Forgot your password?
typodupeerror
Privacy Social Networks The Internet Your Rights Online

Facebook Faces the Canadian Privacy Commissioner 140

Posted by timothy
from the soory-aboot-that-yah dept.
dakohli writes "Canwest's Sarah Schmidt writes that Facebook has until Monday to find a way to fix its 'serious privacy gaps.' And if the Canadian Privacy Commissioner isn't happy with the Web Company's response, then she has two weeks to push it to the Canadian Federal Court in Ottawa. 'A spokeswoman for the commission said it's premature to say whether the feud will end up in court. This would be an international first for Facebook, which has grown to more than 200 million users since its launch in 2004.'"
This discussion has been archived. No new comments can be posted.

Facebook Faces the Canadian Privacy Commissioner

Comments Filter:
  • "void where prohibited"
    • by zappepcs (820751) on Sunday August 16, 2009 @11:36PM (#29088253) Journal

      That one phrase is one of the most interesting and most insulting that can be used. Void where prohibited is the same as saying we're not sure where a judge will rule this illegal, but in case they do, you lose. Why not be user friendly (anyone remember that phrase?) and say what laws you ARE in compliance with, perhaps listing a reference to your licensing documents? Even lawyers are prohibited from practicing law in regions they are not licensed for. Yes, I realize that the WWW is not quite the same thing, but in the EULA you should mention all the regions where it is legal and above board since the L in EULA stands for license. As a user, if you don't know where you are in compliance, how the hell am I supposed to know? While 'buyer beware' always applies, in this day and age, it's not unreasonable to expect that a service list where it is in compliance with privacy laws in their privacy statement.

      As far as Facebook users should be concerned, if the government of Canada thinks there are privacy violations, there are... at least until Facebook clears the matter up unequivocally and publicly. After all, how can I in good faith sign or accept a EULA if I cannot be sure your service is in compliance with the applicable laws? DING That is to say that EULAs are wrong from word one, but staying on point, if there is to be one, shouldn't the burden be on the provider to show what privacy laws they are in compliance with?

      • Re: (Score:3, Interesting)

        Or, how about, users research what they are getting into in the first place? Do you seriously expect facebook to go through the law books on every national and local level and state which laws, where, they are in compliance with, AND keep up-to-date on them? That's impossible, and ridiculous. I can't seriously fathom how you could seriously consider forcing someone to go through laws everywhere stating how they are in compliance with them.

        Do you own a web site? Any sort of a web site? Good, because tha

        • Re: (Score:3, Funny)

          Do you seriously expect facebook to go through the law books on every national and local level and state which laws, where, they are in compliance with, AND keep up-to-date on them?

          Just provide a link to Pacer [wikipedia.org] and the Canadian equivalent. (grin)

          Reminds me of the old joke:

          GIVEN: The entire body of current mathematical thought;

          PROOF: The proof follows by examination. QED.

        • I can't seriously fathom how you could seriously consider forcing someone to go through laws everywhere stating how they are in compliance with them.

          Someone, somewhere, has to do it, whether the consumer or the provider of the service. Companies should be paying the 'nice' men in three-piece suits to say, actually do some work, rather than expecting the user (or the government) to point out when they've done fucked up. The casual user isn't likely to know the law very well, outside of the basics, nor do they have the resources to fully research and understand, particularly when it comes to determining judicial interpretation and precedent--unless they

          • Re: (Score:2, Insightful)

            by JNSL (1472357)
            Nobody has to do it. This is just how the world works. You figure out what to do when/if somebody finds a problem/some non-compliance. The internet is such a different beast that you simply cannot (it's both a time and money issue) be assured of compliance. We tacitly accept this by using the internet. Throw in the fact that there are no reliable ways to find locations, and you really see the world the internet creates.

            Also, your portrayal of the lawyers is kind of ridiculous. Lawyers aren't being lazy. The
          • Re: (Score:3, Insightful)

            by the_womble (580291)

            If you put the burden of websites to be compliant with every law in the world, it is going to be very difficult for small sites and startups.

