Facebook's changes in response to an investigation last year meet the expectations of Canadian privacy law, the federal privacy commissioner says, but there is still room for improvement.
Last year's investigation by the Office of the Privacy Commissioner of Canada resulted in "many significant changes," said Commissioner Jennifer Stoddart in a statement Wednesday.
In particular, the probe raised concerns about the way users' private information was being shared with third-party developers who create games, quizzes and other applications on the social networking site.
"Facebook has since rolled out a permissions model that is a vast improvement," Stoddart said.
As of last June, applications must inform users what kind of personal information they require in order to run and must ask for consent to use that data. In addition, by default, applications can only access the public parts of a user's profile if they have been given explicit permission from the user to access private sections of the account.
How do you feel about Facebook's new privacy settings? Take our poll.
Stoddart said the commission is also pleased that Facebook has developed "simplified privacy settings" and now allows users to choose different privacy levels for each photo or comment they post. That feature was launched in December.
However, she cautioned that the office is satisfied only with the changes made in response to the 2009 investigation, and "there is still room for improvement in some areas."
In particular, the office:
- Has asked Facebook to keep improving its oversight of application developers and to better educate them about their privacy responsibilities.
- Warned Facebook against expanding the categories of user information made available to everyone on the internet and which users cannot control through privacy settings.
- Recommended that Facebook make its default privacy settings for photo albums more restrictive.
Probe into invitation and 'like' features
In addition, the office has launched a new investigation about complaints received since January about Facebook's invitation feature and its "like" buttons on other websites. Another complaint it began investigating in January about new default settings implemented in December has since been withdrawn.
Stoddart's comments outlined the findings of a review of changes made by Facebook following a complaint made against the social networking site in 2008.
In July 2009, after an investigation, the privacy commissioner's office announced that Facebook continued to breach Canada's Personal Information Protection and Electronic Documents Act in four areas. A month later, it announced it would give Facebook one year to comply with privacy laws.
Stoddart thanked the Ottawa-based Canadian Internet Policy and Public Interest Clinic for bringing the original concerns forward and Facebook for its co-operation.
She reiterated, however, that Facebook users also need to take responsibility.
"The investigation has led to more privacy information and improved privacy tools," she said. "Facebook users should take advantage of those changes."
An earlier version of this story stated incorrectly that a new investigation was launched in January into Facebook's invitation feature and its "like" buttons on other websites. In fact, the January investigation, about default settings, was withdrawn, and the complaints about the invitation feature and the "like" buttons were received since January.Sep 23, 2010 8:40 AM ET