ARCHIVED - Privacy, Social Networking Sites, and the Canadian Approach:
Protecting a Pluralistic Conception of Privacy Through Principle-Based Regulation
Paper presented to ITechLaw 2010 World Technology Law Conference
May 20-21, 2010
Legal Counsel, Office of the Privacy Commissioner of Canada
Introduction Footnote 1Top of page Table of contents
It would be trite to say that social networking sites (“SNSs”) are changing the way people communicate with each other. Generally speaking, SNSs are web-based services that allow individuals to create a profile and share information with other individuals through a web-based platform.Footnote 2 This broad definition also includes social web-based services such as Twitter, that allow people to broadcast tidbits of information to a circle of followers, or sometimes, to the general public. The rise in these Internet-based networking sites has brought into question a number of conceptions we have as to how we as humans communicate.
While SNSs may have their benefits, we are only now gaining a better appreciation of the more negative implications that flow from sharing a wealth of information online. SNSs are a relatively new popular phenomenon, and users can be so taken by the novelty of these sites that they can forget that there are consequences to posting information on a SNS. Users can also underestimate the full extent to which information they post can be disseminated or used.
With this seemingly growing appetite to share information, we would be tempted to think that user privacy is a wayward, if not altogether dying, concept in the context of SNSs. However, to think so neglects a more pluralistic view of privacy that includes the fundamental importance of obtaining one’s consent prior to using his or her personal information, and ensuring an individual retains control over his or her personal information. When we view the fact of making information public as diluting any privacy interests in such information, we ignore the true privacy ramifications of posting information via a SNS. SNSs are about more than simply connecting with others; they are rich repertoires of personal information that can be used by third parties for a number of collateral uses.
This short paper will attempt to provide a brief overview of some of the unique challenges to individual privacy posed by SNSs, of the Canadian approach to regulating privacy on SNSs and of the Office of the Privacy Commissioner of Canada’s (the “OPC”) investigation into Facebook, Inc. (“Facebook”).
The Proliferation of Social Networking Sites Top of page Table of contents
SNSs are a cultural phenomenon. Since 2004, the popularity of these sites has exploded, with millions of people around the world joining them to keep in touch with friends and family. They have had an indelible impact on the manner in which people communicate.
Today, social networking accounts for 11 percent of all time spent online in the United States.Footnote 3 Popular SNS Facebook now claims over 400 million users.Footnote 4 As of December 2009, one in four of all Internet pages viewed in the United States was a page from the more popular SNSs. As of December 2009, Twitter was processing more than one billion tweets per month; that number exceeded 1.2 billion in January 2010 with an average of approximately 40 million tweets per day. Popular SNS MySpace saw its user base shift towards a younger audience in 2009, with people aged 24 or younger comprising 44.4 percent of the site’s audience, up more than 7 percentage points from the previous year.Footnote 5 As well, SNSs are becoming more and more integrated with other services, such as personal e-mail and phone service, and there is a growing trend in users accessing SNSs via mobile platforms.
The popularity of SNSs is not just a question of numbers; they are also having a qualitative impact on users. Some users view their profiles as a tool for self-promotion, or to build self-confidence.Footnote 6 Some users use SNSs to organize groups for bands, charities, political, social and interest groups, or for commercial opportunities.Footnote 7 Even businesses are using SNSs as a way to reach out to clients and to employees.
Despite the growing popularity of these websites, they are still in their relative infancy. As well, the privacy perceptions of SNS users offer but a tiny slice of how people view privacy; even at 400 million, Facebook users comprise but 5.9% of the world’s population, hardly a representative sample.Footnote 8 Little indepth analysis has been undertaken as to the impact these sites are having on human behaviour. Only now are we seeing a rise in academic interest in SNSs in a variety of disciplines, including psychology, computer science and law.
The Privacy Concerns of Social networking Sites Top of page Table of contents
The use of SNSs raises interesting questions about our long-held views on privacy, or what it means to have a private life or a sense of “privacy”. Some academics and scholars have gone as far to proclaim that “privacy is so muddled a concept that it is of little use”, that the “concept of privacy is infected with pernicious ambiguities”, or that “the most striking thing about the right to privacy is that nobody seems to have any very clear idea what it is.”Footnote 9 Notwithstanding its definitional problems, privacy has been aptly described by the Supreme Court of Canada as a protean concept.Footnote 10 Privacy, depending on the context, has the chameleon-like ability to take on different meanings and conceptions.