            • by plastbox (1577037)
              Wrong. If you put the burden of websites to be compliant with every law in the world, you make every site owner, hosting provider and ISP in the world a criminal.
        • Re: (Score:2, Insightful)

          by stagg (1606187)
          I don't think the EULA is particularly significant compared to their violations of Canadian copyright law. To throw up an unjust comparison: You can host child porn behind a strict EULA all you want, but they'll still toss in you in jail.
          • Re: (Score:2, Insightful)

            An EULA is a contract, and the first rule of contracts is that they cannot constitute anything illegal. You may sign a contract giving a third party full permission to murder you, but since murder is illegal, a jury will still convict said third party.

        • by crossmr (957846)

          Do you seriously expect facebook to go through the law books on every national and local level and state which laws, where, they are in compliance with, AND keep up-to-date on them?

          Why not? Any brick and mortar store would have to if they tried to expand into an area. If companies can't be arsed to look up the laws which apply to their business in a country they support, then they shouldn't be doing business there.

      • by thirty-seven (568076) on Monday August 17, 2009 @12:07AM (#29088403)

        As far as Facebook users should be concerned, if the government of Canada thinks there are privacy violations, there are...

        The Privacy Commissioner is an officer of parliament (who reports directly to the Senate and the House of Commons), not an official of the Government of Canada.

        • Re: (Score:2, Informative)

          by Xveers (1003463)
          Though one could also point out that as an officer of parliament, they -are- a part of the Government of Canada...
          • by ahankinson (1249646) on Monday August 17, 2009 @06:32AM (#29089703)

            The Government of Canada is currently led by Stephen Harper. The Parliament of Canada is 308 House of Commons members and 105 Senators; the government answers to the House of Commons, and the Governor General asks the membership of the Commons to form a government from their membership which, by custom, is the leader of the majority party. Parliament is above the Government, and serves to keep the Government in check.

            Technically, then, the Government is a part of the Parliament, not the other way around.

            (Fun fact: There are actually three components of Parliament: The House, the Senate, and the Library of Parliament.)

        • by Guspaz (556486)

          Care to define the difference? Because you're splitting hairs at best.

          • by Mashiki (184564) <mashiki@gmai l . c om> on Monday August 17, 2009 @03:23AM (#29089093) Homepage

            Someone who reports directly to the house and senate is beholden to them. This means committees not individual people like normal bureaucrats, which means there is a much higher level of standard regarding issues when push comes to shove in a body like this. The privacy commissioner is not a regulatory agency like the CRTC, it's an actual oversight board and committee meant to safeguard the privacy of the citizens of Canada.

          • by ceoyoyo (59147)

            A parliamentary officer is much more likely to act in the interest of the people than is a government official. The parliamentary officer, particularly if he reports to BOTH houses, is probably not going to particularly partisan and has to worry less about being replaced if he irritates the prime minister.

        • The Privacy Commissioner is an officer of parliament (who reports directly to the Senate and the House of Commons), not an official of the Government of Canada.

          Officer == Official. He works for the government and is paid by Canadian taxpayers. He is ergo a government official.

          The presumption of corruption and abuse may now resume.

        • In Canadian English, the word government is used to refer both to the whole set of institutions that govern the country, as well as the current political leadership, although with the latter usage the word is usually capitalized to make the distinction.[2] Thus, Canadians would say that Prime Minister Stephen Harper's Government is currently administering the Canadian government. Contrasts can be drawn with the British usage, where the government is referred to as the state, and the American usage, where th

      • Re: (Score:3, Informative)

        by Trepidity (597)

        I can see it as being reasonable in some cases. One of the most common is with contests and giveaways, which essentially means, "if contests with cash prizes such as this one aren't allowed where you live, then you can't enter this contest, obviously".

  • Finally (Score:5, Insightful)

    by Anonymous Coward on Sunday August 16, 2009 @11:30PM (#29088213)

    At least one country is going to try to close this massive loophole of never destroying a user's information when they want to remove their account. I mean I can understand that being able to just "deactivate" an account is useful when a user just wants to stop using facebook for a while but how hard is it to have a remove feature that deletes a users information?

    • by RobVB (1566105)

      how hard is it to have a remove feature that deletes a users information?

      Not very hard at all, but it's handy to keep your users' information even after they deactivate their accounts if it doesn't get you into trouble.

      Facebook could just implement some of these changes for Canadian citizens or people with a Canadian IP, but I hope this has international consequences.

      Leave it to Canada to solve all our problems, eh?

