Three cheers for Canada, which has taken on the might of Facebook and earned promises of tighter security and increased privacy.

"Facebook is promising to make significant technological changes to address the issue we felt was the biggest risk for users - the relatively free flow of personal information to more than one million application developers around the world," said Elizabeth Denham, Assistant Privacy Commissioner of Canada.

The Office of the Privacy Commissioner of Canada spent more than a year reviewing Facebook's privacy policies and controls, and highlighted four key issues. It was most worried about Facebook's "lack of adequate safeguards" to effectively restrict third party application developers from accessing users' personal information, along with information about their online friends.

Application shake-up

In response, Facebook has promised to introduce a new permissions model that will require applications to specify the categories of information they wish to access and obtain express consent from the user before any data is shared. In addition, the user will also have to specifically approve access to their friends' information, which would still be subject to the friend's privacy and application settings.

The Commissioner also had concerns about the "confusing" information about the distinction between account deactivation and deletion, the privacy of non-users who are invited to join the site and Facebook's policy on what happens to a user's account should they die.

Facebook has agreed to revamp its terms of use and privacy policies, with work beginning immediately. However, a statement from the company today noted: "Some changes will take some time before they are visible. For example, updates to the privacy policy will require a notice and comment period for users."

Time for a change

"In addition, the changes to how users share information with third-party applications will require significant time and resources, both for the updating and testing of the new Facebook API, and for third-party application developers to reprogram and test their applications."

Facebook anticipates that the entire process will take approximately 12 months. Assistant Commissioner Denham said, "It's now up to Facebook to demonstrate to us that they are living up to their commitments."