Canada: Facebook violates privacy laws

Canada's privacy commission has published a report claiming that Facebook is breaching Canadian law by holding on to users' personal information indefinitely.

Privacy Commissioner Jennifer Stoddart says Facebook should hang on to the data only for as long as necessary according to the BBC .

More than 250 million people use Facebook and approximately 12 million in Canada alone access the popular social networking site.

The report concluded that Facebook's privacy policies are often confusing or incomplete. When users "deactivate" their account Facebook keeps their personal information so that they can easily re-enable the account at a later date. This policy breached Canada's privacy laws according to Stoddart.

Under Canadian law, Stoddart can take the case to a federal court to force new solutions in place. It's not yet clear whether Stoddart is planning to take action.

Report a problem with article
Previous Story

Power Pack 3 for Home Server announced, inc Win 7 support

Next Story

Twitter hacked, personal documents leak

30 Comments

Commenting is disabled on this article.

Facebook terms are also illegal in spain in terms of privacy laws. If they complied with it, i would have power over the data and they could not keep it for a single second after I left if I so decided (unless they are bound to keep it for a period of time for security reasons or something).

But apparently nothing can be done since facebook is established in the US and bound to US laws, obviously.

It may be established in the US, but if any links retain to spain or revenue generated from spain they would be considered a business and have to comply.

Thats what Canada is getting at, and the option does exist but its buried - it should be visible with deactivate account, not in a mess of help documents and a shady link.

Its deceit on Facebooks part to trick people into leaving their information on the servers and keep their member count high as a deactivated member is 'still' a member... Plus facebook could sell the statistics of said persons account for revenue to research marketers.

By the way, you can delete your Facebook account with this link (Note: you need to be signed in). Here's what it says:

Delete My Account
------------------------
If you do not think you will use Facebook again and would like your account deleted, we can take care of this for you. Keep in mind that you will not be able to reactivate your account or retrieve any of the content or information you have added. If you would like your account deleted, then click "Submit."

I found it in the Privacy Help section here.

Anaron said,
By the way, you can delete your Facebook account with this link (Note: you need to be signed in). Here's what it says:


I found it in the Privacy Help section here.

Thank you.
I reactivated, clicked link, clicked helps link, entered my password and submitted.It said it deleted my account seemingly painlessly. Talk about an easy to find link! only took 6 months...

14 days and my account should disappear 100% with no remnants of anything left behind. within the next 2 weeks I could reactivate my account if I attempt to log back in.

We will see.

splur said,
Even if this does win in Canada, you understand that they'll probably change it for Canada alone right?


Once a precedent has been set, it's only a matter of having another country go "me too".

YAY! Something I posted in the BPN made it to the front page! Aaaaaanyways, I sort of agree with the conclusion made by this law group thingy at the University of Ottawa. The data is handed out much too easily. Things *should* be a little tighter.

Did you submit the news to the news desk using the link on the front page? Annnywaaaays, if you didn't I'm not sure why you are complaining.

Actually the privacy settings too need a strong revision, more options are needed.
What if i put a person in a friends list which i make that list not able to see my pictures, so that person only clicks cancel account then he restores it back in a second, so he be removed from that list and when he restore his account he is not in it, so what happens is that he can access my pics.
In general privacy settings are very weak, new options must be added !

Don't see a reason to hold user data indefinitely. If a user wants it permanently deleted then they should allow it. If anything, it saves them wasting money and resources keeping old data. Like Google who don't delete anything, what a pain increasing data storage infinitely to store old information.

Emil Valsson said,
How can Canada impose Canadian laws upon an American company which provides free service to their users?

My guess is because the service is used in Canada and Facebook receives revenue from Canadian advertisers.

International companies operating in Canada are subject to Canadian law, whether they be operating here physically or virtually.

When this item first hit the wires yesterday, my first response was "big deal", but when you look into what the Privacy Commissioner is concerned about, it's pretty valid.

All those apps/quizzes/games that get access to ALL of your information, who's holding them accountable? How do we know if any of that data is being abused? If an abuse arises, how do we know which developer to hold accountable? And how do we know they don't maintain that data themselves even if Facebook deletes it after an account deletion?

ANYBODY on FB should be concerned.

I was going to say the same. When someone cancels their account, they should be given the option - surely that wouldn't be hard.

Calum said,
There's no need to store a user's personal information indefinitely. No need at all.

Agreed. Facebook should implement a system where accounts/personal information are deleted after a long period of inactivity.

Wow!

OK, I have nothing against Facebook, but I do agree more sane privacy restrictions should be put in place. Nothing that really affects how it functions, but things like this.