    • Re:Finally (Score:5, Insightful)

      by Alphanos (596595) on Monday August 17, 2009 @12:06AM (#29088387)

      It's more complicated when the data may be the result of collaborative effort. If two users have a detailed conversation, then one wants all data associated with them deleted, what happens when the other user complains?

      Now in that case it still seems fairly clear that the privacy concern should come first, but as we get increasingly collaborative works, where is the line drawn? Let's say someone makes a Facebook app that lets multiple users create works of art together, or literature. There is another side to this issue.

      • That is a special case, yes, but I would assume that, with a collaborative work, when one person dissents to continued display or holding of that work, the other(s) can't over-rule them on that, and the content would have to be taken down/removed. Just speculation, IANAL after all.
        • That may be how things work.

          Is that how they should work?

        • Re: (Score:3, Insightful)

          by lennier (44736)

          "That is a special case, yes, but I would assume that, with a collaborative work, when one person dissents to continued display or holding of that work, the other(s) can't over-rule them on that, and the content would have to be taken down/removed."

          IANAL either, but it seems on a naive reading that that policy would be incompatible with Open Content such as the GFDL/cc-by-sa. Because the first rule of open content is that nobody gets to remove ANYTHING after it's published, 'privacy' or any other personal p

      • by syousef (465911)

        Now in that case it still seems fairly clear that the privacy concern should come first

        Does it? Why are you posting on slashdot? You can't delete your posts once posted! I think once you post something you make it public. No take backs allowed. It's not a privacy concern. If I run out and tell everyone I eat worms, I don't get to destroy everyone else's memories if I decide I want to take it back. If I print an ad in the newspaper I can't ask for all copies of the paper destroyed if I change my mind.

        It's on

        • Re: (Score:3, Informative)

          by j-stroy (640921)
          The roots of this go right down to the core of: The Canadian Charter of Rights and Freedoms, and the equivalent legal tracts in other countries.
          vs
          The corporate charter that companies such as Facebook are granted.

          Corporate charters historically were granted very rarely and can be revoked (still). The legal prop that gives so many ball-busting industrial monoliths the power to trample governments, and citizens is that an incorporated company has become a weird person/non-person hybrid. This relentless leg
          • Re: (Score:3, Insightful)

            by Opportunist (166417)

            Quite an interesting analogy between corporations and AI. Mostly because a corporation is already what we'd fear most in an AI: Intelligence without moral or conscience.

            Sure, a corporation is still staffed with humans and every human might have a conscience. But he can put it at ease and silence it, citing the "necessity" to do what he does. Take layoffs. Joe in accounting is going to be sacked, with a pregnant wife, three kids and mortgage payments he can't handle if he didn't have this job. You're his sup

      • by Mia'cova (691309)

        I'm going to disagree with you. I've seen an explanation from facebook follow quite the same logic as your post. Without being rude, I'd like to say maybe you've seen that and taken the idea too far. It's certainly true that an entity such as an 'email' can exist in two places (their sent box, your inbox). With a closed system, this will typically be handled in two ways, either make two copies or two references to the same copy. In both cases, when both users request deletion, the content should be erased c

    • Re: (Score:3, Insightful)

      by nacturation (646836) *

      At least one country is going to try to close this massive loophole of never destroying a user's information when they want to remove their account. I mean I can understand that being able to just "deactivate" an account is useful when a user just wants to stop using facebook for a while but how hard is it to have a remove feature that deletes a users information?

      If I close my Slashdot account, will Slashdot purge all of my posts as well?

  • by MickyTheIdiot (1032226) on Sunday August 16, 2009 @11:31PM (#29088223) Homepage Journal

    Keep your private information private by not posting it on Facebook!

    • by Anonymous Coward on Monday August 17, 2009 @12:17AM (#29088439)

      The only way to do that is never use facebook at all, perhaps the solution I should adopt myself, but it's a bit too late.

      The problem I have been having is what other people in my network post about me. I have no control over that and no right to demand it be removed other than politely asking but most people dont listen to such requests because they dont understand why someone might care. Apart from being tagged in numerous photos most of the events i go to are listed as having me invited regardless of the fact I never read the invites.

      Basically from a careful computer aided study of facebook you can find out for the average user:

      A 3d model of their whole body with especially detailed facial features
      Their location a percentage of the time without variable certainty
      A fairly accurate weighted graph of most of their associates and friends (plus all the listed information about those people)
      A rough idea of their habits, personality and political leaning

      I am no privacy nut but this is more information than i want about me on the web. I think people fail to understand how much can be extrapolated from a massive database of small details.

