Canada's privacy commissioner is concerned about some social media companies ignoring privacy laws, and said today that Parliament should impose stronger sanctions when they are broken.
Jennifer Stoddart told the House of Commons access to information, privacy, and ethics committee that social media companies amass a "staggering" amount of personal information from Canadians, and that while strides have been made to protect those details, she still has significant concerns about how they are handled.
"This is the age of big data where personal information is the currency that Canadians and others around the world freely give away," she said.
"I have become very concerned about the apparent disregard that some of these social media companies have shown for Canadian privacy laws," said Stoddart.
Her office has been keeping a close eye on social media companies for several years and she hasn't shied away from taking on heavyweights such as Facebook and Google over their privacy policies.
She said Tuesday that her office has almost continuously been investigating Facebook since 2009, and initial investigations revealed the social media giant wasn't following Canada's privacy law, but compliance has increased more recently.
"The problem with social media companies is generally their lack of transparency with regulatory authorities," she said.
Other countries are moving towards more robust enforcement regimes, but Stoddart said Canada is at risk of falling behind and that the existing law – the personal information protection and electronic documents act (PIPEDA) – is too weak.
PIPEDA is due for a mandatory five-year review by Parliament, and the privacy watchdog said she hopes that MPs will push for greater enforcement powers and greater accountability standards for companies within the legislation.
There is currently almost no penalty if a company fails to report a privacy breach to either consumers or her office, Stoddart said, and there is little incentive for companies to invest in better data protection systems.
If there were stricter penalties for companies that would affect their bottom lines, they would be more inclined to adhere to the privacy laws, she suggested.
"I believe companies take notice … when they are subject to major fines or some kind of enforcement action. We have very limited power in that regard, and I believe more respect would be shown to Canada's laws if we did have that power," she said.