News

News Release

Privacy Commissioner: Facebook shows improvement in some areas, but should be more proactive on privacy when introducing new features

Findings of three complaint investigations by the Office of the Privacy Commissioner of Canada suggest Facebook has improved its practices in some areas, but needs to be more proactive in building privacy into new features.

OTTAWA, April 4, 2012 – Facebook has shown greater awareness of users privacy rights, but still needs to do a better job of considering privacy issues before rolling out new features, Privacy Commissioner of Canada (OPC) Jennifer Stoddart said today in announcing the findings of three complaint investigations involving the popular social networking site.

“Looking at the results of these investigations compared to when we first investigated the organization a few years ago, Facebook appears to be giving privacy more consideration in some areas, including providing clearer, more understandable information to members on various personal information handling practices,” says Commissioner Stoddart. “Despite these general improvements, we were disappointed that Facebook hadn’t anticipated the widespread privacy concerns that followed the launch of its ‘friend suggestion’ feature. Privacy must be built in at the front-end – not added after the fact in response to negative reactions from individual users and data protection authorities.”

The Office has concluded investigations of Facebook related to the following issues:

  • Friend suggestions: Upon receiving emails to join the site including friend suggestions depicting Facebook members they indeed knew, some non-members alleged Facebook must have accessed their email address books without consent. Our investigation found no evidence of this, but did find that Facebook had used their email addresses to generate friend suggestions without proper knowledge and consent. During the investigation, Facebook addressed our concerns, and the complaints were deemed to be well-founded and resolved.
  • Social plug-ins such as “Like” or “Recommend” icons: A complainant alleged that Facebook and third party sites hosting its plug-ins were collecting and sharing information about users without their knowledge and consent. Our investigation found that Facebook was not sharing the personal information of its users with organizations hosting social plug-ins. As such, the complaint was determined to be not well-founded.
  • Authentication practices to confirm a user’s identity: This complainant alleged that Facebook collected more personal information than necessary in order to grant access to a user’s Facebook account. Our investigation found that Facebook had clearly informed its users of the purpose of the collection as a security measure. In the end, the complaint was determined to be not well-founded.

Further details are included in an attached backgrounder while the reports of findings are available on the OPC website.

In 2009, the OPC also conducted an in-depth investigation into Facebook’s privacy practices and policies at that time. That investigation resulted in numerous changes to the site. “We welcome the improvements that have resulted from our past work and the audits and investigations by our international colleagues. Facebook is one of many examples which illustrate how privacy issues have become global in scope and require a global response,” says Commissioner Stoddart.

The Privacy Commissioner of Canada is mandated by Parliament to act as an ombudsman and guardian of privacy in Canada. The Commissioner enforces two federal laws for the protection of personal information: the Privacy Act; and the Personal Information Protection and Electronic Documents Act (PIPEDA).

Related documents:

- 30 -

For more information (media only), please contact:

Scott Hutchinson
Office of the Privacy Commissioner of Canada
E-mail: scott.hutchinson@priv.gc.ca

NOTE: Journalists are asked to please send requests for interviews or further information via e-mail.