• Embed Doc
  • Copy Link
  • Readcast
  • Collections
  • CommentGo Back
Download
 
REPORT OF FINDINGSINTO THE COMPLAINT FILED BY THECANADIAN INTERNET POLICY AND PUBLIC INTERESTCLINIC (CIPPIC)againstFACEBOOK INC.UNDER THEPERSONAL INFORMATION PROTECTION ANDELECTRONIC DOCUMENTS ACTBYELIZABETH DENHAMASSISTANT PRIVACY COMMISSIONERof CANADAJuly 16, 2009
 
TABLE OF CONTENTS
EXECUTIVE
SUMMARY 3
COMPLAINT 5INTRODUCTION 6SECTION
1
-Collection of Date and Birth 10
SECTION
2 - Default Privacy Settings 19
SECTIONS-
Facebook Advertising 30
SECTION
4-Third-Party Applications 39
SECTION
5- New Uses of Personal Information 58
SECTION
6- Collection of Personal Information from SourcesOther than Facebook 60
SECTION
7(a)- Account Deactivation and Deletion 61
SECTION
7(b) - Accounts of Deceased Users 68
SECTIONS-
Personal Information of Non-Users 74
SECTION
9- Facebook Mobile and Safeguards 83
SECTION
10-Monitoring for Anomalous Activity 90
SECTION
11 - Deception and Misrepresentation 94
SUMMARY OF CONCLUSIONS 95APPENDIX A 97APPENDIX B.... 110
 
Executive Summary
The ComplaintThe complaint against Facebook by the Canadian Internet Policy and Public InterestClinic (CIPPIC) comprised 24 allegations ranging over 11 distinct subjects. Theseincluded default privacy settings, collection and use of users' personal information foradvertising purposes, disclosure of users' personal information to third-party applicationdevelopers, and collection and use of non-users' personal information.The IssuesThe central issue in CIPPIC's allegations was knowledge and consent. Our Officefocused Its investigation on whether Facebook was providing a sufficient knowledgebasis for meaningful consent by documenting purposes for collecting, using, ordisclosing personal information and bringing such purposes to individuals' attention in areasonably direct and transparent way. Retention of personal Information was an issuethat surfaced specifically in the allegations relating to account deactivation and deletionand non-users' personal information. Security safeguards figured prominently in theallegations about third-party applications and Facebook Mobile.Findings and ConclusionsOn four subjects
(e.g.,
deception and misrepresentation, Facebook Mobile), theAssistant Commissioner found no evidence of any contravention of the PersonalInformation Protection and Electronic Documents Act (the Act) and concluded that theallegations were not well-founded. On another four subjects
(e.g.,
default privacysettings, advertising), the Assistant Commissioner found Facebook to be incontravention of the Act, but concluded that the allegations were well-founded andresolved on the basis of corrective measures proposed by Facebook in response to herrecommendations,On the remaining subjects of third-party applications, account deactivation and deletion,accounts of deceased users, and non-users' personal information, the AssistantCommissioner likewise found Facebook to be in contravention of the Act and concludedthat the allegations were well-founded. In these four cases, there remain unresolvedissues where Facebook has not yet agreed to adopt her recommendations. Mostnotably, regarding third-party applications, the Assistant Commissioner determined thatFacebook did not have adequate safeguards in place to prevent unauthonzed access byapplication developers to users' personal information, and furthermore was not doing
of 00

Leave a Comment

You must be to leave a comment.
Submit
Characters: ...
You must be to leave a comment.
Submit
Characters: ...