The Office of the Privacy Commissioner of Canada looked at Facebook and whether its privacy settings, and knowledge and consent by users, was sufficient.
The study was based on a complaint by the Canadian Internet Policy and Public Interest Clinic (CIPPIC) and the focus was:
“…whether Facebook was providing a sufficient knowledge basis for meaningful consent by documenting purposes for collecting, using, or disclosing personal information and bringing such purposes to individuals’ attention in a reasonably direct and transparent way. Retention of personal information was an issue that surfaced specifically in the allegations relating to account deactivation and deletion and non-users’ personal information. Security safeguards figured prominently in the allegations about third-party applications and Facebook Mobile.
The summary of the investigation can be viewed here, and the conclusion states:
On four subjects (e.g., deception and misrepresentation, Facebook Mobile), the Assistant Commissioner found no evidence of any contravention of the Act and concluded that the allegations were not well-founded. On another four subjects (e.g., default privacy settings, advertising), the Assistant Commissioner found Facebook to be in contravention of the Act, but concluded that the allegations were well-founded and resolved on the basis of corrective measures proposed by Facebook in response to her recommendations.
On the remaining subjects of third-party applications, account deactivation and deletion, accounts of deceased users, and non-users’ personal information, the Assistant Commissioner likewise found Facebook to be in contravention of the Act and concluded that the allegations were well-founded. In these four cases, there remain unresolved issues where Facebook has not yet agreed to adopt her recommendations. Most notably, regarding third-party applications, the Assistant Commissioner determined that Facebook did not have adequate safeguards in place to prevent unauthorized access by application developers to users’ personal information, and furthermore was not doing enough to ensure that meaningful consent was obtained from individuals for the disclosure of their personal information to application developers.
No comments:
Post a Comment