Feeds

Canucks crack whip on Facebook privacy

Death becomes your profile

Choosing a cloud hosting partner with confidence

Facebook has vowed to overhaul how personal information is shared with third-party applications after Canada's privacy Czar scolded the social website for its promiscuous policies.

The site has also agreed to retrofit its privacy terms to better explain why Facebook collects personal data, make the distinction between deactivating versus deleting an account more clear, and provide consent to have profiles "memorialized" after death.

The changes - which are to be rolled out over the next year - were spurred by an investigation from the office of Canada's Privacy Commissioner found that Facebook's data handling was in violation of Canadian law.</p

"This is extremely important. People will be able to enjoy the benefits of social networking without giving up control of their personal information. We're very pleased Facebook has been responsive to our recommendations," Privacy Commissioner Jennifer Stoddart said in an statement.

Stoddart said last July that she gave Facebook a 30-days ultimatum to respond to the Office's privacy concerns, and she's now satisfied with Facebook's proposed fixes.

Scrabble is watching you

The Canadian privacy squad's biggest beef with Facebook was privacy risks involved with the site's inadequate safeguards to restrict third-party Facebook app developers from accessing users' personal information.

"Application developers have virtually unrestricted access to Facebook users' personal information. The changes Facebook plans to introduce will allow users to control the types of personal information that applications can access," Stoddart said.

Under a new permissions model, a user can control which categories of personal information an application can access. Devs must also provide a link detailing how the information will be used.

Facebook said the new model requires "significant technological changes" and will need an entire year to get the new process running.

The company warned app developers that the changes will likely require modifications to their code base and promised to give ample warning ahead of time.

"A significant part of our roll out plan will involve educating users about why they should allow applications access to their information and their friends'" Facebook Platform chief Ethan Beard said in the developer blog. "We plan on providing users with examples of ways applications utilize their data to create great social experiences. This should result in better informed users who are more eager to engage with applications on Facebook."

Deactivation rectification

Canada's second demand was to make it clear to users they have a choice between deleting and deactivating their account. The distinction will be explained on the redone privacy policy and users will receive a notice about the delete option during the deactivation process.

"We determined the company's approach — providing clarity about the options, offering a clear choice, and alleviating the confusion — is acceptable because it will allow users to make informed decisions about how their personal information was handled," the Commissioner's office stated

Facebook said data for deactivated accounts is retained indefinitely, but data on deleted accounts is removed within two weeks.

Difference between mostly dead and all dead

Another point was to begin informing users what happens to their account in the event of their death. ("Look upon my 'Which Family Guy character are you' quiz results, ye Mighty, and despair.")

"People should have a better way to provide meaningful consent to have their account 'memorialized' after their death. As such, Facebook should be clear in its privacy policy that it will keep a user's profile online after death so that friends can post comments and pay tribute," the office said.

Facebook also agreed to add information in its terms of use on how data of non-users are handled. The website confirmed to the office that it does not use email addresses to track the success of its invitation feature, nor does it maintain a separate address list for that purpose.

"With the conclusion of the Facebook investigation, our Office has made clear our expectations for how social networking sites need to protect personal information," stated Assistant Commissioner Elizabeth Denham. "Other sites should take note — and take steps to ensure they're complying with Canadian law." ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
YARR! Pirates walk the plank: DMCA magnets sink in Google results
Spaffing copyrighted stuff over the web? No search ranking for you
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
Apple SILENCES Bose, YANKS headphones from stores
The, er, Beats go on after noise-cancelling spat
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.