The investigation was particularly critical of privacy concerns surrounding third-party applications:
• "Our major concerns are about the broad access third parties have to individual's information," said Elizabeth Denham, assistant privacy commissioner.
• Facebook “was not taking responsibility for the personal information transferred to third-party developers…”
• Third-party applications can copy users’ personal information from the Facebook site to their own servers, many of which are located in other countries (a total of 180 other countries according to the privacy commissioner). Facebook acknowledged they lose control over what the third-party vendors do with all the personal information that they collect. We're Related is a popular third-party genealogy application on Facebook.
Facebook was also criticised for retaining user information after an account had been deactivated. The report also suggested that Facebook stop the practice of retaining the e-mail addresses of non-users who were invited by users to join Facebook.
Basically, the Facebook privacy consent form is so broad that it allows Facebook considerable latitude to do whatever it wants with any personal information it collects. It passes most of this information on to third party vendors whenever a user signs up for a third-party application (such as We're Related) regardless of the privacy setting set by the user. Facebook takes no responsibility for what any third-party vendor might do with the information. Many third-party vendors are located in foreign countries.
While the privacy investigation was directly aimed at Facebook, the report was clear that users of social network sites also have a responsibility. This is particularly true for genealogy, which by its nature deals in a lot of personal information. After all, it is hard to discover an ancestor without knowing their name, where they were born and when they were born. Along the way, genealogists also tend to collect a host of other information about people they are related to. Collecting information is one thing. What to do with the information and how it is disseminated to others is something entirely different.
Genealogists as a group are not particularly good at distinguishing two things:
• The personal information about a living individual is fundamentally very different than the personal information about a long-dead relative. The standard of care that should be applied to information about living individuals needs to be much much higher than that of a long-dead relative.
• All information about family members and ancestors is by definition personal and private. Showing such information to a friend on a one-to-one basis is also much more different than posting the information on the web. As Facebook has already proven, the default on the web is that the information will be available for anyone and everyone in the world to see.
A basic tenet of law in most countries is that people have to give their permission before allowing anyone to collect or disseminate personal information about them. And yet, as the privacy investigation from Canada reveals, social network sites often run roughshod over such basic principles.
People often release personal information about other people on social network sites without even thinking about the fact that they are violating someone’s privacy. Genealogists are potentially at the forefront of such issues and yet few genealogists realize that publishing someone’s name, date of birth and where they were born is more than sufficient information for most criminals to carry out identity theft.
Facebook’s chilling privacy practices are an issue that has been brewing for weeks and yet it has been mind-numbingly ignored by the vast majority of the genealogy community. We have already written about this issue three times in the past five months (see Europe Demands Privacy Standards for Social Networking Sites, Privacy Fears Raised over Genealogy Application on Facebook and Who Owns Your Online Genealogy Information). Now, hopefully, the issue has become too big for the genealogy community to ignore.
Although this particular privacy ruling was directed against Facebook and not specifically at genealogy or the We're Related application, it may have a profound impact in the future on the trading of online genealogy information.
1 | 2 |