Canadian privacy commissioner ends Facebook probe

Facebook has resolved the privacy issues raised in a May 2008 complaint, the commissioner said

Canada's privacy commissioner has ended an investigation into Facebook's privacy practices by saying the social-networking site has resolved issues raised in a May 2008 complaint.

Facebook has made changes to its service that resolve privacy concerns raised in a Canadian Internet Policy and Public Interest Clinic complaint, Privacy Commissioner Jennifer Stoddart said Wednesday.

The privacy group complained that Facebook had violated Canadian privacy law by not explaining to users its policies on sharing information with third-party developers. The complaint also accused Facebook of not identifying all the purposes for which it collects users' information, of not getting express consent to collect sensitive information, and of not allowing users who have deactivated their accounts to easily withdraw consent to share information.

The complaint also accused Facebook of failing to destroy the personal information of users who deleted their accounts and of failing to safeguard personal information from unauthorized access.

Facebook has made "extensive" changes to its privacy protections in response to Canadian concerns, Stoddart said in a statement.

"Facebook has put in place measures to limit the sharing of personal information with third-party application developers and is now providing users with clear information about its privacy practices," she said. "A major concern during our investigation was that third-party developers of games and other applications on the site had virtually unrestricted access to Facebook users' personal information."

A new privacy model seeking user permission for third-party apps is a "vast improvement," Stoddart said. Third-party apps now must inform users of the categories of data they require to run and must seek consent from users, she said.

The Office of the Privacy Commissioner (OPC) could have sought a court order if Facebook had not resolved the privacy concerns, a spokeswoman said.

Although this investigation is closed, Stoddart will continue to monitor the website, she said. Stoddart has asked Facebook to improve its oversight of app developers and to better educate them about privacy, she said.

"There is still room for improvement in some areas," she added. "Facebook is constantly evolving, and we are actively following the changes there -- as well as on other social networking sites. We will take action if we feel there are potential new violations of Canadian privacy law."

In addition, Stoddart's office has received more complaints about Facebook since the 2008 complaint. The office is examining those newer complaints.

Facebook made changes to notifications and to its privacy policy in response to the Canadian investigation, said Michael Richter, the company's chief privacy counsel. Facebook also introduced a granular permission process for third-party apps, he said in a statement.

During the past year, Facebook has also made a number of privacy improvements not prompted by the Canadian investigation, including a redesign of the privacy page, Richter said.

"Both Facebook and the OPC share the same goal of ensuring that everyone, including the more than 15 million people using Facebook in Canada, have control over their information," Richter said.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is

Join the CSO newsletter!

Error: Please check your email address.

Tags Internet-based applications and servicesOffice of the Privacy Commissioner of Canadaregulationsecuritysocial networkinggovernmentinternetprivacyFacebookJennifer StoddartMichael Richter

More about FacebookIDGOPC

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross and Robert McMillan

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place