June 18 2012 for the London Free Press
Read this on Canoe
Canada’s Privacy Commissioner Jennifer Stoddart is concerned that without financial penalties, some social media companies will continue to ignore Canadian privacy laws.
The commissioner recently appeared before the House of Commons to discuss stronger financial penalties for privacy violations in response to what she described as the apparent disregard some social media companies are showing for Canadian privacy laws.
There aren’t any financial penalties for those who violate the Personal Information Protection and Electronic Documents Act (PIPEDA).
“The problem with social media companies is generally their lack of transparency with regulatory authorities,” she said.
Social media companies amass a “staggering” amount of personal information from Canadians, she said, and though strides have been made to protect those details, she still has concerns about how they’re handled.
Social media use continues to grow and plays a predominate role in our everyday lives. The commissioner’s office has been trying to keep pace with the ever-changing developments within this industry.
The commissioner’s office has recognized that social media default settings in effect use opt-out consent for the use of personal information. On some websites, much of the personal information being shared by users, including photographs, marital status, age, and hobbies, is sensitive and should require express consent.
These services often do not inform users of the extent to which their personal information may be shared through default privacy settings.
Stoddart found Facebook was particularly guilty of this, although it’s made some changes to improve notification of the default privacy settings to users.
University of Ottawa law professor Michael Geist suggests that in some respects, social media and Internet companies are the most powerful decision makers regarding privacy.
He says the “devil is in the defaults.” The choices made by social media companies with respect to default privacy settings are the de facto privacy choices for millions of users.
Stoddart says other countries are moving to more robust enforcement regimes, but Canada may fall behind and PIPEDA is too weak from an enforcement perspective.
She hopes MPs will enact greater enforcement powers and greater accountability standards for companies within PIPEDA. Stoddart said with barely any penalties for breaching its provisions, there is little incentive for companies to invest in better data protection. She feels if there were stricter penalties for companies that would affect their bottom line, they would be more inclined to adhere to the privacy laws.
Questions to ponder include:
Would the ability to collect financial penalties for PIPEDA violations make a difference?
Does the newness of social media products make it inherently difficult to get privacy right?
Does the complexity of social media products make it inherently difficult to create clear and simple privacy policies and choices?
Given pressure to generate revenue, do social media companies tend to set default choices to favour greater use of user data over privacy?
Do some social media companies just not put enough thought into privacy issues upfront?