Recognizing that privacy can mean different things in different contexts is helpful in discussing the privacy concerns raised by the sharing of personal information through SNSs. At first blush, privacy on SNSs poses an interesting conundrum: how can someone who willingly shares personal information with others really care about “privacy”? This apparent conundrum is rooted in a conception of privacy that tends to equate privacy with secrecy, and views what is public and private as binaries of a zero-sum relationship.Footnote 11 This more traditional conception of personal privacy seems to ignore a more pluralistic view of privacy that can include elements of knowledge and consent, access to personal information, accuracy of personal information, and control.
Privacy is a complicated notion. One thing is clear, however: personal information belongs to the individual to whom it relates. If we view an individual’s ability to control the extent to which information about them is spread or used, then arguments to the effect that privacy matters less in the context of SNSs tend to lose their clout. To be sure, individuals participate in SNSs to post or share certain information about them; but choosing to participate on a SNS does not thereby translate into a decision to relinquish all control over how personal information is used, or over who ultimately has access to such personal information.
Collateral Uses Top of page Table of contents
While the interconnected environment of SNSs may offer a number of benefits, it also raises a number of issues regarding individual privacy. SNSs create the impression that, by exploring the myriad possibilities and promises of instant communication for instant gratification, user participation is limited to a virtual environment. However, there can be very real world consequences and effects to sharing information via SNSs.
Such concerns stem largely from a lack of appreciation of the extent to which information shared by a user on a SNS can be disseminated or otherwise accessed, whether by other users of the SNS, or by non-users. Some argue that users have a number of tools at their disposal to control who can see their information, and that in any event, they are making a conscious decision to post information on a public platform. However, do users fully understand the intricate complexities of data mining? Are they fully aware of how targeted-advertising works, and what information is collected for that end? Do users fully appreciate the implications of location-based services on a SNS?
The truth is that information posted by a user on a SNS can be used for more than just connecting with other users. SNSs are a rich repository of information that can be accessed and used to generate ad revenue, to determine a user’s location, to inform hiring decisions, to allow rogue marketers to cull coveted data, or to create sensitive profiles once mashed with other available information.
There a number of collateral uses for personal information on a SNS. Such uses include targeted advertising and allowing third-party applications to offer services to users. Other less obvious uses result when user information is accessed by others outside the user’s trusted network, including current or potential employers, recruitment agencies, co-workers, competitors, plaintiffs or defendants in civil litigation,Footnote 12 businesses to determine credit worthiness, banks to find out more about their customers, businesses to find out what people are saying about them,Footnote 13 and government and law enforcement agencies.Footnote 14 Finally, there are a number of outright nefarious uses for such information, including identity theft, matching information with other information to determine whereabouts, or sending along viruses or other malicious programs.
Many of these consequences have to do with lack of individual awareness or responsibility; individuals on SNSs sometimes share too much information, information that can sometimes be sensitive or confidential in nature. However, unlikely third parties can scour user profiles to glean more information about users by matching seemingly innocuous information to other available information. Indeed, there are very real world consequences to such collateral uses. For example, victims of real world burglaries could have insurance claims rejected if they reveal that they weren't at home on a SNS.Footnote 15 A website has even been dedicated to raise awareness of the dangers of individuals posting information about where they are on a SNS.Footnote 16 Users need to be aware that SNSs are not necessarily a closed environment surrounded by a completely impermeable membrane.
The Need to Properly Appreciate the Rules of the Game Top of page Table of contents
The dissemination of personal information online has made privacy something rather complicated that needs to be explained. For example, SNSs provide not only privacy policies, but some provide guides that aim to help explain to users how their personal information is used.Footnote 17
Users need to understand how their personal information will be collected, used or disclosed so that they may give fully informed consent. Indeed, certain statutes, such as Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”),Footnote 18 impose an obligation on SNSs to do so. The issue of fully informed consent becomes all the more important where minors and adolescents are concerned.
