Are We Done Freaking Out? Canada Commends Facebook’s Privacy Progress

You can put down your pitchforks and torches. An investigation by the Privacy Commissioner of Canada found three recent complaints against Facebook were either unfounded, resolved, or both. Considering most government privacy audits end with demands for specific changes, this looks like a win for the folks at 1 Hacker Way.

The Commissioner’s only criticism was that it was “disappointed that Facebook hadn’t anticipated the widespread privacy concerns that followed the launch of its ‘friend suggestion’ feature”. That feature was widely misinterpreted to be accessing user email accounts without consent. It wasn’t, but Facebook may need to assume that its past mistakes and years of privacy fear-mongering by the media will lead people to assume the worst.

The Privacy Commissioner of Canada released these findings to its investigation of the three complaints:

  • Friend suggestions: Upon receiving emails to join the site including friend suggestions depicting Facebook members they indeed knew, some non-members alleged Facebook must have accessed their email address books without consent. Our investigation found no evidence of this, but did find that Facebook had used their email addresses to generate friend suggestions without proper knowledge and consent. During the investigation, Facebook addressed our concerns, and the complaints were deemed to be well-founded and resolved.
  • Social plug-ins such as “Like” or “Recommend” icons:  A complainant alleged that Facebook and third party sites hosting its plug-ins were collecting and sharing information about users without their knowledge and consent. Our investigation found that Facebook was not sharing the personal information of its users with organizations hosting social plug-ins. As such, the complaint was determined to be not well-founded.
  • Authentication practices to confirm a user’s identity: This complainant alleged that Facebook collected more personal information than necessary in order to grant access to a user’s Facebook account. Our investigation found that Facebook had clearly informed its users of the purpose of the collection as a security measure. In the end, the complaint was determined to be not well-founded.

Facebook will also come out largely unscathed from some European privacy complaints that surfaced yesterday. Critics said it missed deadlines for changes it promised the Irish Data Protection, but it looks like Facebook will have until July 2012 to improve its practices.

Could it be that we’re finally emerging from years of misguided privacy fears? Facebook has definitely made some mistakes over the years, such as forcing private interests to become public Likes, and some people don’t like their data being used to power ad targeting. But it seems people are growing to accept that Facebook isn’t deliberately trying to invade their privacy. Remember years ago when Facebook Beacon shared your offsite activity with your friends? Now millions of people are installing Open Graph apps that publish what they watch, read, hear, and buy.