Canada’s privacy czar said Thursday that he is taking Facebook to court after finding that lax practices at the social media giant allowed personal information to be used for political purposes.
A joint report from privacy commissioner Daniel Therrien and his British Columbia counterpart said major shortcomings were uncovered in Facebook’s procedures. It called for stronger laws to protect Canadians.
The commissioners expressed dismay that Facebook had rebuffed their findings and recommendations.
Facebook insisted it took the investigation seriously. The company said it offered to enter into a compliance agreement.
The Canadian report comes as Ireland’s privacy regulator is investigating Facebook over the company’s recent revelation that it had left hundreds of millions of user passwords exposed.
The Canadian probe followed reports that Facebook let an outside organization use an app to access users’ personal information and that some of the data was then passed to others. Recipients of the information included the firm Cambridge Analytica.
The app, at one point known as “This is Your Digital Life,” encouraged users to complete a personality quiz but collected much more information about those who installed the app as well as data about their Facebook friends, the commissioners said.
About 300,000 Facebook users worldwide added the app, leading to the potential disclosure of the personal information of approximately 87 million others, including more than 600,000 Canadians, the report said.
The commissioners concluded that Facebook broke Canada’s privacy law governing companies by failing to obtain valid and meaningful consent of installing users and their friends and that it had “inadequate safeguards” to protect user information.
Despite its public acknowledgment of a “major breach of trust” in the Cambridge Analytica scandal, Facebook disputes the report’s findings and refuses to implement recommendations, the commissioners said.
“Facebook’s refusal to act responsibly is deeply troubling given the vast amount of sensitive information people have entrusted to this company,” Therrien said. “The company’s privacy framework was empty.”
Therrien reiterated his longstanding call for the Canadian government to give him authority to issue binding orders to companies and levy fines for non-compliance with the law. In addition, he wants powers to inspect the practices of organizations.
The office of Innovation Minister Navdeep Bains, the Cabinet member responsible for Canada’s private-sector privacy law, said the government would take concrete actions on privacy in coming weeks.
Facebook Canada spokeswoman Erin Taylor said the company was disappointed that Therrien considers the issues unresolved.
“There’s no evidence that Canadians’ data was shared with Cambridge Analytica, and we’ve made dramatic improvements to our platform to protect people’s personal information,” Taylor said.
“We understand our responsibility to protect people’s personal information, which is why we’ve proactively taken important steps toward tackling a number of issues raised in the report.”
If the application to Federal Court is successful, it could lead to modest fines and an order for Facebook to revamp its privacy practices, Therrien said.
Also on Thursday, the New York State Attorney General’s Office announced that it is investigating the company’s unauthorized collection of the email contacts of 1.5 million users. Facebook has previously acknowledged that it unintentionally uploaded the contacts.
The Menlo Park, California, said it is “in touch with the New York State attorney general’s office and (is) responding to their questions on this matter.”