David Fewer
Canadians have whole-heartedly embraced online social networking services. Facebook, the most popular such service in Canada, boasts over 12 million Canadian accounts. But Facebook is not Canadian: like many popular social networking services, Facebook originates in the United States. Social networking services typically permit users to share personal information with friends and colleagues, but also permit, and even promote, sharing with marketers and even the open Internet. Facebook, accordingly, has significant privacy implications. Given the differences between privacy laws in Canada and the United States, the question arose: Do Facebook’s privacy practices respect Canadian law?
In early 2008, the University of Ottawa’s technology law clinic, the Samuelson-Glushko Canadian Internet Policy and Public Interest Clinic (CIPPIC), concluded that Facebook’s privacy policies and practices did not meet the requirements of Canada’s privacy laws, and, as a result, filed a complaint with the Privacy Commissioner of Canada. On July 16, 2009, the Commissioner released her findings, concluding that Facebook violated Canada’s laws in eight respects, and required Facebook to amend its practices. The finding garnered global attention for CIPPIC, Facebook and the Privacy Commissioner as it marked the first time that a privacy authority had assessed the compliance of social networking sites with privacy laws.
The decision marks a turning point for all social networking services, as the Privacy Commissioner has signaled the need for social networks to provide transparency and clarity and to respect Canadians’ privacy rights. The findings also signal an endorsement of the excellent work of the University of Ottawa law students who worked so hard to investigate Facebook’s practices, analyze the application of the law and frame the complaint.