BreachOfPrivacy
Menu
Register / Login

No account? Contact us

Decisions/Federal (Canada)/Personal Information Protection and Electronic Documents Act/Commissioner’s Findings - PIPEDA Case Summary #2009-008: Report of Findings: CIPPIC v. Facebook Inc.
Federal (Canada)Office of the Privacy Commissioner of CanadaPersonal Information Protection and Electronic Documents ActCommissioner’s Findings - PIPEDA Case Summary #2009-008Well-founded & resolved
Flag of Canada

Commissioner’s Findings - PIPEDA Case Summary #2009-008: Report of Findings: CIPPIC v. Facebook Inc.

Organization: Facebook Inc.Complainant: Canadian Internet Policy and Public Interest Clinic (CIPPIC)
Decision: Jul 16, 2009Published: Jul 16, 2009
Official Decision ↗BookmarkView Governing Law
Plain-Language Summary

CIPPIC filed a complaint alleging 24 violations of PIPEDA by Facebook across 12 subjects, focusing on knowledge and consent. The Assistant Privacy Commissioner found Facebook contravened the Act in areas such as default privacy settings, advertising, third-party applications, account deactivation/deletion, deceased users' accounts, and non-users' personal information. While some allegations were resolved through Facebook's proposed corrective measures, others remained unresolved, particularly concerning third-party applications and the safeguarding of user data.

Key Issues
  • Adequacy of notice and consent for collection, use, and disclosure of personal information.
  • Sufficiency of security safeguards for personal information.
  • Transparency regarding new uses of personal information and the implications of privacy settings.
  • Handling of personal information of non-users and deceased users.
Outcome

Partially upheld, partially resolved, and partially unresolved allegations.

Reasoning

The investigation found violations of PIPEDA in several areas, leading to corrective measures and unresolved issues. However, some allegations were not well-founded, and others were resolved. This mix of findings leads to a 'mixed' outcome class.

AI-generated summary for reference only. Always verify against the official decision ↗

Decision Notes
Recommended action / remedy

Facebook was recommended to implement corrective measures for resolved allegations and reconsider recommendations for unresolved issues, including improving clarity on data use, enhancing safeguards, and providing better notification to users.

Statutory provisions cited
  • Principle 4.3 PIPEDA
  • Principle 4.2.3 PIPEDA
  • Principle 4.7 PIPEDA
  • Principle 4.3.2 PIPEDA
  • Principle 4.5 PIPEDA
  • Principle 4.3.5 PIPEDA
  • Principle 4.8 PIPEDA
  • Principle 4.3.3 PIPEDA
  • Principle 4.2.1 PIPEDA
  • Principle 4.5.3 PIPEDA
  • Principle 4.3.6 PIPEDA
  • Principle 4.3.8 PIPEDA
  • Principle 4.1.3 PIPEDA
  • Principle 4.4.1 PIPEDA
  • subsection 5(3) PIPEDA
  • Principle 4.2.4 PIPEDA
  • Principle 4.5.2 PIPEDA
  • Principle 4.1.4 PIPEDA

This is an informational summary and not legal advice.