Facebook Faces the Canadian Privacy Commissioner 140
dakohli writes "Canwest's Sarah Schmidt writes that Facebook has until Monday to find a way to fix its 'serious privacy gaps.' And if the Canadian Privacy Commissioner isn't happy with the Web Company's response, then she has two weeks to push it to the Canadian Federal Court in Ottawa. 'A spokeswoman for the commission said it's premature to say whether the feud will end up in court. This would be an international first for Facebook, which has grown to more than 200 million users since its launch in 2004.'"
Don't worry. (Score:0, Insightful)
Finally (Score:5, Insightful)
At least one country is going to try to close this massive loophole of never destroying a user's information when they want to remove their account. I mean I can understand that being able to just "deactivate" an account is useful when a user just wants to stop using facebook for a while but how hard is it to have a remove feature that deletes a users information?
Keeping your information private on Facebook... (Score:4, Insightful)
Keep your private information private by not posting it on Facebook!
Re:Just add to the EULA... (Score:5, Insightful)
That one phrase is one of the most interesting and most insulting that can be used. Void where prohibited is the same as saying we're not sure where a judge will rule this illegal, but in case they do, you lose. Why not be user friendly (anyone remember that phrase?) and say what laws you ARE in compliance with, perhaps listing a reference to your licensing documents? Even lawyers are prohibited from practicing law in regions they are not licensed for. Yes, I realize that the WWW is not quite the same thing, but in the EULA you should mention all the regions where it is legal and above board since the L in EULA stands for license. As a user, if you don't know where you are in compliance, how the hell am I supposed to know? While 'buyer beware' always applies, in this day and age, it's not unreasonable to expect that a service list where it is in compliance with privacy laws in their privacy statement.
As far as Facebook users should be concerned, if the government of Canada thinks there are privacy violations, there are... at least until Facebook clears the matter up unequivocally and publicly. After all, how can I in good faith sign or accept a EULA if I cannot be sure your service is in compliance with the applicable laws? DING That is to say that EULAs are wrong from word one, but staying on point, if there is to be one, shouldn't the burden be on the provider to show what privacy laws they are in compliance with?
Re:Finally (Score:5, Insightful)
It's more complicated when the data may be the result of collaborative effort. If two users have a detailed conversation, then one wants all data associated with them deleted, what happens when the other user complains?
Now in that case it still seems fairly clear that the privacy concern should come first, but as we get increasingly collaborative works, where is the line drawn? Let's say someone makes a Facebook app that lets multiple users create works of art together, or literature. There is another side to this issue.
Re:Keeping your information private on Facebook... (Score:5, Insightful)
The only way to do that is never use facebook at all, perhaps the solution I should adopt myself, but it's a bit too late.
The problem I have been having is what other people in my network post about me. I have no control over that and no right to demand it be removed other than politely asking but most people dont listen to such requests because they dont understand why someone might care. Apart from being tagged in numerous photos most of the events i go to are listed as having me invited regardless of the fact I never read the invites.
Basically from a careful computer aided study of facebook you can find out for the average user:
A 3d model of their whole body with especially detailed facial features
Their location a percentage of the time without variable certainty
A fairly accurate weighted graph of most of their associates and friends (plus all the listed information about those people)
A rough idea of their habits, personality and political leaning
I am no privacy nut but this is more information than i want about me on the web. I think people fail to understand how much can be extrapolated from a massive database of small details.
Re:Finally (Score:4, Insightful)
You have have dozens or even hundreds of backups of said data, which may or may not be fully accounted for.
If anyone who has my personal data can't account for what they've done with it, that's a much bigger concern than not deleting it; quite frankly, if someone tells me they don't know where (X) went, how can they tell me that entity (Y) doesn't have it?
Re:Just add to the EULA... (Score:2, Insightful)
Also, your portrayal of the lawyers is kind of ridiculous. Lawyers aren't being lazy. These companies do not have unlimited budgets. So because there are no clean solutions (laws change all the time, all over the world), you have to hedge your bets a bit.
