Canada’s Privacy Commissioner has concluded a 13-month investigation into Facebook, concluding that the social networking site’s policies and practices violate Canadian privacy laws. “It’s clear that privacy issues are top of mind for Facebook, and yet we found serious privacy gaps in the way the site operates,” privacy commissioner Jennifer Stoddart announced on Thursday. The investigation, prompted by a complaint from the Canadian Internet Policy and Public Interest Clinic, identified several areas where Facebook needs to better address privacy issues and bring its practices in line with Canadian privacy law. An overarching concern was that, although Facebook provides information about its privacy practices, it is often confusing or incomplete. For example, the “account settings” page describes how to deactivate accounts, but not how to delete them, which actually removes personal data from Facebook’s servers. In its report, the commissioner recommends more transparency to ensure that the social networking site’s nearly 12 million Canadian users have the information they need to make meaningful decisions about how widely they share personal information. Facebook has agreed to adopt many of the recommendations stemming from the investigationor, in some cases, has proposed reasonable alternatives to the measures recommended. However, there remain a number of recommendations that Facebook has not yet agreed to implement. “We urge Facebook to implement all of our recommendations to further enhance their site, ensure they are in compliance with privacy law, and ultimately show themselves as models of privacy,” said assistant commissioner Elizabeth Denham, who led the investigation on behalf of the office. The Office of the Privacy Commissioner will review after 30 days the actions Facebook takes to comply with the recommendations. The commissioner is empowered to go to Federal Court to seek to have her recommendations enforced.