Compliance Management, Privacy, Threat Management

Facebook to modify privacy practices after investigation

Facebook has bowed to Canadian privacy officials' concerns that the popular social networking sites is too lax when it comes to protecting members' personal data.

The response by Facebook, which has 200 million users worldwide, comes after an investigation recently was launched by the Office of the Privacy Commissioner of Canada. That agency was responding to a complaint filed by the Canadian Internet Policy and Public Interest Clinic (CIPPIC), a nonprofit privacy advocacy group based at the University of Ottawa.

The clinic was concerned that social networking sites, considering their relative infancy, may not have adopted the most robust privacy policies and enforcement measures, Tamir Israel, staff lawyer for the CIPPIC, told on Friday.

"There hadn't really been a thorough investigation of how existing privacy standards apply to this new medium," he said.

Canadian privacy officials said the biggest change coming involves third-party applications. Facebook agreed to customize its application platform so that developers must obtain user permission for each category of personal information they wish to retrieve from users.

As it stands now, application developers are free to access information on users who install their programs, as well as data on their "friends," Israel said.

"Ninety percent of these applications only really need very basic information to operate," he said. "But they have access to everything, including your religious views and political affiliation and those kinds of things. None of the applications were telling you what type of information they were collecting or what they need it for."

Israel said this creates "the potential for abuse," even despite Facebook requiring that developers agree to only access the information they need.

"Facebook is promising to make significant technological changes to address the issue we felt was the biggest risk for users: The relatively free flow of personal information to more than one million application developers around the world." Assistant Commissioner Elizabeth Denham said in a statement. "Application developers have had virtually unrestricted access to Facebook users' personal information. The changes Facebook plans to introduce will allow users to control the types of personal information that applications can access."

The social networking site also agreed to give users the option to deactivate or delete their accounts. The distinction is important: The latter results in any personal information belonging to that user being deleted from Facebook servers.

Facebook said that during the next 12 months it will implement the changes, which include modifications to its privacy policy and technical improvements. In addition, users will be encouraged to review their privacy settings to make sure they are appropriate.

"Our productive and constructive dialogue with the commissioner's office has given us an opportunity to improve our policies and practices in a way that will provide even greater transparency and control for Facebook users," Elliot Schrage, vice president of global communications and public policy at Facebook said Thursday in a news release. "We believe that these changes...also set a new standard for the industry."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.