Go to the Globe and Mail homepage

Jump to main navigationJump to main content

Facebook CEO Mark Zuckerberg listens to a question from the audience after unveiling a new messaging system during a news conference in San Francisco, California November 15, 2010. (ROBERT GALBRAITH/Robert Galbraith/Reuters)
Facebook CEO Mark Zuckerberg listens to a question from the audience after unveiling a new messaging system during a news conference in San Francisco, California November 15, 2010. (ROBERT GALBRAITH/Robert Galbraith/Reuters)

A regulatory nightmare: Facebook and its goal of a less private Web Add to ...

Outside the lab, however, Facebook members were outraged. "The average user was told 'You must change.' There was no choice. The user felt pushed around," said Jules Polonetsky, co-chairman of Washington-based Future of Privacy Forum.

The controversy attracted the attention of Canada's small Privacy Commissioner after a local Internet advocacy group complained about Facebook's lax privacy safeguards. At the time, the commissioner's office was little known outside Canada, still reeling from a spending scandal under a previous administration.

After months of pushing Facebook for information, then-deputy commissioner Elizabeth Denham flew a small team to the company's Palo Alto headquarters to get some answers.

Ms. Denham declined to discuss the meeting, but people familiar with the session said Facebook vice-president Elliott Schrage and a group of company lawyers and staff met with the regulators in a large boardroom labelled The Canada Room. "You don't understand us," Mr. Schrage insisted. The company's users, he said, were not worried about privacy.

A spokeswoman for Facebook disputed that Mr. Schrage or others challenged the Canadian regulator. After "more that two years with constructive dialogue" with the commissioner, she said "it is clear that we share the same goals of ensuring people have control over their information."

Ms. Denham said that initially, Facebook appeared not to take her office seriously. "I think they thought we were this stodgy group of regulators in Canada with weak legal powers that couldn't do anything to them."

Facebook learned how serious the regulator was when the commission issued a report in July, 2009, that accused them of a number of privacy breaches. Most unsettling was a charge that Facebook was allowing application developers to temporarily scrape personal information, including names, e-mail addresses, birthdates, relationships and education history, every time a user clicked on a game or advertisement.

Although other Internet giants such as Google and Yahoo have quietly shared customer information for years with advertisers, none of it was as personal or as private as the Facebook treasure trove.

The commissioner's report grabbed headlines around the world, prompting Facebook to negotiate a settlement with the regulator. The company eventually overhauled its privacy settings and committed to the Canadian regulator that it would give users the right by August, 2010, to block app developers from storing personal information.

Initially, it appeared the privacy debate had been silenced. But Facebook fanned the flames again in April, 2010, when it unveiled Open Graph, a tool that allows people, in particular marketers and advertisers, to make use of Facebook's store of information about the connections between its users. One of the changes that came with Open Graph was a new policy that allowed application developers to store indefinitely any information they obtained from Facebook user accounts. Previously, the data had to be disposed after 24 hours.

"It was a step backwards," said Ms. Denham, who was recently appointed privacy commissioner for British Columbia. Later on, Facebook switched course again, committing to give users the option to prohibit application developers from capturing their information.

The Privacy Commissioner's experiences with Facebook have changed the way the regulator deals with privacy issues in the digital world. Against a business valued at tens of billions of dollars, the Canadian Privacy Commissioner has decided to team up with her colleagues around the world, in the hopes of speaking with a unified, amplified voice.

Indeed, this September, Canada took a leadership role in establishing the Global Privacy Enforcement Network, a union of 17 privacy offices around the world. Suddenly, Canada's tiny privacy regulator was at the forefront of global digital privacy issues.

TODAY, WHENEVER FACEBOOK INTRODUCES a new feature, it is careful to highlight all the associated privacy controls. When the social network introduced a geolocation service earlier this year that lets users tell their friends where they are, the majority of a Canadian media briefing consisted of instructions on how users can switch the service off.

Report Typo/Error
Single page

Next story




Most popular videos »

More from The Globe and Mail

Most popular