Facebook Violates Canadian Privacy Law

Canadian Privacy Commissioner Jennifer Stoddart has found that social web giant Facebook violates a number of Canadian privacy laws.  Facebook has about 12 million Canadian users alone, so the privacy concerns affect a large swath of the population.

One of the most egregious concerns is that when a user decides to delete their Facebook account, their personal data remains on the site, and is still accessible by 3rd party applications.

An overarching concern was that, although Facebook provides information about its privacy practices, it is often confusing or incomplete. For example, the “account settings” page describes how to deactivate accounts, but not how to delete them, which actually removes personal data from Facebook’s servers…

“We urge Facebook to implement all of our recommendations to further enhance their site, ensure they are in compliance with privacy law, and ultimately show themselves as models of privacy,” says Assistant Commissioner Elizabeth Denham, who led the investigation on behalf of the Office.

Personally, I’ve never recommended to anyone that they put their personal phone numbers or address in the contact information, precisely because of this lack of total control.  Facebook has already said they will implement some of the recommendations, or provide alternatives, but haven’t yet addressed all the concerns.

That they would be willing to comply to much of it is unsurprising, as Canada actually represents a large user base for the company.  For example, about 5 times as many Canadians per capita use Facebook over the United States (with 23 million).  For a long time, Toronto was the #1 city on the site, until surpassed by London England.