Canadian regulators say Facebook broke privacy laws
- Third party organisations got access to user data
- Facebook admits the "harvesting"
- "Superficial and ineffective safeguards and consent mechanisms"
- Regulator's powers too limited to bring Facebook to heel
As regulators across the globe at last begin to pile the pressure on Facebook with the intent of introducing legislation to bring the arrogant and wayward company to heel, comes the news that an investigation by the Office of the Privacy Commissioner of Canada (OPC), together with the Information and Privacy Commissioner for the province of British Colombia, has proven that Facebook flouted and broke national federal and provincial local laws by allowing third party organisations to have access to the private information it holds on millions of users of the social network via "superficial and ineffective safeguards and consent mechanisms."
As if that's not bad enough, the Commissioner says Facebook admits that the breaches took place but has refused to adapt or mend the systems and processes that allowed the exposures in the first place. Speaking yesterday in the Canadian capital, Ottawa, Daniel Therrein, the head of the OPC, observed that "there's a significant gap between what they [i.e. those at Facebook] say and what they do." He's not the first to realise that and as sure as hell he won't be the last.
The trouble is, of course, that in common with many regulatory bodies around the world, the OPC has limited powers to force Facebook to do anything - apart from imposing a fine which, no matter how heavy (and Facebook has already set aside five billion dollars to meet fines that are expected to be levied on it in the next few months) is nothing more than an irrelevant gnat bite to the leathery carapace that encloses the gargantuan finances of the corporation.
That's why the OPC, (and many other regulators in many other countries), are now seeking expanded powers, including the right to inspect and police Facebook and its ilk, and to have the authority swiftly to impose swingeing and meaningful deterrent penalties where it is found that regulations have been flouted and privacy laws broken. The OPC is also pushing for new and greatly expanded privacy legislation to be passed because current laws and regulatory practices are totally ineffective. There is no point in sicc'ing a toothless watchdog on to massive organisations that just don't give a damn - and Facebook doesn't.
Facebook can safely ignore toothless Canadian regulators
For his part, Daniel Therrein is mightily exercised by Facebook's arrogance. He said, "They told us outright that they do not agree with our legal findings. I find it absolutely untenable that a company can tell a regulator that it does not respect its findings." he also reported that Facebook point-blank refused to allow the regulator to audit its privacy protocols and processes.
In a statement, a Facebook apparatchik said the company had “proactively taken important steps towards tackling a number of issues raised in the [OPC] report", adding, "After many months of good-faith cooperation and lengthy negotiations, we are disappointed that regulators consider the issues raised in this report unresolved."
Mr Therrein responded to this by saying that the sheer complexity of Facebook's systems and processes and the institutionalised and deliberate lack of transparency that the company practices makes it all the more likely that Facebook is riding roughshod over Canada's privacy laws.
The investigation began after the Cambridge Analytica scandal broke and it was revealed that the company had gained access to the private personal data of 87 million Facebook users and had "harvested" the information with the sole intent of boosting the election chances of Donald Trump. After an avalanche of evidence was adduced it eventually became impossible for Facebook to continue to deny that user data had been accessed. And so, in the end it was the Booster Seat Boy himself, the ineffable Mark Zuckerberg, who was forced by outraged public opinion to apologise for what he acknowledged was "a major breach of trust".
The OPC (acting on behalf of the 668,000 Canadians whose data had been illegally "harvested") by Cambridge Analytica) said that Facebook had simply ignored rulings and recommendations that would have helped prevent the huge breaches of privacy and had done so for more than a decade.
Facebook says “there is no evidence that Canadians’ data was shared with Cambridge Analytica, and we have made dramatic improvements to our platform to protect people’s personal information.” We'll see about that when the next scandal erupts.