Protecting privacy in a nation of Facebook addicts

Saying Canadians are addicted to Facebook isn’t an exaggeration.

Download the Podcast.

Seven million Canadians have a profile on the social networking site – which means about one in five of our population uses the Web site.

In Toronto, it is even more popular. The city has one of the largest Facebook networks of any metro in the world, second only to London, England.

But Facebook also recently come under fire in Canada after an advocacy group lodged a complaint with the federal Privacy Commissioner’s office that the company violates Canada’s privacy laws. Read that story here.

On the other hand Ontario Privacy Commissioner Anne Cavoukian has been working with Facebook to promote user education. Her office has even produced a tip-sheet pamphlet (download) and will soon be releasing a video on the subject. talked to Cavoukian about her strategy towards keeping Canadians privacy safe on Facebook.

Social networking sites create a strange situation where people are volunteering information about themselves to the public domain. What sort of challenges has this new phenomenon created for your office?

The biggest challenge is that people, especially younger people, seem to have this view that they can control who has access to the information they post on their profiles. They think it will only go out to the friends [they] enumerate on [their] profile. The reality is…you can’t place the kind of walls that people mistakenly believe you can place.

We caution people that the best way to protect your privacy is to minimize the amount of sensitive information you put out there. Information might be used in unflattering ways or to embarrass you. We call that data minimization – that means just minimizing the about of identifying data you put out there about you.

In the past, we had correlates to social networking. It was just meeting people and giving them your phone number, you know, the old-fashioned way.

The difference is that you could do that and safely assume that a few more people might get this information, but not hundreds or thousands at a key stroke. When you put [your information] online, you’re making it available not just to friends but to legions of other people. You have to accept that there are people lurking out there, predators who will do you harm.
I know that sounds like an exaggeration, but we’ve seen this take place. I’m always cautioning people who use social networks. So many people love them. People who travel far away use them to keep touch in each other and find friends they had in high school. Keep in mind what can happen if someone unauthorized gets their hands on this information.

If someone gets a copy of it, would that cause harm to you? Always keep that in the back of your mind when you post.

Your office has been working with Facebook on a user education project. What new things are happening with this?

We’ve just produced a new video. Hot off the press, a short video we’ve produced with Facebook. Even with our tip sheet, which people think is very good, you’ve got to read it and sit and do it. The biggest problem is not the absence of privacy controls on Facebook, but it’s driving the message out to people. Getting them to go to the privacy settings and getting them to decide what to do.

In all of my talks, I never tell people what to do. I just ask that you turn your mind to the privacy settings and make a decision. Don’t just go on automatic pilot and do nothing. So the Facebook video that we’ve produced is just for that purpose. It’s to educate the public on how to protect your privacy on Facebook and we walk you through it. So it’s as easy as it’s going to get.

Why do you think that this strategy of user education is the best approach to protecting your privacy on Facebook?

It’s the best strategy towards protecting your privacy, period. In this busy day and age, everyone is running on warp speed, everyone is so busy, and they just don’t have the time to educate themselves, to read, and to delve into the granularity you need to protect yourself.

My office has a mandate to educate the public.  That’s part of my responsibility, and I take it very seriously. With this area that intersects with youth as well as businesses, we’re very serious about working with the Department of Education here in the province, with school boards, with universities, to drive the message out and make sure they use these social networks responsibly.

Certainly, we want to get the benefit out of them, because everyone is on them. But doing that as safely as possible and that means protecting your privacy.

Your office is taking a different approach to the federal Privacy Commissioner’s Office, which has launched an investigation into whether or not Facebook is breaching Canadian privacy law.
My understanding is that they received a complaint from an advocacy group. When you receive a complaint, and I’ll tell you as a regulator myself – if we get a complaint from the public, we investigate that complaint. We got a complaint from Privacy International a short while a go and we investigated that complaint relating to the Toronto Transit Commissioner.

So I understand the federal commissioner’s office investigating this complaint because that is what they’re required to do. It’s within their jurisdiction, they have jurisdiction of private sector companies. They got this complaint and they’re obligated to investigate.

Let’s say they do find that Facebook is in breach of Canadian privacy laws like PIPEDA. Could this create a difficult situation for your office, since you’re working hand-in-hand with Facebook on this issue?

Not in the least, and the reason is this: What I’m trying to do with Facebook is education the millions of users – literally I believe there are 7 or 8 million in Canada, it’s a huge number. I want to educate them to use it as responsibly as possible, protecting their privacy to the max. I think that’s a very important thing to do.

I’m not analyzing whether it’s in compliance with the federal private sector law, which is in the jurisdiction of the federal Privacy Commissioner. My angle is very different. I’m educating the public to make their privacy as strong as possible if they choose to use this social network.

What the federal commissioner will do is make a ruling on whether or not it is in compliance with the federal private sector law. If she finds breaches, she’ll tell Facebook accordingly, and I’m sure Facebook will make adjustments to be in compliance with the law. Whichever way they go, I welcome them doing this, this is in their jurisdiction.

I will continue to do what I’ve been doing in terms of educating the public in terms of what privacy controls are available on Facebook now, and how they can use these controls to maximize their privacy. My goal has always been to maximize people’s understanding of privacy measures and use of those measures, so they can get the most privacy that is possible.

Share on LinkedIn Share with Google+
More Articles