Go to the Globe and Mail homepage

Jump to main navigationJump to main content

(Sean Kilpatrick/The Canadian Press)
(Sean Kilpatrick/The Canadian Press)

Social networking

Facebook makes friends with privacy czar Add to ...

Facebook has agreed to changes that will bring the social-networking site into compliance with Canada's privacy law while still leaving the key question of exactly what changes users will see unanswered.

New notifications for users, additions to the site's privacy policy and technical changes that allow users to choose which data they share with third-party applications will all be rolled out over the next year.

"We're satisfied that, with these changes, Facebook is on the way to meeting the requirements of Canada's privacy law," Privacy Commissioner Jennifer Stoddart said.

The organization that brought the issue to the commissioner called the announcement "a huge win."

"We've seen the global impact of our privacy laws," said David Fewer, interim director of the Canadian Internet Policy and Public Interest Clinic at the University of Ottawa.

When implemented, the changes will affect all Facebook users, not just Canadians or those in Canada.

Facebook said it had "set a new standard in the industry."

"Our productive and constructive dialogue with the commissioner's office has given us an opportunity to improve our policies and practices in a way that will provide even greater transparency and control for Facebook users," said Elliot Schrage, Facebook's vice-president of global communications and public policy.

But the slow pace of change frustrated Mr. Fewer. "Here we are 15 months after the complaint, and we don't really have a resolution, we have an ongoing dialogue," he said.

Facebook is developing a new privacy tool that will allow users to set "more granular" default settings. But that change will take another four to six months to be implemented.

One set of changes will mean reprogramming of the site, and require the co-operation of the hundreds of thousands of third-party application developers who create games and quizzes for the site. The company will require applications to specify what information the application wants to access, and obtain express consent from the user before the application gets that data.

Currently, users must give access to all of their personal information on Facebook to the developer if they want to use an application.

Some major third-party developers have not heard from Facebook about what's expected of them.

"We've not received any specific contact from Facebook regarding their planned changes," said Lily Lin, spokesperson for Slide, a developer that makes the SuperPoke application.

Another developer, Sebastian de Halleux of Playfish, which makes the Pet Society game, was pleased with the move, but said most of the technical changes would be done by Facebook.

"The timelines will be driven by Facebook. On our side, it's a light change," Mr. de Halleux said.

Facebook said the changes to the third-party application platform would take 12 months.

Facebook also committed to making it easier to memorialize account holders who have died, and easier for a user to delete an account altogether.

The current-account settings show users how to deactivate their accounts with a few clicks, but Facebook keeps the data. The option to delete an account is available, but hidden and hard to find.

The Privacy Commissioner office's has yet to see how the user would encounter these changes on his or her screen when logged on to Facebook, although Facebook did provide draft language around some of the proposed changes.

Since the fixes haven't been implemented, Facebook will stay in the commissioner's sights for a while.

Meanwhile, the commissioner said another major networking site whose identity she would not disclose had contacted her office. The site will be meeting with her to see how it can comply with Canadian privacy law.


In the wake of the Privacy Commissioner's decision, Facebook users still have a lot of questions about how their personal data are used. Here are some readers' questions based on an online

discussion hosted at globeandmail.com.

What about information that has already been obtained by third-party software suppliers?

Facebook officials suggested in an interview that in some cases, users would have to re-install applications they had added to their profile.

Developers agree to only retain most data they collect for 24 hours. But with hundreds of thousands of developers and a small compliance team at Facebook, it's hard to police this behaviour.

The company and the large developers say that since social media is an "eco-system," the blatant sale or misuse of user data will be detected early, and the site can take corrective measures.

I was wondering about youth and age of consent. How does that apply to Facebook?

Facebook says only users 13 or older can use its service, which is why it collects date-of-birth information. But it doesn't have a good way of policing use by those under 13. Facebook also says it prevents adults from looking at the profiles of minors with whom they are not friends.

What is the penalty for not adhering to privacy concerns? Fines? Shutting down of the company?

The Privacy Commissioner found a violation of the law, so she has a lot of recourse; she can take Facebook to Federal Court to have her decisions enacted, if necessary. What the court could require is anyone's guess. But at the moment, court action has been averted. This will be a continuing dialogue between the commissioner and Facebook.

What happens with photos that are posted on Facebook? Can Facebook use these photos for whatever they want?

By creating an account, you give Facebook "a non-exclusive right" to use your photos. Facebook generally only uses profile picture photos. Occasionally, your profile photo will appear as being associated with a group of which you are a member, and that Facebook recommends one of your friends join. In rare cases where your photo has appeared on an advertisement, Facebook has tried to crack down on it. Here's what Facebook says about the ads: "Those ads violated our policies ... we required the removal of those deceptive ads from third-party applications."

Karim Bardeesy

Report Typo/Error

Follow us on Twitter: @GlobeTechnology

Next story




Most popular videos »

More from The Globe and Mail

Most popular