The world's most popular social network has made it easier for its users to become the victims of "blackmail" by watering down its protections of personal information, Canada's top privacy official says.
Facebook executives this week unveiled a series of changes to the site, which now boasts about 400-million users. One of the changes allows third-party developers who design games and other Facebook applications to store user data indefinitely. Previously, developers were required to delete the data after 24 hours.
"I'm very concerned about these changes. More than half a million developers will have access to this data," Jennifer Stoddart, Canada's Privacy Commissioner, said in an interview in her Ottawa office. "The information will be stored indefinitely and it opens the possibility that a lot of people can be blackmailed from all corners of the world."
More than just about any government official in the world, Ms. Stoddart's hard-line stand on protecting consumers' privacy has forced Facebook to fundamentally alter the way it treats personal information, even though Canada's Privacy Commissioner has substantially weaker enforcement powers than many of her global counterparts. After she concluded a 14-month investigation of Facebook last year, the website committed to installing better safeguards by a deadline this summer, including allowing its users to block makers of such popular applications as the game Farmville from culling private information and photos.
"They certainly seem to be moving in the opposite direction," Ms. Stoddardt said. She said the regulator was surprised by the announcement and it does not intend to take any steps until after the deadline expires at the end of July for the social media giant to reform its privacy practices.
Facebook representatives told The Globe and Mail in an e-mail that privacy concerns "are always at the forefront of any new product development."
"During the course of launching any products, including those at f8 [Facebook's developer conference this week] we always consult with a variety of privacy bodies."
Company representatives added that they had previously agreed to launch a new model for users to give permission to applications developers to use their information, and that the company had followed through on that promise this week.
Ms. Stoddart said the company's apparent about-face is the latest in a series of aggressive innovations by "bright young geeks" at Internet companies such as Facebook and Google, who are so enthralled with technology that they are not focusing on basic privacy rights that other brick-and-mortar companies respect. As these Web giants seek to profit from their extensive stores of demographic data, they are finding themselves increasingly at odds with privacy regulators.
"Making unlimited wealth is not a reason for doing away with privacy. The rest of the world's citizens are not comfortable with this," Ms. Stoddart said.
She added that her counterparts in other countries are disheartened by the Internet industry's apparent indifference to privacy concerns and she expects that "an enforcement action" will be taken in the near future against one of the Web's larger players.
She said it is likely that a European regulator will initiate enforcement proceedings because, unlike Canada, most European countries give their regulators the authority to order changes.
"This is a global issue and I expect we will see a global solution."
The commission's pioneering Facebook investigation was triggered by a complaint from an Ottawa privacy rights group, which alleged that the site was not properly informing users about their right to restrict access to their data. Although the commission's powers are limp by global standards, Ms. Stoddart said she decided after some "sleepless nights" that her office "could not duck" the privacy issues posed by Facebook.