It’s possible Canadians’ private Facebook messages may have been shared without their consent as part of a massive data extraction scandal, a senior leader at Facebook confirmed to the House of Commons Standing Committee on Access to Information, Privacy and Ethics.
The confirmation marked the first time Facebook had publicly confirmed that Canadian users may be among the 87 million whose messages were collected by Your Digital Life and sold to Cambridge Analytica in recent years. Kevin Chan, head of Facebook Canada and Robert Sherman, deputy privacy officer of Facebook Inc., appeared before the committee this morning. The two are also part of the committee’s ongoing study of the scandal.
“It is possible that private messages were shared in small amounts,” said Sherman who spoke with the committee from California. “I believe it’s possible but it’s something that we need to confirm.”
An estimated 272 people in Canada downloaded Your Digital Life, and approximately 662,000 Canadians, who were friends with those 272 people, may have had their data scraped as well, according to Sherman.
“We need to find out exactly how many people were affected, we don’t have firm answers on the scale of the problem,” he said, adding Facebook is issuing notices to users whose information was shared.
During a committee meeting yesterday, another Facebook data breach, that may involve the private messages of as many as 48 million users, according to Chris Vickery, director of cyber risk research at UpGuard, was brought to light. And there may be more, Sherman told the committee, when asked if there could be more instances of non-consensual data harvesting.
“It’s certainly possible,” he said.
Facebook will comply with GDPR in Canada
This morning, the Guardian reported that Facebook has moved more than 1.5 billion users out of its international HQ in Ireland to its main offices in California in order to put those users out of reach of Europe’s privacy laws.
The move happened shortly before the new European General Data Protection Regulations (GDPR) come into effect this May, and it caught the attention of MP Charlie Angus, who wasted no time asking Chan if Facebook will take GDPR, and Canadian privacy laws, seriously in Canada.
“Will you commit today to GDPR?” Angus asked repeatedly.
Chan said he wasn’t familiar with the reporting Angus was referring to, and couldn’t provide a straight answer, until Sherman chimed in to say that Canadians will get same privacy protections as other users around the world. Chan followed up by saying Canadian Facebook users are also protected by the Personal Information Protection and Electronic Documents Act (PIPEDA), the federal privacy laws for private-sector organizations.
Sherman said Facebook will follow up with the committee once it has identified exactly how many Canadian accounts were scraped as a result of the data scandal, and what type of information was collected.
The Senior Leader’s Guidebook to Emergency Management and Business Continuity