This article is from the source 'nytimes' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at https://www.nytimes.com/2019/04/25/technology/facebook-canada-privacy.html

The article has changed 4 times. There is an RSS feed of changes available.

Version 0 Version 1
Canada Says Facebook Broke Privacy Laws Canada Says Facebook Broke Privacy Laws with ‘Superficial’ Safeguards
(about 1 hour later)
Facebook’s weak privacy safeguards prevented it from protecting the personal data of millions of users, a serious failing that the company has acknowledged but refused to fix, Canadian regulators said on Thursday. Facebook’s weak privacy protections exposed the personal data of millions of users, a serious failing that the company has acknowledged but refused to fix, Canadian regulators said on Thursday.
An investigation by the privacy commissioner of Canada and the information and privacy commissioner for British Columbia found that Facebook violated national and local laws in allowing third parties access to private user information. An investigation by the privacy commissioner of Canada and the information and privacy commissioner for British Columbia found that Facebook violated national and local laws in allowing third parties access to private user information through “superficial and ineffective safeguards and consent mechanisms.”
But the company has disputed the watchdogs’ findings and ignored recommendations for how to prevent future exposure, even after its chief executive, Mark Zuckerberg, apologized last year for what he called a “major breach of trust” in the Cambridge Analytica data harvesting scandal, the regulators said. But Facebook has disputed the watchdogs’ findings, even after its chief executive, Mark Zuckerberg, apologized last year for what he called a “major breach of trust” in the Cambridge Analytica data harvesting scandal, the regulators said. The company ignored recommendations, some issued a decade ago, for how to prevent future exposure.
“The stark contradiction between Facebook’s public promises to mend its ways on privacy and its refusal to address the serious problems we have identified or even acknowledge that it broke the law is extremely concerning,” said Daniel Therrien, who heads the federal privacy watchdog, at a news conference in Ottawa on Thursday. “There’s a significant gap between what they say and what they do,” said Daniel Therrien, who heads the federal privacy watchdog, at a news conference in Ottawa on Thursday.
Canada needs stronger privacy laws and more authority to inspect and fine companies, officials said. Facebook did not immediately respond to a request for comment. The regulators, who have limited power to force Facebook’s compliance, plan to take the company to a Canadian federal court. The court, which focuses on regulatory issues and lawsuits against the government, may impose fines.
But Mr. Therrien said that “historically there have been very small penalties — in the tens of thousands of dollars.” He pushed for stronger privacy laws in Canada and more authority for regulators to inspect and penalize companies.
[Facebook said on Wednesday that it expected to be fined up to $5 billion by the Federal Trade Commission over privacy violations.][Facebook said on Wednesday that it expected to be fined up to $5 billion by the Federal Trade Commission over privacy violations.]
The two privacy commissioners repeatedly said during the news conference that they need the power to issue orders to Facebook and other social media companies.
“They told us outright that they do not agree with our legal findings,” Mr. Therrien said. “I find that absolutely untenable that a company can tell a regulator that it does not respect its findings.”“They told us outright that they do not agree with our legal findings,” Mr. Therrien said. “I find that absolutely untenable that a company can tell a regulator that it does not respect its findings.”
Mr. Therrien said the two privacy offices will ask a Canadian federal court to order Facebook “to change its practices so that it complies with the law.” The court, which mostly focuses on regulatory issues and lawsuits against the government, may also impose fines but Mr. Therrien said that “historically there have been very small penalties in the tens of thousands of dollars.” Facebook did not immediately respond to a request for comment. Regulators said the company refused to allow audits of its privacy procedures over the next five years.
Pressure is increasing on Facebook from regulators in a number of countries.
On Thursday, Ireland’s Data Protection Commission said it opened an investigation into Facebook after being told by the company that hundreds of millions of user passwords were stored in plain-text format on its internal servers. On Wednesday, Facebook said that it expected to be fined up to $5 billion by the Federal Trade Commission for privacy violations.
In Canada, Mr. Therrien called for new laws that would allow his office to regularly examine the privacy practices of Facebook and other social media companies without waiting for a public complaint.
The complexity of Facebook’s systems and the company’s general opaqueness, he said, make it likely that users are unaware that the company is violating their privacy or breaking Canadian laws.
The Canadian investigation was launched following reports last year that Cambridge Analytica, a political data firm hired by President Trump’s 2016 election campaign, gained access to personal data on up to 87 million Facebook users. Some 622,000 Canadians may have been affected, according to the regulators.
The unauthorized access could have been avoided or alleviated if Facebook followed recommendations issued in 2009 after a similar investigation by the federal privacy commissioner, the regulators said.