows apps to require users to provide access to all of their own data and all their friends data. Many users have no clue that by doing quizzes, they are providing a developer with access to all the information in their profile and access to their friends profiles and their information.

The new process will require applications to spell out the data they want from users with more detail and to more specifically approve access to categories of an individual’s data or their friends’ data.

For the first time, when users authorize an application, they will have the opportunity to opt out of giving certain pieces of information. Fields that are necessary for the application to function will still be mandatory. Facebook also said that it anticipated that users will need to opt-in to giving applications access to their friends’ data.

These changes are absolutely a very positive step,and do lead the way for other platforms that support applications to step up to provide more transparency and control.

Unfortunately, I don’t see how Facebook can take on the job of policing hundreds of thousands of applications, without creating huge bottlenecks or hiring hundreds of reviewers. Who will decide what data is necessary for an application to function? Will users pay attention and exclude the sharing of data which isn’t required or will they just click through? Clearly, there is a desperate need for third parties such as seal companies or application rating sites to fill the void here so that users can look to trusted experts for help before deciding to share the details of their lives with unknown and unverified developers. Of course, this issue isn’t unique to Facebook as the focus tomorrow will be on the other social network platforms. And, it’s only a matter of time before open mobile platforms feel the heat as well.

The other important note here is that, once again, the international privacy regulators are driving the global privacy agenda and setting standards for US companies. In response to recent pressure from European authorities, search engines have all reduced the time they keep search queries. Although international regulators have for many years published opinions or made public declarations about their views that companies weren’t meeting local standards, they have begun to play a significantly more aggressive role in demanding actual changes from companies active in their jurisdictions. A review of the agenda of the November international conference of data commissioners makes it clear that social networking, kids privacy, behavioral advertising will continue to be lead topics of discussion. Although the FTC cooperates with many of the international regulators and has observer status at some of the conferences, I re-iterate the call for the Obama administration to appoint a Chief Privacy Officer who can ensure that the US is more visible and relevant on this increasingly global playing field.

Leave a Reply


Privacy Calendar

Oct
7
Tue
Measuring Student Engagement in ...
Measuring Student Engagement in ...
Oct 7 @ 8:00 am – 9:00 am
Technology has brought promising advances to the classroom and it is here to stay. But how can you be sure that using electronic devices and implementing blended learning programs is going to help your students[...]
Oct
11
Sat
City by Numbers: Big Data and th... @ Pratt Institute
City by Numbers: Big Data and th... @ Pratt Institute
Oct 11 @ 9:30 am – 6:00 pm
Big Data—the exponential growth and availability of information—is one of the defining phenomena of our time. It affects us all on different levels – with far-reaching social, environmental, and governmental significance. To help make sense[...]
Oct
21
Tue
Consumer Action’s 43rd Annual Aw... @ Google
Consumer Action’s 43rd Annual Aw... @ Google
Oct 21 @ 6:00 pm – Oct 21 @ 8:00 pm
To mark its 43rd anniversary, Consumer Action’s Annual Awards Reception on October 21, 2014, will celebrate the theme of “Train the Trainer.” Through the power of individual and small group trainings, Consumer Action each year is[...]
Oct
29
Wed
Big Data and Privacy: Navigating... @ Schulze Hall
Big Data and Privacy: Navigating... @ Schulze Hall
Oct 29 @ 4:00 pm – 7:00 pm
The rapid emergence of “big data” has created many benefits and risks for businesses today. As data is collected, stored, analyzed, and deployed for various business purposes, it is particularly important to develop responsible data[...]
Oct
30
Thu
The Privacy Act @40: A Celebrati... @ Georgetown Law
The Privacy Act @40: A Celebrati... @ Georgetown Law
Oct 30 @ 9:00 am – 5:30 pm
The Privacy Act @40 A Celebration and Appraisal on the 40th Anniversary of the Privacy Act and the 1974 Amendments to the Freedom of Information Act October 30, 2014 Agenda 9 – 9:15 a.m. Welcome[...]
Jan
28
Wed
all-day Data Privacy Day
Data Privacy Day
Jan 28 all-day
“Data Privacy Day began in the United States and Canada in January 2008, as an extension of the Data Protection Day celebration in Europe. The Day commemorates the 1981 signing of Convention 108, the first[...]

View Calendar