This article is from the source 'nytimes' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at https://www.nytimes.com/2019/04/25/technology/facebook-canada-privacy.html

The article has changed 4 times. There is an RSS feed of changes available.

Version 2 Version 3
Canada Says Facebook Broke Privacy Laws with ‘Superficial’ Safeguards Canada Says Facebook Broke Privacy Laws With ‘Superficial’ Safeguards
(about 1 hour later)
Facebook’s weak privacy protections exposed the personal data of millions of users, a serious failing that the company has acknowledged but refused to fix, Canadian regulators said on Thursday.Facebook’s weak privacy protections exposed the personal data of millions of users, a serious failing that the company has acknowledged but refused to fix, Canadian regulators said on Thursday.
An investigation by the privacy commissioner of Canada and the information and privacy commissioner for British Columbia found that Facebook violated national and local laws in allowing third parties access to private user information through “superficial and ineffective safeguards and consent mechanisms.”An investigation by the privacy commissioner of Canada and the information and privacy commissioner for British Columbia found that Facebook violated national and local laws in allowing third parties access to private user information through “superficial and ineffective safeguards and consent mechanisms.”
But Facebook has disputed the watchdogs’ findings, even after its chief executive, Mark Zuckerberg, apologized last year for what he called a “major breach of trust” in the Cambridge Analytica data harvesting scandal, the regulators said. The company ignored recommendations, some issued a decade ago, for how to prevent future exposure. But Facebook has disputed the watchdogs’ findings, even after its chief executive, Mark Zuckerberg, apologized last year for what he called a “major breach of trust” in the Cambridge Analytica data harvesting scandal, the regulators said. The company ignored recommendations, some issued a decade ago, for how to prevent future exposure, they said.
“There’s a significant gap between what they say and what they do,” said Daniel Therrien, who heads the federal privacy watchdog, at a news conference in Ottawa on Thursday.“There’s a significant gap between what they say and what they do,” said Daniel Therrien, who heads the federal privacy watchdog, at a news conference in Ottawa on Thursday.
The regulators, who have limited power to force Facebook’s compliance, plan to take the company to a Canadian federal court. The court, which focuses on regulatory issues and lawsuits against the government, may impose fines.The regulators, who have limited power to force Facebook’s compliance, plan to take the company to a Canadian federal court. The court, which focuses on regulatory issues and lawsuits against the government, may impose fines.
But Mr. Therrien said that “historically there have been very small penalties — in the tens of thousands of dollars.” He pushed for stronger privacy laws in Canada and more authority for regulators to inspect and penalize companies.But Mr. Therrien said that “historically there have been very small penalties — in the tens of thousands of dollars.” He pushed for stronger privacy laws in Canada and more authority for regulators to inspect and penalize companies.
[Facebook said on Wednesday that it expected to be fined up to $5 billion by the Federal Trade Commission over privacy violations.]
“They told us outright that they do not agree with our legal findings,” Mr. Therrien said. “I find that absolutely untenable that a company can tell a regulator that it does not respect its findings.”“They told us outright that they do not agree with our legal findings,” Mr. Therrien said. “I find that absolutely untenable that a company can tell a regulator that it does not respect its findings.”
Facebook did not immediately respond to a request for comment. Regulators said the company refused to allow audits of its privacy procedures over the next five years. Canada passed its first digital privacy legislation in 2000, later updating it with stricter consent rules, but regulators never adopted the stiff fines and investigative powers authorized by their European counterparts.
“The problem in Canada is that there is no deterrent whatsoever,” said Michael McEvoy, who runs the privacy regulator in British Columbia.
Officials said Facebook refused to allow audits of its privacy procedures. But in a statement, the company said it had “proactively taken important steps towards tackling a number of issues raised in the report” and had offered to enter a compliance agreement with Mr. Therrien’s office.
“After many months of good-faith cooperation and lengthy negotiations, we are disappointed” that regulators consider the issues raised in this report unresolved, the company said.
Pressure is increasing on Facebook from regulators in a number of countries.Pressure is increasing on Facebook from regulators in a number of countries.
On Thursday, Ireland’s Data Protection Commission said it opened an investigation into Facebook after being told by the company that hundreds of millions of user passwords were stored in plain-text format on its internal servers. On Wednesday, Facebook said that it expected to be fined up to $5 billion by the Federal Trade Commission for privacy violations. On Thursday, Ireland’s Data Protection Commission said it had opened an investigation into Facebook after the company told it that hundreds of millions of user passwords were stored in plain-text format on its internal servers. On Wednesday, Facebook said it expected to be fined up to $5 billion by the Federal Trade Commission for privacy violations.
In Canada, Mr. Therrien called for new laws that would allow his office to regularly examine the privacy practices of Facebook and other social media companies without waiting for a public complaint.In Canada, Mr. Therrien called for new laws that would allow his office to regularly examine the privacy practices of Facebook and other social media companies without waiting for a public complaint.
[Want more Canadian coverage in your inbox? Sign up for the Canada Letter newsletter.] Other Canadian officials have complained about inaction from social media companies over election interference, although a federal election scheduled for October makes it unlikely that any new laws will appear until at least next year.
The complexity of Facebook’s systems and the company’s general opaqueness, he said, make it likely that users are unaware that the company is violating their privacy or breaking Canadian laws. The complexity of Facebook’s systems and the company’s general opaqueness, Mr. Therrien said, make it likely that users are unaware that the company is violating their privacy or breaking Canadian laws.
The Canadian investigation was launched following reports last year that Cambridge Analytica, a political data firm hired by President Trump’s 2016 election campaign, gained access to personal data on up to 87 million Facebook users. Some 622,000 Canadians may have been affected, according to the regulators. The Canadian investigation began after reports last year that Cambridge Analytica, a political data firm hired by President Trump’s 2016 election campaign, gained access to personal data on up to 87 million Facebook users. Some 622,000 Canadians may have been affected, according to the regulators.
The unauthorized access could have been avoided or alleviated if Facebook followed recommendations issued in 2009 after a similar investigation by the federal privacy commissioner, the regulators said. The unauthorized access could have been avoided or alleviated if Facebook had followed recommendations issued in 2009 after a similar investigation by the federal privacy commissioner, the regulators said.
Facebook said in its statement that “there’s no evidence that Canadians’ data was shared with Cambridge Analytica, and we’ve made dramatic improvements to our platform to protect people’s personal information.”
In a symbolic gesture, Mr. Therrien said his office was closing its Facebook account.