Canadian privacy commissioner ends FB probe

Canada’s privacy commissioner has ended an investigation into Facebook’s privacy practices by saying the social-networking site has resolved issues raised in a May 2008 complaint.

Facebook has made changes to its service that resolve privacy concerns raised in a Canadian Internet Policy and Public Interest Clinic complaint, Privacy Commissioner Jennifer Stoddart said Wednesday.

The privacy group complained that Facebook had violated Canadian privacy law by not explaining to users its policies on sharing information with third-party developers. The complaint also accused Facebook of not identifying all the purposes for which it collects users’ information, of not getting express consent to collect sensitive information, and of not allowing users who have deactivated their accounts to easily withdraw consent to share information.

The complaint also accused Facebook of failing to destroy the personal information of users who deleted their accounts and of failing to safeguard personal information from unauthorized access.

Facebook has made “extensive” changes to its privacy protections in response to Canadian concerns, Stoddart said in a statement.

“Facebook has put in place measures to limit the sharing of personal information with third-party application developers and is now providing users with clear information about its privacy practices,” she said. “A major concern during our investigation was that third-party developers of games and other applications on the site had virtually unrestricted access to Facebook users’ personal information.”

A new privacy model seeking user permission for third-party apps is a “vast improvement,” Stoddart said. Third-party apps now must inform users of the categories of data they require to run and must seek consent from users, she said.

The Office of the Privacy Commissioner (OPC) could have sought a court order if Facebook had not resolved the privacy concerns, a spokeswoman said.

Although this investigation is closed, Stoddart will continue to monitor the website, she said. Stoddart has asked Facebook to improve its oversight of app developers and to better educate them about privacy, she said.

“There is still room for improvement in some areas,” she added. “Facebook is constantly evolving, and we are actively following the changes there — as well as on other social networking sites. We will take action if we feel there are potential new violations of Canadian privacy law.”

In addition, Stoddart’s office has received more complaints about Facebook since the 2008 complaint. The office is examining those newer complaints.

Facebook made changes to notifications and to its privacy policy in response to the Canadian investigation, said Michael Richter, the company’s chief privacy counsel. Facebook also introduced a granular permission process for third-party apps, he said in a statement.

During the past year, Facebook has also made a number of privacy improvements not prompted by the Canadian investigation, including a redesign of the privacy page, Richter said.

“Both Facebook and the OPC share the same goal of ensuring that everyone, including the more than 15 million people using Facebook in Canada, have control over their information,” Richter said.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant’s e-mail address is grant_gross@idg.com.