ius and bits

With a press release dated May 12 's Art 29 Working Party, which is the group of European privacy Authority, wrote a letter to Facebook expressing it as unacceptable behavior of the company that changed the default settings in the user's expense.

In fact, this action of Art. WP 29 is directly connected to the commitment assumed by the social network provider that the February 10, 2009 signed in Luxembourg on the principles (no. 8) on social networks in Europe. The WP has stressed the necessity of a default, in which access to profile information and connection information of a user is limited to the selected contacts. All other access, such as search engines, must be - it stresses - an express choice of the user.

The Art Group. 29 has already spoken on social networks with a comprehensive document published by me in two posts: one here and another here .

What will happen again on the front privacy and social networks?

Another change the privacy policy of Facebook. The new Italian text is available here .

It is extremely interesting content of the report of 16.07.2009 (for the document in pdf click here ) written by Elizabeth Denham, who is "Assistant Privacy Commissioner of Canada ', at' Of fice of the Privacy Commissioner , after a complaint against Facebook Inc. for alleged violation of privacy.

The complaint was brought by CIPPIC (Canadian Internet Policy and Public Interest Clinic) and consists of 24 reasons articulated accused in 12 separate topics. In summary with the complainant referred to the default privacy settings, the collection and use of personal information for advertising purposes, the disclosure of personal information to third-party application developers, the collection and use of information-not personal users.

Key topics of that complaint was the failure to comply with Facebook's knowledge and consent for the user. The Canadian office for privacy has conducted the survey in order to see if Facebook provides users with adequate information concerning the purposes for collection, use, or disclosure of personal information, and if this had been taken to conduct transparent.

The report in question ends with three different solutions:

1. reasons and arguments unfounded with regard to new uses of personal information, collecting personal information from sources other than Facebook, Facebook Mobile and safe, and fraud and misrepresentation;
2. reasons and arguments derived and solved using the proposed corrective measures to Facebook (with a check after 30 days) with reference to the collection date of birth, the default privacy settings, advertising and monitoring for unusual activity;
3. reasons and arguments based and not resolved (with proposed recommendations): with reference to third-party applications, to disable and delete the account, the accounts of users who have died, and personal information of non-users.

With regard to the last point (the 3) based on the subjects and not resolved, the Canadian Bureau for privacy has turned to Facebook, the following recommendations for implementing measures:

(Third-party applications)

a) to restrict access to information for developers of applications that users are not required to perform a specific application;

b) users should be informed in any case-specific information that an application requires it and for what purpose;

c) should be required in every case, the explicit consent of users around the developers' access to information;

d) or prohibit any disclosure of personal information of users who are not themselves to be added to an application.

(Deactivation and deletion)

Developments that Facebook, establishing, and informs users of a data retention policy in which the personal information of users who have deactivated their accounts will be deleted from Facebook servers after a reasonable period of time.

(User accounts deceased)

Facebook, which includes in its privacy policy in the context of all the intended uses of personal data, an explanation of the intended use of personal information in order to leave the account in memory of deceased members.

(Personal information of non-users)

a) that Facebook will review and put in place measures to improve its use, post the lack of knowledge and consent of non-users to collect, use and retention of their e-mail from Facebook;

b) that Facebook imposed a reasonable time limit on the retention of email addresses of non-users in order to track proposals for the invitation and its acceptance.

That said, with a post of August 27 published in the Press Room and additional notes published on the blog, Facebook announced changes in its privacy policy following the intervention of the "Canadian Privacy Commissioner." In essence, the complaint and the subsequent provision of the guarantee took effect for Canadian users.

As mentioned at the beginning, this report shows interesting with regard to many aspects of privacy that may be present on social networking platforms. In the European context is certainly important document highlighted the art. 29 WP recently adopted that has been shown in two separate post, and specifically here and here .

However, it is sufficient to reach the Facebook page that regards the privacy to read, among other things,

Participation in the EU Safe Harbor Program

Facebook joins the EU Safe Harbor Privacy Framework program developed by the Ministry of Commerce of the United States. By virtue of its membership, the Web site refers to TRUSTe dispute resolution relating to compliance, our part of the Safe Harbor Privacy Framework. If you have complaints about our compliance to advance to the Safe Harbor, visit our Help Center . If this report will prove to be unsuccessful, you can submit your complaint with TRUSTe at http://www.truste.org/users/users_watchdog_intro.html .

This confirmed that the Facebook servers are in USA where also is the treatment of personal data.

Furthermore, with regard to the privacy of their account profiles, under the same conditions reads:

Changing or Removing Information

The editing tools allow the profile to access most personal information on Facebook and change quickly. Each Facebook user may edit or remove any profile information at any time by logging into your account. Information will be updated immediately. Anyone wishing to deactivate their Facebook account may do so from the page My Account . It is possible that the removed information remain stored in backup copies for a period of time, but generally will not be available to members of Facebook.

When using communication services to share information with other users on Facebook (for example, when you send a personal message to another user), however, is not possible to remove these types of communications.

On the amendment of the information, this information "is information that can be removed remain stored in backup copies for a period of time, but generally will not be available to members of Facebook." Occur very generic place that is not specified the duration the "period of time."