Finally, the casual user is the same person who makes Joe'sWebsite.com. You cannot hold corporations to a different standard, and these corporations have the same potential reach as the casual site owner: each jurisdiction in the world. And, believe me, just because you're a lawyer does not mean you have all the law down. Most lawyers never have even 1% of the law down. There's just too much of it. You're presented with problems (as a litigator) and you advocate. Or, if a transactional lawyer, you try to foresee problems, account for them, and then hedge your bets with some catchall language (which doesn't always work, mind you).
Re:monday morning (Score:1, Insightful)
Yeah, that sure makes sense given that Canada has the highest per-capita Facebook usage in the world. How nice of you to think it acceptable just to cut off Canadians. What a fucking asshole. You know, we would really appreciate a way to solve this without just banning us from the service.
Re:Just add to the EULA... (Score:2, Insightful)
Re:Keeping your information private on Facebook... (Score:2, Insightful)
Re:Finally (Score:3, Insightful)
"That is a special case, yes, but I would assume that, with a collaborative work, when one person dissents to continued display or holding of that work, the other(s) can't over-rule them on that, and the content would have to be taken down/removed."
IANAL either, but it seems on a naive reading that that policy would be incompatible with Open Content such as the GFDL/cc-by-sa. Because the first rule of open content is that nobody gets to remove ANYTHING after it's published, 'privacy' or any other personal preference be damned. If it's published, it's published forever. So collaboration sites allowing privacy takedowns would have to not use Open Content licences, and therefore, any content produced by them would not be able to be imported into general sites like Wikipedia. That data is efffectively walled off forever.
Have we even touched on the copyright/licencing implications of Semantic Web style mashups of data? What if Facebook exports status updates as RDF and Wikipedia exports pages as RDF and some computer algorithmically links the two? What licence is the resulting RDF dataset under?
Re:Canada? Does it matter? (Score:5, Insightful)
More importantly to Canada, it means roughly a third of the entire country is on Facebook. That's getting into the realm of national security concerns when detailed information that much of your population resides in a foreign country.
Re:Keeping your information private on Facebook... (Score:3, Insightful)
You do have the option of having no friends on Facebook. Similarly, if you don't go out in public you don't have the problem of your friends taking pictures of you. There's always the unibomber style shack life, consider it.
MOD PARENT TROLL (Score:2, Insightful)
Anyone that would express, in public no less, such a statement is inherently less important by whichever ignorant metric a person like you would measure such things.
Re:Keeping your information private on Facebook... (Score:3, Insightful)
Re:Finally (Score:3, Insightful)
if someone tells me they don't know where (X) went, how can they tell me that entity (Y) doesn't have it?
Well it's incredibly difficult to prove the negative statement. The burden of proof would ordinarily fall upon you to prove that Y does have it before accusing X of having passed it to them, and that's assuming that Z didn't breach a contract with X while passing the information to Y.
Basically the lesson is, if you don't want the information public, don't post it on the internet.
Re:Just add to the EULA... (Score:3, Insightful)
They do business with people within those nations, but are not actually situated within those nations, unless of course they have some headquarters in that nation (or locality).
The principle here that applies to facebook also applies to Joe Normals' personal website where he allows people to post comments or perhaps even has his own message board. As he is collecting and storing user information, he, as per the parent's suggestion, as the obligation to go through each and every legal district in the world (as anyolne can visit his website). It doesn't matter if he's a commercial entity or not; the concerns behind privacy violations are still the exact same.
The only other solution is, of course, to restrict websites only to nations or localities where the legality of the website can be ensured. Is this how you want the internet to look? Sounds like a great way to censor oppressed peoples...! After all, I suppose there's a lot of people trying to say *illegal* things about the Iranian government (from within)...! I suppose when search engines are asked by oppressive foreign governments like the Chinese for information on what users have done or posted with them, it's a GOOD THING they are complying with the local laws--they are, after all, doing business with them, no?
There's a strange premise behind all this, and that's that *FACEBOOK* should be responsible. Why not shift the onus on Canadian citizens so only they can go to websites with government-approved "privacy" schemes, with penalties or fines for citizens that do not comply. That's very progressive, right? Social responsibility? Yes? No?
