Facebook Addresses Canada’s Privacy Commissioner Concerns

Facebook Addresses Canada’s Privacy Commissioner Concerns

Several weeks ago the Office of the Privacy Commissioner of Canada, issued a comprehensive report about Facebook’s privacy policies and asked the company to address several privacy concerns they laid out or face imminent legal action. In response, Facebook announced today a series of changes that intended to address the concerns offered by the Commissioner.

Among the changes Facebook will be making:

• Updating its Privacy Policy to better describe a number of practices, including the reasons for the collection of date of birth, account memorialization for deceased users, the distinction between account deactivation and deletion, and how its advertising programs work.

• Encouraging users to review their privacy settings to make sure the defaults and selections reflect the user’s preferences.

• Increasing the understanding and control a user has over the information accessed by third-party applications. Specifically, Facebook will introduce a new permissions model that will require applications to specify the categories of information they wish to access and obtain express consent from the user before any data is shared. In addition, the user will also have to specifically approve any access to their friends’ information, which would still be subject to the friend’s privacy and application settings.

In my opinion, the most important change is related to applications. As I have previously discussed, the challenge of policing the activities of tens of thousands of independent developers around the world is a daunting but necessary task. The current process on Facebook allows users to opt-in to giving applications permission, but allows apps to require users to provide access to all of their own data and all their friends data. Many users have no clue that by doing quizzes, they are providing a developer with access to all the information in their profile and access to their friends profiles and their information.

The new process will require applications to spell out the data they want from users with more detail and to more specifically approve access to categories of an individual’s data or their friends’ data.

For the first time, when users authorize an application, they will have the opportunity to opt out of giving certain pieces of information. Fields that are necessary for the application to function will still be mandatory. Facebook also said that it anticipated that users will need to opt-in to giving applications access to their friends’ data.

These changes are absolutely a very positive step,and do lead the way for other platforms that support applications to step up to provide more transparency and control.

Unfortunately, I don’t see how Facebook can take on the job of policing hundreds of thousands of applications, without creating huge bottlenecks or hiring hundreds of reviewers. Who will decide what data is necessary for an application to function? Will users pay attention and exclude the sharing of data which isn’t required or will they just click through? Clearly, there is a desperate need for third parties such as seal companies or application rating sites to fill the void here so that users can look to trusted experts for help before deciding to share the details of their lives with unknown and unverified developers. Of course, this issue isn’t unique to Facebook as the focus tomorrow will be on the other social network platforms. And, it’s only a matter of time before open mobile platforms feel the heat as well.

The other important note here is that, once again, the international privacy regulators are driving the global privacy agenda and setting standards for US companies. In response to recent pressure from European authorities, search engines have all reduced the time they keep search queries. Although international regulators have for many years published opinions or made public declarations about their views that companies weren’t meeting local standards, they have begun to play a significantly more aggressive role in demanding actual changes from companies active in their jurisdictions. A review of the agenda of the November international conference of data commissioners makes it clear that social networking, kids privacy, behavioral advertising will continue to be lead topics of discussion. Although the FTC cooperates with many of the international regulators and has observer status at some of the conferences, I re-iterate the call for the Obama administration to appoint a Chief Privacy Officer who can ensure that the US is more visible and relevant on this increasingly global playing field.

Leave a Reply

Privacy Calendar

all-day Global Privacy Summit 2015
Global Privacy Summit 2015
Mar 4 – Mar 6 all-day
For more information, click here.
6:00 pm CDT Annual Dinner “TechProm” 2015
CDT Annual Dinner “TechProm” 2015
Mar 10 @ 6:00 pm – 9:00 pm
Featuring the most influential minds of the tech policy world, CDT’s annual dinner, TechProm, highlights the issues your organization will be facing in the future and provides the networking opportunities that can help you tackle[...]
all-day BCLT Privacy Law Forum
BCLT Privacy Law Forum
Mar 13 all-day
This program will feature leading academics and practitioners discussing the latest developments in privacy law. UC Berkeley Law faculty and conference panelists will discuss cutting-edge scholarship and explore ‘real world’ privacy law problems. Click here[...]
all-day PL&B’s Asia-Pacific Roundtable (...
PL&B’s Asia-Pacific Roundtable (...
May 27 all-day
PROFESSOR GRAHAM GREENLEAF, Asia-Pacific Editor, Privacy Laws & Business International Report, will lead a roundtable on the countries of most interest to business in the Asia-Pacific region. Click here for more information.
all-day PL&B’s 28th Annual International...
PL&B’s 28th Annual International...
Jul 6 – Jul 8 all-day
The Privacy Laws & Business 27th Annual International Conference featured more than 40 speakers and chairs from many countries over 3 intensive days. At the world’s longest running independent international privacy event participants gained professionally by[...]
all-day Data Privacy Day
Data Privacy Day
Jan 28 – Jan 29 all-day
“Data Privacy Day began in the United States and Canada in January 2008, as an extension of the Data Protection Day celebration in Europe. The Day commemorates the 1981 signing of Convention 108, the first[...]
all-day Data Privacy Day
Data Privacy Day
Jan 28 – Jan 29 all-day
“Data Privacy Day began in the United States and Canada in January 2008, as an extension of the Data Protection Day celebration in Europe. The Day commemorates the 1981 signing of Convention 108, the first[...]

View Calendar