A triumphant Jennifer Stoddart, Canada’s Privacy Commissioner came out this morning and said that Facebook agreed to make changes to its privacy policy within a year. The following changes are being touted:
- Denying third-party application developers access to user information without the user’s express consent in each of the categories the applications wants to access (currently, a user clicks just one button and the application can access all info regardless of whether or not it needs it);
- Giving users the opportunity to provide meaningful consent to retain profile pages after their death (currently there is no such provision that I know of);
- Add information about the privacy of non-users;
- Allow users the option of deleting accounts and all information associated with the account from Facebook’s databases (currently, a user may “deactivate” their account, meaning that the info still stays on Facebook’s servers).
This is indeed a meaningful victory. However, it does raise some interesting questions. Facebook is not the only platform out there that indefinitely maintains the information of its users. Other platforms such as Myspace, twitter, countless small(er) sites such as meetmeinto and the ever expanding vacuum of information called Google.
Are the laws on privacy clear? How do they apply to non-Canadian companies? How can they be meaningfully enforced, especially outside borders? I see Facebook’s agreement to comply with laws as largely a goodwill measure. If the company wanted to dig in its heels and refuse to make any changes, what could the Privacy Commissioner have done? Let’s see if someone can answer this question.
Cross-posted on Lawyerling.ca
I am glad these kinds of privacy laws are getting cleared up and are a little more clear on what is truly being said. I think this is a great step in the privacy of the users on facebook. I wouldn’t want my information to be used without my consent, that’s for sure.