The social network has been slammed for giving out personal information to third party application games and quiz developers, and for confusing web users about when their personal data is stored by Facebook rather than deleted. The Commissioner said applications developers had ‘virtually unrestricted access to Facebook users' personal information'.
Facebook said it would introduce a new permissions model that will require developers to specify the categories of information they wish to access and obtain express consent from the user before any data is shared.
Facebook said people would be able to make more informed choices about protecting their privacy.
The changes come in response to the Privacy Commissioner of Canada's recent investigation into the site's privacy policies and practices and will bring Facebook in line with the requirements of privacy laws.
Facebook was given 30 days to respond to the Commissioner's report and explain how it would address outstanding concerns.
Facebook has agreed to prevent any application from accessing information until it obtains express consent for each category of personal information it wishes to access. The user will be able to control which categories of information an application is permitted to access. There will also be a link to a statement by the developer to explain how it will use the data.
Facebook has agreed to make it clear to users in its privacy policy that they have the option of either deactivating their account or deleting their account. Facebook also said it would be clear in its privacy policy that it will keep a user's profile online after death so that friends can post comments and pay tribute.
Facebook will make the changes over the next 12 months.
.jpg)
.jpg)