Individual Control Top of page Table of contents
Control of personal information is a fundamental issue related to privacy on SNSs. The notion of controlling one’s personal information is key to preserving privacy, and is deeply intertwined with personal autonomy, freedom of thought and speech, and liberty of movement and assembly. Losing control over one’s information has been described in certain contexts as a phenomenon of “data divestiture”.Footnote 21 With the rise of globalization and the facility with which information can be shared, personal information is being disseminated in an unparalleled manner. As a result, access to personal information is unprecedented, and any authority imposed over such information is so fragmented that the individual loses control, not only over the information itself, but over any recourse in the event of a violation of the individual’s privacy rights.Footnote 22
The reasonableness of pre-selected settings, or default settings, is at the heart of the issue of user control over personal information. If personal information belongs to the individual, to what extent should a SNS define or categorize such information? Should a SNS make the sharing of personal information to individuals outside a user’s circle of friends, or outside the SNS environment itself, as a default? Should SNSs recommend how users should share their personal information, and if so, should such recommendations be opt-out or opt-in?
As well, how long a SNS retains personal information is tied to the issue of control. A user who makes a conscious decision to no longer participate in a SNS should be satisfied that the SNS in question no longer has the ability to use his or her personal information.
The Canadian Approach to Regulating Social Networking Sites Top of page Table of contents
Canada is a federal state with shared jurisdiction between the federal government, for everything that is common or interprovincial, and the provinces and territories for more local matters. Canada’s legal regime protects privacy in a number of ways. The Canadian Charter of Rights and Freedoms,Footnote 23 Canada’s Criminal CodeFootnote 24 and a number of provincial laws protect various privacy interests. As well, like a number of industrialized nations, Canada protects the privacy rights of its citizens vis-à-vis their personal information through specific data protection legislation. Canada’s federal private sector legislation, PIPEDA, imposes obligations on entities that collect, use or disclose personal information in the course of commercial activities. Ultimately, PIPEDA aims to strike a balance between a business’ need to use personal information to offer services and products, and an individual’s right to control how his or her personal information is used by that business.
PIPEDA is a unique statute; it is the only federal statute in Canada to wholly incorporate a voluntary Model Code regarding the protection of personal information,Footnote 25 and makes parts of that Model Code mandatory. It incorporates the principles of: (i) accountability; (ii) identifying purposes; (iii) consent; (iv) limiting collection; (v) limiting use, disclosure and retention; (vi) accuracy; (vii) safeguards; (iix) openness; (ix) individual access; and (x) challenging compliance. As a principle-based statute, PIPEDA has proven to be remarkably technology-neutral and continues to be relevant in the face of newer technologies not contemplated at the time it was enacted.
Regulating privacy on SNSs poses very unique challenges under PIPEDA. First, SNSs operate on the ether of the worldwide web, which brings into play a number of questions related to jurisdiction. PIPEDA, however, can apply to a foreign-based organization where there is a real and substantial connection to Canada.Footnote 26 Second, because of the patchwork of different national legislation and instruments regulating privacy, SNSs can be tempted to develop their sites in jurisdictions with less stringent privacy protections, to then have them targeted at individuals in Canada. Third, on Internet-based SNSs, users largely decide what information they wish to share and voluntarily provide such information. Finally, as already alluded to above, SNSs are in constant flux and are regularly updated and modified. Despite these challenges, PIPEDA continues to regulate SNSs that use the personal information of Canadians in the course of commercial activities.
Compliance with PIPEDA is overseen by Canada’s Privacy Commissioner, Jennifer Stoddart. The Privacy Commissioner is akin to an ombudsperson, and seeks to mediate disputes between individuals and organizations vis-à-vis issues related to personal information. The Privacy Commissioner also aims to educate and to advocate on behalf of individuals on a host of issues related to privacy. Indeed, her Office regularly provides information to individuals on the privacy implications posed by novel technologies, including SNSs.
As part of her mandate of ensuring organizations comply with their privacy obligations under PIPEDA, the Privacy Commissioner regularly receives complaints from individuals who feel their privacy rights have been compromised, including complaints against SNSs. One notable example of an investigation under PIPEDA involving a SNS is the OPC’s investigation into a number of allegations made against the popular SNS, Facebook.
The OPC’s Investigation Into Facebook Top of page Table of contents
In May 2008, representatives of the Canadian Internet Policy and Public Interest Clinic (“CIPPIC”) filed a multi-faceted complaint with the OPC against Facebook on a range of topics, including default privacy settings, collection and use of users’ personal information for advertising purposes, disclosure of users’ personal information to third-party application developers, and collection and use of non-users’ personal information. Following an investigation that lasted nearly a year, Assistant Privacy Commissioner Elizabeth Denham issued a preliminary report of findings, which contained a number of recommendations for Facebook. Following Facebook’s response to this preliminary report, the Assistant Commissioner released her final report of findings, which represented the culmination of the OPC’s investigation and consultations with Facebook in respect of the CIPPIC complaint.Footnote 27
While the complaint CIPPIC filed with the OPC comprised 24 allegations ranging over 12 distinct subjects, the central issue in CIPPIC’s allegations concerned knowledge and consent, and user control. Consequently, the OPC’s investigation was largely focused on whether Facebook was providing users with sufficient knowledge for them to exercise meaningful consent, by documenting its purposes for collecting, using, or disclosing personal information, by bringing such purposes to users’ attention in a reasonably direct and transparent way, and by ensuring users retained a measure of control over their personal information.
With respect to four of the allegations, the Assistant Commissioner found no evidence of any contravention of PIPEDA and concluded that the allegations were not well-founded. These allegations included that Facebook was misrepresenting and being deceptive about how it used personal information, and was failing to adequately protect the personal information of users of its Facebook Mobile platform.
Resolved Issues Top of page Table of contents
Four of the allegations made by CIPPIC centered on Facebook’s collection of date of birth information, Facebook’s default privacy settings, the use of user information for advertising and Facebook’s monitoring for anomalous activity on its site. The Assistant Commissioner found these allegations well-founded, but that proposed corrective measures suggested by Facebook would bring it in line with its obligations under PIPEDA.
With respect to Facebook’s collection of date of birth information, the Assistant Commissioner was of the view that it was appropriate for Facebook to collect date of birth as a condition of service, since Facebook’s purposes for doing do were to protect the safety of minors and to ensure that users used their real identities to lessen the incidence of inappropriate content and behaviour. However, she was also of the view that Facebook could better explain its purposes for doing so, and recommended that Facebook clearly explain to users the reasons for collecting date of birth and how it may be used.
The Assistant Commissioner was of the view that default privacy settings on Facebook are acceptable as long as they meet users’ reasonable expectations. However, she found that photo albums being available by default to everyone, or the fact that users could be searchable by search engines by default, were not reasonable settings. The Assistant Commissioner noted that while users voluntarily upload personal information for the purpose of sharing it with others, they were not provided with sufficient information with respect to how privacy settings are defaulted or the implications of not modifying defaulted settings. Facebook ultimately committed to make changes to its privacy settings by allowing users to choose a high, medium, low setting and to introduce a per-object privacy that would allow users to choose privacy settings.
With respect to the issue of advertising on Facebook, the Assistant Commissioner made a point to distinguish between Social Ads and Facebook Ads.Footnote 28 In her view, Facebook had a different business model from more traditional organizations; Facebook is free to users but not to Facebook, and since Facebook needed advertising revenue in order to provide its service, users must be willing to receive a certain amount of advertising. However, she was also of the view that Facebook could do more to fully explain the role of advertising, the differences between Facebook Ads and Social Ads, and that profile information could be used for targeted advertising purposes. Facebook agreed to describe advertising more clearly and to configure its systems to allow users to more easily find information about advertising.
Since these well-founded allegations were deemed to be resolved on the basis of corrective measures to be introduced by Facebook, the Assistant Commissioner notified Facebook that the OPC would follow up after 30 days to verify implementation of the proposed corrective measures.
Outstanding Issues Top of page Table of contents
By the time the Assistant Commissioner issued her final report, the Assistant Commissioner concluded that four allegations were well-founded, and since Facebook had not agreed to adopt her preliminary recommendations with respect to these outstanding issues, Facebook was in contravention of PIPEDA. These “well-founded” issues included the use of user information by third-party applications, account deactivation and deletion, accounts of deceased users, and the use of non-users’ personal information.
