Regulating Social Networking: Lessons from Canada
AbstractIn recent years, an increasing numbers of internet users have become regular users of on-line social networking services such as Facebook, MySpace, LinkedIn and Second Life. These services provide a social space for users to connect with friends, network with business contacts and create “virtual” alter egos. Regulators have begun to take a particular interest in the privacy practices of social networking services. One of the most significant initiatives in this respect was recently undertaken by the Office of the Privacy Commissioner of Canada, in the form of a 113 page report on its investigation and critique of Facebook’s privacy policies and practices.Notably, the investigation addressed a range of the privacy concerns cited above: (i) collection and use of personal information by third-party application developers; (ii) account deactivation and deletion; (iii) accounts of deceased users; and (iv) the collection of personal information of non-users. This report is worthy of closer examination for a number of reasons. First, it provides useful lessons to both users and providers of social networking services, in identifying and suggesting solutions to certain privacy risk areas. This report also illustrates the willingness of the Office of the Privacy Commissioner of Canada to investigate, and publicly report on, the privacy practices of non-Canadian organizations. Finally, this report provides some significant direction on how overtly the purposes for personal information should be identified to each subject individual.