Aussie privacy watchdog puts bite on Facebook

The Australian Privacy Commissioner says Facebook could be breaching Australian privacy laws.

Karen Curtis's comments come after her Canadian counterpart, Jennifer Stoddart, released the results of her exhaustive investigation into the popular social networking site last week, finding there were "serious privacy gaps in the way the site operates".

She found Facebook was breaching Canadian law by holding on to users' information indefinitely and by providing "often confusing or incomplete" information about its privacy practices.

Stoddart also criticised Facebook for failing to block its hundreds of thousands of third-party application developers from accessing the personal details of the site's 250 million users.

Stoddart gave Facebook 30 days to address her criticisms, after which she will have the power to take the case to court to force compliance.

"A number of the privacy issues raised by the Canadian Privacy Commissioner could arise under the Australian Privacy Act," Curtis said.

"For example, indefinite retention of personal information (after a user has deactivated their account) could be contrary to National Privacy Principle 4.2 of our Act, which requires that organisations take reasonable steps to destroy or permanently de-identify personal information it no longer has any lawful use for."

Curtis said she encouraged Facebook, which has about 6 million Australian users, and other social networking sites, to assess their practices against the principles in the Australian Privacy Act.

She said she was looking forward to seeing how Facebook responded to the issues raised in Canada but any Australians who believed their privacy had been breached by Facebook could contact her office.

 The Australian Privacy Foundation put pressure on Curtis to enter the debate on Tuesday, noting that Australian and Canadian privacy laws were similar.

Dan Svantesson, a spokesman for the foundation and law professor at Bond University, was particularly concerned about the policy of keeping personal information indefinitely and the ability of third-party developers to access personal details.

"With such third-party providers being found in some 180 countries, there is a significant risk that personal information is transferred to countries lacking adequate privacy regulation," he said.

"Put simply, Australian Facebook users then lose any effective control of how their personal information is used, and the protection afforded by Australia law may be lost."

But Svantesson noted that Facebook was by no means the only internet company that has failed to provide users with clear and accessible information about, and appropriate tools to control, the use of their personal information.

Facebook said in a statement that it was the industry leader in developing and deploying privacy tools and advocating their use.

"Facebook will soon be introducing a number of new additional privacy features to its service that we believe will keep the site at the forefront of user privacy and address any remaining concerns the commission may have," it said.

- © Fairfax NZ News