Global fintech and funding innovation ecosystem

Federal Privacy Commissioner Quietly Closed Investigation of RBC

The Tyee | Bryan Carney | Aug 26, 2021

Privacy commissioner investigation of RBC - Federal Privacy Commissioner Quietly Closed Investigation of RBC

Facebook says it gave Canada’s largest bank, RBC, the ability to read users’ private messages. But the results of its investigation remain secret.

An investigation into allegations that select companies — including RBC, Canada’s largest bank — were given access to the private Facebook messages of people using their apps has been shut down by Canada’s privacy watchdog.

The Tyee first broke the news that Canada’s Office of the Privacy Commissioner was investigating RBC in February 2019, following a 2018 New York Times exposé on Facebook “partners” that were exempted, or “whitelisted,” from tighter data rules implemented in 2014-2015 in the wake of privacy scandals at Facebook.

These special “partners” — such as RBC, Netflix, Amazon, Spotify and others — were given access to every private message sent or received using Messenger, Facebook’s popular messaging platform, when users of the partner company apps linked them to their Facebook profiles.

See:  Chelsea Manning Is Hacking Again, This Time For A Bitcoin-Based Privacy Startup

Because the data made available to these partners consisted of private messages, it was potentially more revealing and violated more privacy expectations than the data infamously acquired in the Facebook-Cambridge Analytica data scandal, which allowed outside developers to gather data such as likes and friend lists on not only app users, but their friends.

The whitelisting deal involved access up to a decade’s worth of private messages sent to or received from friends of app users with an expectation of privacy.

Although the full extent of exposure through whitelisting remains unknown, there is the potential for the same kind of multiplier effect seen in the Cambridge Analytica case, in which 87 million Facebook profiles were harvested based on the responses of just 270,000 people who unwittingly allowed access to their friends’ Facebook activities by downloading an app.

This is because each app user who connected to Messenger will have exposed their messages to Facebook partners from every person who ever messaged them — whether those other parties had installed the app or not.

In 2018, when news broke about special agreements allowing some companies’ continued access to Facebook data — internally known as “whitelists” — Spotify and Netflix admitted they had the extra abilities, but claimed they weren’t aware or didn’t use them.

See:  U.S. and States Say Facebook Illegally Crushed Competition

RBC was also named and had the same privileges — as shown in leaked Facebook emails detailed in the New York Times — but denied it ever had access.

Facebook confirmed directly to The Tyee that the bank had access to read, write and delete its app users’ private Facebook messages. Facebook declined to say if or how many times those privileges were used by the bank.

The Office of the Privacy Commissioner has confirmed to The Tyee that it shut down its two-year-long investigation of RBC five months ago, without any announcement. The office wouldn’t provide any information on its findings. It pointed instead at ongoing legal proceedings, targeting Facebook only, as the best course of action.

The end of the investigation may mean that Canadians and lawmakers, as MP Charlie Angus put it in a Jan. 31, 2019 meeting of Parliament’s Standing Committee on Access to Information, Privacy and Ethics — will have to “take RBC’s word for it” that the data wasn’t accessed, stored or misused.

Privacy Commissioner Daniel Therrien confirmed earlier that there had been several complaints “on whether or not the Royal Bank was violating PIPEDA [Personal Information Protection and Electronic Documents Act]” and that “RBC’s alleged role in receiving information from Facebook” was the subject of an investigation.

Continue to the full article --> here


NCFA Jan 2018 resize - Federal Privacy Commissioner Quietly Closed Investigation of RBC The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit:

Latest news - Federal Privacy Commissioner Quietly Closed Investigation of RBCFF Logo 400 v3 - Federal Privacy Commissioner Quietly Closed Investigation of RBCcommunity social impact - Federal Privacy Commissioner Quietly Closed Investigation of RBC

Support NCFA by Following us on Twitter!

NCFA Sign up for our newsletter - Federal Privacy Commissioner Quietly Closed Investigation of RBC


Leave a Reply

Your email address will not be published. Required fields are marked *

3 × 3 =