Facebook to modify privacy practices after investigation

Share this article:
Facebook has bowed to Canadian privacy officials' concerns that the popular social networking sites is too lax when it comes to protecting members' personal data.

The response by Facebook, which has 200 million users worldwide, comes after an investigation recently was launched by the Office of the Privacy Commissioner of Canada. That agency was responding to a complaint filed by the Canadian Internet Policy and Public Interest Clinic (CIPPIC), a nonprofit privacy advocacy group based at the University of Ottawa.

The clinic was concerned that social networking sites, considering their relative infancy, may not have adopted the most robust privacy policies and enforcement measures, Tamir Israel, staff lawyer for the CIPPIC, told SCMagazineUS.com on Friday.

"There hadn't really been a thorough investigation of how existing privacy standards apply to this new medium," he said.

Canadian privacy officials said the biggest change coming involves third-party applications. Facebook agreed to customize its application platform so that developers must obtain user permission for each category of personal information they wish to retrieve from users.

As it stands now, application developers are free to access information on users who install their programs, as well as data on their "friends," Israel said.

"Ninety percent of these applications only really need very basic information to operate," he said. "But they have access to everything, including your religious views and political affiliation and those kinds of things. None of the applications were telling you what type of information they were collecting or what they need it for."

Israel said this creates "the potential for abuse," even despite Facebook requiring that developers agree to only access the information they need.

"Facebook is promising to make significant technological changes to address the issue we felt was the biggest risk for users: The relatively free flow of personal information to more than one million application developers around the world." Assistant Commissioner Elizabeth Denham said in a statement. "Application developers have had virtually unrestricted access to Facebook users' personal information. The changes Facebook plans to introduce will allow users to control the types of personal information that applications can access."

The social networking site also agreed to give users the option to deactivate or delete their accounts. The distinction is important: The latter results in any personal information belonging to that user being deleted from Facebook servers.

Facebook said that during the next 12 months it will implement the changes, which include modifications to its privacy policy and technical improvements. In addition, users will be encouraged to review their privacy settings to make sure they are appropriate.

"Our productive and constructive dialogue with the commissioner's office has given us an opportunity to improve our policies and practices in a way that will provide even greater transparency and control for Facebook users," Elliot Schrage, vice president of global communications and public policy at Facebook said Thursday in a news release. "We believe that these changes...also set a new standard for the industry."

Share this article:
close

Next Article in News

Sign up to our newsletters

More in News

In Cisco probe, misuse or compromise spotted on all firms' networks

In Cisco probe, misuse or compromise spotted on ...

Cisco analyzed the business networks of 30 multinational companies last year, and revealed the findings in its 2014 Annual Security Report.

Fareit trojan observed spreading Necurs, Zbot and CryptoLocker

The Necurs and Zbot trojans, as well as CryptoLocker ransomware, has been observed by researchers as being spread through another trojan, known as Fareit.

Post Heartbleed, tech giants join initiative to bolster open source

Post Heartbleed, tech giants join initiative to bolster ...

The newly formed Core Infrastructure Initiative, created to boost under-funded open source projects, will tackle OpenSSL first.