Privacy Compliance Problems for Facebook

IEEE Technology and Society Magazine, V31.2, 2012

6 Pages Posted: 22 May 2015

See all articles by Anna Johnston

Anna Johnston

Salinger Privacy

Stephen Wilson

Lockstep Consulting Pty Ltd

Date Written: December 1, 2011


Facebook is an Internet and societal phenomenon. In just a few years it has claimed a significant proportion of the world’s population as regular users, becoming by far the most dominant Online Social Network (OSN). With its success has come a good deal of controversy, especially over privacy. Does Facebook and its kin herald a true shift in privacy values, or despite occasional reckless revelations, are most users actually as reserved as ever? We argue it’s too early to draw conclusions about society as a whole from the OSN experience to date, However, Facebook in particular brings a number of compliance risks in jurisdictions that have enacted modern Information Privacy Law.

Over 70 jurisdictions worldwide now have enacted data privacy laws around half of which are based on privacy principles articulated by the Organisation for Economic Cooperation and Development (OECD). Amongst these are the Collection Limitation Principle which requires data custodians to not gather more personal information than they need for the tasks at hand, and the Use Limitation Principle which dictates that personal information collected for one purpose not be arbitrarily used for others without consent.

In many jurisdictions, Facebook may not be complying with local data privacy laws. This article examines a number of areas of privacy compliance risk for Facebook. We focus on several ways in which Facebook collects personal inform-ation indirectly, through the import of members’ email address books for ‘finding friends’, and the tagging of friends as being in one’s company when using the ‘places’ feature. The ease of registration as a new member, combined with a lack of transparency about collection practices and permissive default privacy settings, lead to many opportunities for misadventure. Taking the National Privacy Principles from the Privacy Act 1988 (Cth) as our guide, we identify a number of potential breaches of privacy law, arising in part because Facebook administrators appear not to avail themselves of alternative means for managing personal information.

Keywords: facebook, consent, privacy, data protection, social networking, OSN, social media

Suggested Citation

Johnston, Anna and Wilson, Stephen, Privacy Compliance Problems for Facebook (December 1, 2011). IEEE Technology and Society Magazine, V31.2, 2012, Available at SSRN:

Anna Johnston (Contact Author)

Salinger Privacy ( email )

PO Box 1250
Manly, NSW 1655

Stephen Wilson

Lockstep Consulting Pty Ltd ( email )

11 Minnesota Ave
Five Dock, NSW 2046

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics