TORONTO.– Facebook Inc. is refusing to comply with Canada’s privacy laws and assume responsibility for protecting citizens’ personal information, regulators said Thursday.
Two Canadian privacy watchdogs said that they discovered through a year-long joint investigation that Facebook had committed serious contraventions of Canada’s privacy laws but that the online social media giant has ignored their calls to correct the situation.
The Menlo Park, California-based company «refuses to implement recommendations to address deficiencies,» the Office of the Privacy Commissioner of Canada and the Office of the Information and Privacy Commissioner for British Columbia said in a news release accompanying a report they published Thursday about the Facebook-Cambridge Analytica data scandal.
In a news release, Privacy Commissioner of Canada Daniel Therrien said that Facebook’s «refusal to act responsibly is deeply troubling given the vast amount of sensitive personal information users have entrusted to this company.»
His office said it will take the matter to Federal Court in a bid to «force the company to correct its privacy practices.»
Therrien added that although the social media giant has publicly acknowledged a «major breach of trust» in the Facebook-Cambridge Analytica scandal, which erupted last year, the company disputes the investigation’s findings and refuses to recognize that it broke Canada’s privacy laws.
«The stark contradiction between Facebook’s public promises to mend its ways on privacy and its refusal to address the serious problems we’ve identified – or even acknowledge that it broke the law – is extremely concerning,» he said.
The regulators said the matter is particularly troubling because many of the failures they discovered had already been identified in a 2009 investigation conducted by the federal Commissioner’s office.
«If Facebook had implemented the 2009 investigation’s recommendations meaningfully, the risk of unauthorized access and use of Canadians’ personal information by third party apps could have been avoided or significantly mitigated.»
Referring to the Facebook-Cambridge Analytica data scandal, the report released Thursday recalled that the social media giant’s «superficial and ineffective safeguards and consent mechanisms resulted in a third-party app’s unauthorized access to the information of millions of Facebook users.»
Some of the information obtained by the app, which at one point was called «This Is Your Digital Life» and encouraged users to complete a personality quiz, was subsequently used for political purposes, the watchdogs noted.
The regulators said Facebook failed to obtain «meaningful consent» from both the users who installed the app as well as those users’ «friends,» whose personal information also was accessed by third parties.
The company did not exercise «proper oversight with respect to the privacy practices of apps on its platform,» the watchdogs said.
Facebook protected against unauthorized access to user information by relying on contractual terms with apps, they said, though adding that the social media giant’s «approach to monitoring compliance with those terms was wholly inadequate.»
The company also «attempted to shift responsibility for protecting personal information to the apps on its platform, as well as to users themselves,» the news release said.
The regulators said that approach runs counter to a basic principle of privacy laws, which establish that «organizations are responsible for the personal information under their control.»