Forgetting, Non-Forgetting and Quasi-Forgetting in Social Networking: Canadian Policy and Corporate Practice
21 Pages Posted: 30 Jan 2013 Last revised: 3 Mar 2013
Date Written: January 28, 2013
In this paper we analyze some of the practical realities around deleting personal data on social networks with respect to the Canadian regime of privacy protection. We first discuss the extent to which Canadian privacy law imposes access, deletion, and retention requirements on data brokers. After this discussion we turn to corporate organizational practices. Our analyses of social networking sites’ privacy policies reveal how poorly companies recognize the right to have one’s personal information deleted in their existing privacy commitments and practices. Next, we turn to Law Enforcement Authorities (LEAs) and how their practices challenge the deletion requirements because of LEAs’ own capture, processing, and retention of social networking information. We conclude by identifying lessons from the Canadian experience and raising them against the intense transatlantic struggle over the scope of the deletion of data stored in cloud-based computing infrastructures.
Keywords: privacy, data protection, social networking, Canada, EU
Suggested Citation: Suggested Citation