The Office of the Privacy Commissioner of Canada has found that some of Facebook's most popular features -- including third-party applications and the tagging of photos with names and email addresses -- violate the data protection principles of Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). Those principles require organizations that use the personal information of Canadians to, inter alia, implement procedures to protect such information; identify the purposes for which it is collected; collect and retain it only where necessary for these purposes; and obtain the data subject's consent prior to its "collection, use, or disclosure." In its report, the Privacy Office found that Facebook failed to abide by these principles, citing several unresolved violations of PIPEDA. The Office stated that it would reassess Facebook's compliance with PIPEDA and the report's recommendations in 30 days. Along with a recent EU Article 29 Data Protection Working Party opinion (on which we previously reported) advising all social networking sites that handle the personal data of EU residents that they must comply with the EU Data Protection Directive, this report indicates that the increasing scrutiny of social networking sites' data protection policies around the world could force significant changes in the way such sites operate.
© Copyright 2009 Steptoe & Johnson LLP
No comments:
Post a Comment