Re:Just add to the EULA... (Score:3, Insightful)
If you put the burden of websites to be compliant with every law in the world, it is going to be very difficult for small sites and startups.
Re:Finally (Score:3, Insightful)
At least one country is going to try to close this massive loophole of never destroying a user's information when they want to remove their account. I mean I can understand that being able to just "deactivate" an account is useful when a user just wants to stop using facebook for a while but how hard is it to have a remove feature that deletes a users information?
If I close my Slashdot account, will Slashdot purge all of my posts as well?
Re:Just add to the EULA... (Score:5, Insightful)
They do business with people within those nations, but are not actually situated within those nations, unless of course they have some headquarters in that nation (or locality).
No. They don't need to headquarters in a nation. They don't even need a branch office. They don't need any staff at all. They only need to have a "presence".
So what is a "presence"?
Pretty much anything that is selling OR promoting your product or service in Canada would count -- "doing business in Canada".
Facebook in particular has deals with the major wireless carriers to promote 'facebook on your mobile phone', and that would qualify it having a Canadian presence. It is actively doing business in Canada.
But Joe Average American running a blog, per your example, is merely accessible from Canada, and he and his site don't have any Canadian presence.
Now if facebook doesn't actually have any offices or staff in Canada, there's not really much that the Canadian government can do directly to them, even if they are deemed to have a presence. But it can go after facebooks canadian partners (such as the aforementioned wireless carriers) and force them to cease dealing with facebook which gives them some limited leverage over facebook insofar as they can make it so that if facebook wants to continue running promotions in Canada, and have its 'app' and 'bookmarks' and whatnot preloaded on phones then it has to meet whatever laws are in place.
Meanwhile they would have zero leverage over your example Joe Average American blogger, who couldn't care what the Canadian governement does in Canada.
Re:Finally (Score:3, Insightful)
Quite an interesting analogy between corporations and AI. Mostly because a corporation is already what we'd fear most in an AI: Intelligence without moral or conscience.
Sure, a corporation is still staffed with humans and every human might have a conscience. But he can put it at ease and silence it, citing the "necessity" to do what he does. Take layoffs. Joe in accounting is going to be sacked, with a pregnant wife, three kids and mortgage payments he can't handle if he didn't have this job. You're his superviser. But you have a family yourself, and if you don't fire Joe, you'll be fired yourself and someone else is going to sack Joe. So you sack him. That game goes up the ladder to the top management. And while those people usually don't know anything about the grunts they hire and fire, even if he did know, he would have to see the 'big picture', that his stocks would go down (even more than they do) if he didn't fire Joe and the others being sacked, and that would mean that even more people would get laid off. It's all due to stock portfolio managers only caring about the performance of your stock. The stock broker in turn can't take pity in Joe. There are many people who trusted him with their money, maybe their whole retirement fund, he can't give "Joe a break" and keep failing stocks, so many people's money is at stake, he has to follow the lead of the stocks' index.
Now, to make matters worse, Joe invested in those bonds. So Joe's to blame for losing his job. Well, not really, he just wanted to invest his hard earned money, hoping he might eventually reach retirement...
Basically, nobody is to blame. There's no big bad bastard, no greedy Scrooge that doesn't care about the misery created by his want for wealth. If you want to blame anyone, blame the system itself that twists everyone's conscience into thinking of the "greater need" and the "need of the many vs. the need of one".
We're already at the moral-less, conscience-less AI that we fear so much. Only that the intelligence is human driven, not artificial per se. We just managed to get any moral inhibitions out of the way, making room for pure intelligence driven decisions that are not tarnished by pangs of conscience.
Re:Just add to the EULA... (Score:1, Insightful)
Re:Just add to the EULA... (Score:2, Insightful)
An EULA is a contract, and the first rule of contracts is that they cannot constitute anything illegal. You may sign a contract giving a third party full permission to murder you, but since murder is illegal, a jury will still convict said third party.