      • Re: (Score:3, Insightful)

        by QuantumG (50515) *

        You do have the option of having no friends on Facebook. Similarly, if you don't go out in public you don't have the problem of your friends taking pictures of you. There's always the unibomber style shack life, consider it.

      • Actually, I use Facebook because I can control what of my private information I put out on the web. If I used my blog or twitter, or posted my photos on Flickr, everyone would be able to see them. With Facebook I can address a closed, authenticated user group.

        It really depends on how you use Facebook IMO, and yeah, if other people leave stuff about you, that's bad.

        I guess people love communication and hate feeling alone; not using social networks can not be the answer. It's like "don't use phones" because t

        • Here is an interesting privacy issue that Facebook has had for YEARS.

          Alice posts an album with one photo that has her friend, user Bob, tagged in it. User Charles, who is friends with Bob (but not Alice) will more likely than not get an update saying "Your friend Bob just got tagged in an album!" and now Charles can see the entire album that Alice posted, whether or not Bob is actually in any more than one photo. This can also happen if Bob, instead of being tagged in the album, merely comments on a photo i

          • Re: (Score:2, Informative)

            by HJED (1304957)
            This is incorrect Facebook has a number of different privacy settings for photos:
            • Everybody - everyone on Facebook can see these
            • Friends of Friends - Your Friends and there friends.
            • Friends - Your Friends
            • Just you- self explanatory

            X only gets update about Y(who he doesn't knows) photos if one of the first two is selected (must people chose the first).

      • by lennier (44736)

        1. Cross-link Facebook, Slashdot, Twitter, Second Life, Google Earth
        2. Create detailed 3D body model for all Slashdotters
        3. Render 3D models to latex masks [youtube.com].
        4. Render 3D models to simulated virtual environment [opencroquet.org]
        5. Capture, drug and equip Slashdotters with goggles [i-glassesstore.com]
        6. Replace real-world Slashdotters with robot duplicates [vub.ac.be].
        7. Profit! [webcomicsnation.com]

        • by syousef (465911)

          1. Cross-link Facebook, Slashdot, Twitter, Second Life, Google Earth
          2. Create detailed 3D body model for all Slashdotters
          3. Render 3D models to latex masks.
          4. Render 3D models to simulated virtual environment
          5. Capture, drug and equip Slashdotters with goggles
          6. Replace real-world Slashdotters with robot duplicates.
          7. Profit!

          Steps 1-5 are a lot of effort when you could just create a large number of over and under weight asexual robots with no body strength that consume caffeine and pizza, and end up with a

      • by syousef (465911)

        The only way to do that is never use facebook at all

        Bingo!

        perhaps the solution I should adopt myself, but it's a bit too late.

        Only for older information.

        The problem I have been having is what other people in my network post about me. I have no control over that and no right to demand it be removed other than politely asking but most people dont listen

        You've got no control over what people say about you period, beyond the ability perhaps to sue (which is one way to solve the problem, sue all your friends and

      • Who do you think will do the analysis. Some people can get the data anyway.

        A 3d model of their whole body with especially detailed facial features

        The government can already get that from your passport photo, driver license photo, security camera photos etc.

        Their location a percentage of the time without variable certainty

        If you carry a mobile phone your phone company and the government can both track you far better. The government knows when you enter and leave the country, and, in many countries, knows where you are going (at least initially). Uising credit cards or ATMs or any other interaction with a bank creates a trail that can be foll

      • I do have an account on various online media. None of which contain any information about me that would immediately allow you to make a connection to the person that I really am. There are no names, there are no locations (going so far that I try to avoid as good as I can to tell what country I come from), there are no friends that aren't exclusive for the online medium I participate in. There are different ICQ numbers and mail accounts for every online group, with different names. The names I choose are us

      • by PhotoGuy (189467)

        I think the average person grossly overestimates the value of this data. In short, unless you're a celebrity, or stalked by an ex, or something, *NOBODY CARES* about this data. (Other than friends, viewing it for its intended purposes, of course.)

        And if you're a celebrity, or being stalked, odds are you take some extra privacy measures in your every day life (don't leave blinds up, etc.), so maybe you should take similar measures online (don't publish friends lists to the world).