The most significant of these issues related to the access by third-party applications to user information. In a more traditional business context, an organization may disclose the personal information of customers to third parties under defined terms and conditions, provided they have those customers’ knowledge and consent. With respect to third-party applications on Facebook, users were effectively inviting the application’s developer to retrieve information about them, and sometimes their friends, from Facebook’s database. The Assistant Commissioner found that Facebook had inadequate safeguards to effectively restrict developers from accessing users’ profile information, and that Facebook was not obtaining users’ meaningful consent to the disclosure of their personal information to application developers. Facebook was asked to implement measures to limit application developers’ access to user information not required to run a specific application, to ensure users were informed of the specific information an application required and for what purpose, and to prohibit all disclosure of the personal information of users who were not themselves adding an application.
The Assistant Commissioner also found that, while the process users had to follow in order to either deactivate or delete an account were explained on the site, these two options were not explained on the same part of the site, potentially causing users to believe that deactivation was their only option. As well, Facebook was retaining personal information from deactivated accounts indefinitely. The Assistant Commissioner recommended that Facebook develop, institute and inform users about a retention policy with respect to deactivated accounts, and as a best practice, make the account deletion option more prominent for users.
The Assistant Commissioner asked Facebook to implement measures to improve its invitation feature so as to address her concerns about non-users’ lack of knowledge and consent to Facebook’s collection, use, and retention of their email addresses, and to set a reasonable time limit on the retention of non-users’ email addresses after they have been invited to join Facebook.
The Future of Protecting Privacy on Social Networking Sites Top of page Table of contents
The OPC’s investigation into Facebook helped shed light on a number of privacy concerns raised by SNSs and by the sharing of information on the Internet generally. However, as noted above, SNSs are in a constant flux of evolution; for example, the Facebook of today looks much different than the Facebook of 2008.
New challenges to protecting privacy on SNSs will undoubtedly arise in the future. The rise in location-based services, cloud computing, and virtual online games played via SNS platforms will raise a whole host of issues related to the collection of personal information to track and monitor habits, activities, physical location and personal connections for marketing or other purposes. Certainly, new advances in technology will continue to test more traditional, or binary, conceptions of privacy.
Conclusion Top of page Table of contents
Viewing privacy as a pluralistic concept helps us understand why privacy remains as important as ever, even in the context of SNSs. Privacy in the context of SNSs makes more sense when it is viewed as a matter of individual consent and control. Ultimately, users need to understand the rules of the SNS game: What are they being asked to give up in order to participate? How is what they are giving up going to be used, and who gets to see it at the end of the day?
The public outcry following the launch of Facebook’s News Feed feature, or of Google Buzz, are prescient anecdotes showing that individuals still care about privacy in a social networking context and that they thirst to understand how their information will be used or shared with others. In his book entitled “The Future of Reputation”, Daniel Solove notes that:
Part of the solution depends upon how social norms develop with regard to privacy. The law’s function is to lurk in the background, to ensure that people know that they must respect confidentiality or the privacy even of people in public. In the foreground, however, norms will largely determine how privacy shall be protected in the brave new online world.Footnote 30
One of the greatest challenges ahead will be setting out the metes and bounds of the social norms that govern the respect for privacy on SNSs, or on the Internet in general. Are SNSs having the effect of making users more acutely aware of what it means to protect their privacy online, or are they having the effect of making users care less about privacy? Or is it that users are now thinking about privacy differently?
Despite various comments regarding the state of privacy on SNSs, organizations that operate SNSs are now recognizing the significance of ensuring users have full control over their personal information. In a recent commentary written in Forbes Magazine,Footnote 31 Google’s Privacy Engineering Lead declared that “[p]rivacy is alive and well”. She noted that “control means choice and transparency”, and that “[w]ith transparency, users should know what information we collect when they use our products and services, why we collect it and how we use it to improve the overall experience. If we fail to provide choice and transparency, we fail to provide real control. And with no control, our users will simply leave”.
We are only beginning to develop the appropriate rules of engagement in this new era of online communication. Ultimately, privacy as a fundamental personal right, which includes the ability to control how one’s personal information is used, can co-exist with our willingness to share personal information on SNSs.