Welcome to PrivacyInfo.ca, a site maintained by Professor Michael Geist of the University of Ottawa, Faculty of Law. The site features summaries of all of the Canadian Privacy Commissioner's decisions under the Personal Information Protection and Electronic Documents Act (PIPEDA) . While those decisions are available in full-text on the Commissioner's site, this site provides additional search functionality, including full-text searches as well as searching by individual provisions, sector, and outcome.
The site also contains links to Canadian privacy legislation, privacy law news, and other resources. For regular updates of new decisions and additions to the site, click here.
This site is not affiliated in any way with the Canadian Privacy Commissioner's office. It is provided for informational purposes only and should not be treated or relied upon as legal advice.
Lots of coverage this morning on the remarkable Facebook settlement, which represents a major success for Canadian privacy and CIPPIC (which launched the case). The best source of information on the forthcoming changes come from the Privacy Commissioner's letter to CIPPIC. Podcast of the press conference available here.
The Privacy Commissioner of Canada will hold a news conference this morning at which she is expected to reveal that her office and Facebook have reached an agreement on privacy changes at the social networking site.
Canwest reports that the clock has run out on Facebook complying with the Privacy Commissioner of Canada's privacy finding. The Commissioner now has two weeks to go to court to obtain an order requiring compliance.
Update: Facebook is reportedly ready to file a plan to address the Commissioner's issues by the end of the day.
Not sure how I missed it, but the Privacy Commissioner of Canada recently issued a well-founded finding against Accusearch, which does business as Abika.com. The case is noteworthy since CIPPIC went to the Federal Court to force the Privacy Commissioner to launch its investigation (the case raised interesting jurisdictional questions). The Commissioner was assisted by the FTC in its investigation.
Google Canada's Jacob Glick has an op-ed in the National Post that discusses Google's approach to privacy. It arguest that "privacy is best protected by good product design."
The Office of the Privacy Commissioner of Canada has released its long-awaited finding (media release, finding, backgrounder) in the complaint against Facebook on a variety of privacy grounds. The complaint was launched by CIPPIC in May 2008 (note that I am an advisor to CIPPIC but had no involvement in this complaint). The case marks an important step in assessing how Canadian privacy law addresses social media with the Commissioner identifying some significant concerns. Moreover, as the case potentially heads to court, it will be closely watched to see whether the findings can be enforced against a global social media power like Facebook.
The big issues include:
Default Settings: The Commissioner was generally satisfied with Facebook's "extensive privacy settings." The finding notes that consent is different in a site like Facebook since users voluntarily upload their personal information. She concluded that Facebook's defaults were reasonable and that the large number of settings meant that choices needed to be made. There were a couple of exceptions - photo privacy and search privacy - and Facebook is planning to introduce a "Privacy Wizard" within the next 60 days to address the concerns.
Facebook advertising: The Commissioner was generally satisfied that the advertising does not run afoul of privacy law, though she concluded that a clearer explanation of the practices is needed. Facebook agreed to some changes to address the concerns.
Third-Party Applications: The Commissioner identifies several concerns about third-party applications including a lack of information about third-party apps, the availability of too much personal information to third party developers without Facebook monitoring, inadequate disclosure to users about what is being disclosed, lack of consent, and lack of control over personal information with third-party developers. Facebook objected strongly to these findings, but the Commissioner stands by the concerns associated with privacy safeguards and consent. Facebook has thus far refused to comply.
Account Deactivation and Deletion: The Commissioner was generally satisfied with account deletion option on Facebook. The primary concern involves account deactivation, where the account is effectively retained but inaccessible to the public. The Commissioner notes that "the longer an account remains deactivated and the information in it unused, the more difficult it is to argue that retention of the user’s personal information is reasonable for the social networking purposes for which it was collected." Further, the Commissioner expressed concern that the difference between deactivation and deletion is insufficiently clear. Facebook has refused to set a clear timeline for account deletion after a user has deactivated.
Deceased Accounts: Facebook allows for the retention of accounts as a memorial for someone who is deceased. The Commissioner found that there is inadequate disclosure of the practice to users when register for the service.
Personal Information of Non-Users: This arises when users post personal information about non-users on their profiles (including tagging on photos and videos) or provide Facebook with the email addresses of non-users. In many instances, this activity falls outside the law (ie. a user tagging a photo is a non-commercial activity). However, where Facebook sends an email notification to a non-user about a tagged photo or provides the "Invite New Friends" feature, the law kicks in. The Privacy Commissioner has asked Facebook to address the tagging of photos, invitation system, and retention of non-users email addresses. Facebook declined to do so.
Facebook has 30 days to address the outstanding issues. If they continue to decline to do so, the Commissioner can go to Federal Court for enforcement. The finding is one of the longest and most detailed in memory as it chronicles not only the complaint and findings but the negotiations with Facebook in addressing the concerns. In doing so, it represents the most exhaustive official investigation of Facebook privacy practices anywhere in the world.
posted
on Thu. Jul. 16/09
Site Last Updated: 2009-08-02 Copyright (c) 2003 Michael Geist
First (12/06/2007)
Previous
#23 of 27
Next 
Last (12/01/2009) 
