The federal government has launched an investigation into allegations the Royal Bank of Canada had access to the private Facebook messages of people using its app, Privacy Commissioner Daniel Therrien has told MPs.
The New York Times reported in December that RBC, Spotify and Netflix had all been given the ability to read the private messages of Facebook users who connected with the businesses.
Spotify and Netflix admitted they had been granted the ability, but said they didn’t use it.
RBC, Canada’s largest bank, denied it had access to the messages.
But last week a Facebook spokesperson told The Tyee that RBC did have the ability to read, write and delete private messages by Facebook members using its app between 2013 and 2015.
MP Charlie Angus raised Facebook’s statement to The Tyee with Therrien during a Jan. 31 meeting of the parliamentary Standing Committee on Access to Information, Privacy and Ethics.
“[RBC] said they never had those privileges; they never did that. The Tyee is now reporting that Facebook has told them that RBC had the capacity to read, write and delete private messages of Facebook users who were using the banking app,” said Angus, the committee’s vice-chair. “Have you looked into that? Do you think it's something that requires followup? Should we take RBC's word for it?”
Therrien confirmed his office is investigating.
“We actually received complaints from individuals on whether or not the Royal Bank was violating PIPEDA [The Personal Information Protection and Electronic Documents Act] in some way in receiving information in that way,” he replied.
“That question is the subject of a separate investigation,” said Therrien.
The investigation is separate from investigations into Facebook related to revelations about the practices of Cambridge Analytica and Victoria-based AggregateIQ, Therrien said.
The government told The Tyee it was “not in a position to add further details” due to the act’s rules.