        Facebook does have some pr

    • Re: (Score:2, Insightful)

      by stagg (1606187)
      Absolutely. But the job of the Canadian Privacy Commissioner is certainly not to tell citizens to keep their mouths shut if they want their secrets kept.
      • Re: (Score:3, Insightful)

        by m0rph3us0 (549631)
        Actually that is the best way to keep a secret, and it works for more than just Facebook too. Seriously though, if people don't like Facebook's policies just stop using Facebook.
        • by compro01 (777531)

          Seriously though, if people don't like Facebook's policies just stop using Facebook.

          The thing at issue is that doesn't solve the problem of them having your data.

  • by tjstork (137384) <todd.bandrowsky@nOsPAm.gmail.com> on Sunday August 16, 2009 @11:33PM (#29088237) Homepage Journal

    Facebook announces that it will open up a new data center in Ontario.

  • by s4m7 (519684)
    block all canadian access to facebook. put an explanation of why with the contact person from the canadian privacy comission. problem solved.
    • This wouldn't be of any assistance; those Canucks are rather industrious, and would find ways around such filtering. Thus, Canucks would still exist on Facebook, and there would be a pissed off Privacy Commision bloke getting calls at their office getting increasingly pissed at Facebook.
      • by s4m7 (519684)
        But the point would be that Facebook would no longer be conducting its business within Canada, and therefore not subject to Canadian law. Canada probably has roughly 10 million Facebook users, or about half a percent of the Facebook usership. Would the half a percent in ad revenue really be worth the IT salaries in coming up with a way to delete user data from multiple server backups and working analysis copies and the lawyer salaries to verify that satisfies the Canadian law?
        • by gnud (934243)
          Well, maybe if other countries could be likely to raise similar demands.
    • Re: (Score:1, Insightful)

      by Anonymous Coward

      Yeah, that sure makes sense given that Canada has the highest per-capita Facebook usage in the world. How nice of you to think it acceptable just to cut off Canadians. What a fucking asshole. You know, we would really appreciate a way to solve this without just banning us from the service.

      • You know, we would really appreciate a way to solve this without just banning us from the service.

        Actually, that's the purpose of just banning you from the service -- getting you pissed off enough to call this person, who, if she gets enough calls, would presumably let Facebook do whatever they want.

        I don't agree with this -- I think Facebook really should just start actually deleting people's information when they make that request. But there have been times when I really think a website should've taken similar steps -- for example, one of the bigger ways for Google to help net neutrality would be to c

    • Re: (Score:2, Interesting)

      by stagg (1606187)
      You say that like it's a joke, but it wouldn't be the first time a website had been blocked on a national level, and it isn't necessarily a bad idea. ...and somehow I suspect the lost advertising revenues would get facebook's attention long before the calls of irate citizens annoyed the answering service at the Canadian privacy commission. Only one in a thousand people will bother to call the government and complain, most will probably just fill out internet polls on whatever new social networking site they
      • by s4m7 (519684)
        no joke at all. Working from my estimate of 10 million Canadian Facebook users (which would be about 1 in 3 Canadians, an awfully generous ratio) you're looking at about a half a percent of Facebook's advertising revenues. if only 1 in 1000 of them call the privacy office that's still 10,000 calls: A volume I would wager the CPC isn't equipped for. if the number of users is significantly lower than that, it's a rounding error on Facebook's balance sheet.
    • block all canadian access to facebook. put an explanation of why with the contact person from the canadian privacy comission. problem solved.

      awesome idea...then no one would be able to delete their own accounts...and they couldn't complain either...right?

  • Finally (Score:3, Funny)

    by miracle69 (34841) on Monday August 17, 2009 @12:54AM (#29088571)

    This will force the Canadians to Bomb the Baldwin family.

    • by Gerafix (1028986)
      We already have with our homemade BC Bud Bombs, guaranteed to prevent terrorist attacks and good acting.
  • Last I checked, Facebook was a US company with no presence in Canada. Do they really have to care about Canada's laws?

    I mean, if I start a website and let anybody use it, I'm not suddenly subject to Canada's privacy laws just because some Canadian uses it.

    Or am I mistaken somehow, and FB does have an actual physical presence in Canada?

All life evolves by the differential survival of replicating entities. -- Dawkins

Working...