Archive for the ‘Internet’ Category

21 Aug 2017

Privacy Tech-Know Blog: Cookieless Identification and Tracking of Devices


We are regularly told to block or ‘clear our cookies’, or use a private browsing mode, if we don’t want to be tracked as we visit websites. Website operators and marketing, advertising, and other tracking companies, however, have developed other ways of tracking us, called ‘fingerprinting’, which work even if you clear or block your cookies. How prevalent is this kind of cookieless tracking? How accurate is it? And what are the implications for our ability to control our personal information and protect our privacy interests?

Read the rest of this entry »


17 Jul 2017

Privacy Tech-Know Blog: Can We Still Be ‘Just Another Face In The Crowd’?


Facial recognition technologies can quickly identify who you are by automatically analyzing your facial features. The characteristics of your face (your biometric information) may be collected when you apply for an identity document like a passport, when you get your photo taken for an employee badge, or when you upload photos online to social media websites.

Given how many opportunities there are to record our faces, it is time to ask: can we remain anonymous in a crowd?

Read the rest of this entry »


6 Mar 2017

Privacy Tech-Know Blog: Let me virtually assist you


The way we interact with our digital devices has evolved over time: from specific commands in command line interfaces, to graphical user interfaces (GUIs), to touch-based interfaces. Virtual assistants (VAs) are the next step in this evolution, and they present new privacy challenges. These assistants, such as Siri (Apple), Alexa (Amazon), Cortana (Microsoft), or simply ‘Google’, are designed to respond to your spoken or written commands and take some action. Such commands let you place phone calls, order a car service, book a calendar appointment, play music or buy goods.

The use of these assistants is on the rise: a 2015 Gartner study found that 38 per cent of Americans had used a virtual assistant in 2015 and that two-thirds of customers in developed markets would use them daily in 2016. The most commonly-used VAs are voice-based, however, much of the presented information also applies to text-based VAs.

Read the rest of this entry »


10 Feb 2017

Privacy Tech-Know Blog: The actual privacy benefits of virtual private networks


Virtual Private Networks (VPNs) let you establish a secure communications channel between your computing device and a server. After connecting to the server, you could gain access to a private network that has work files or applications, or use the server as a relay point to then access Internet content when browsing from a public network.

There are several reasons for using a VPN: you might need to remotely access information held on corporate servers while travelling or working from home; you might be wary of the insecure wireless networks you’re using; or you might want to access online content that’s blocked on the network you’re connected to but is accessible from the server somewhere else. Sometimes a company will require you to use a VPN, meaning the company will dictate the security and type of VPN you use (for example, your employer). Whereas when you make a consumer decision to use a VPN you’re responsible for making these decisions on your own.

In the wake of Edward Snowden’s revelations, a large number of consumer VPN providers have sprung up, and security experts now often suggest that you use a VPN when accessing the Internet from an insecure network (e.g., a café, public library, or other free Wi-Fi hotspot). This blog post will help you understand what to look for when choosing between different VPN services.

Read the rest of this entry »


8 Dec 2016

Privacy Tech-Know Blog: Uniquely You: The identifiers on our phones that are used to track us


techblog-uniquelyyou

Canadians’ mobile devices are filled with applications that collect personal information, including identifiers that are engrained into different parts of the devices. But what exactly are these identifiers, and how are they used?

An identifier is a piece of information (usually a sequence of characters) that’s used to uniquely identify a device, a user, or a set of behaviours taken on the device. Mobile identifiers constitute privacy-affecting technologies because they can be used to correlate an individual’s various activities while using a phone, tablet, or other connected device, and they support the linking of devices with actual persons.

Our mobile devices are filled with identifiers that uniquely label different components and behaviours. The radios and other physical hardware, operating systems, applications, and even web browsers are all rife with identifiers that can uniquely identify the device, the person using the device, or the behaviours of the user. And while these identifiers are typically meant to serve a useful purpose, the user is often unaware that these identifiers exist or how they’re collected and used. We will outline several of the most prominent identifiers associated with mobile devices and their significance for privacy.

Read the rest of this entry »


9 Nov 2016

Privacy Tech-Know Blog: Pay me to regain access to your personal information! Ransomware on the rise


business growth 1

Ransomware is a type of malicious software (malware) which, when installed on a device or system, prevents access to that device, or that device’s content or applications. Once installed and operational, the malware prompts you to pay a ransom to restore full functionality to the device. Personal or sensitive data have been targeted with ransomware, or accessed when attackers were rifling through organizational computers or networks. In fact ransomware has affected a range of devices, including those running Windows, OS X, and Android, and has affected healthcare providers, police services, public schools, universities, and various types of businesses, in addition to individual consumer users. It’s an increasingly prevalent issue, with Symantec estimating that Canadians were affected by over 1,600 ransomware attacks a day in 2015.

Read the rest of this entry »


22 Sep 2016

How fit is your gadget? Putting web-connected health/wellness devices through their privacy paces


Smart TVs . . . Fitness trackers . . . Automated thermostats . . . Self-driving cars . . .

The Internet of Things is the next frontier in digital technology which is why the Global Privacy Enforcement Network focused its 2016 Privacy Sweep on this emerging market. Sweep participants were especially interested in how companies communicate their personal information handling practices.

Given the sensitivity of the information that health and wellness devices, as well as their associated apps and websites, are capable of collecting, the Office of the Privacy Commissioner of Canada (OPC) focused its Sweep on 21 devices ranging from smart scales, blood pressure monitors and fitness trackers, to sleep and heart rate monitors, a smart breathalyzer and a web-connected fitness shirt.

The choice of devices dovetails with one of our four strategic privacy priorities—the body as information. Identified as an important area of focus during a priority-setting exercise that culminated in May 2015, the body as information refers to the mounting privacy concerns related to highly sensitive health, genetic and biometric information that is being used by organizations and governments in all sorts of new ways.

During the Sweep, our Sweepers—aka OPC staff—put the products to use to see first-hand what information the devices requested, compared to what privacy communications said would be collected. In some cases, they followed up with specific privacy questions for the companies.

Below is a brief assessment of how the devices stacked up.

Read the rest of this entry »


19 Sep 2016

Children’s Privacy Sweep yields positive changes


So whatever happened with that Children’s Privacy Sweep, you ask?

Before we delve into the results of the 2016 Internet of Things Sweep—look out for them very soon—we thought we should update you on the outcome of our discussions with developers behind the mobile applications (apps) and websites we raised concerns about in a blog post and/or letters issued last fall.

Read the rest of this entry »


27 May 2016

Required reading for email marketers: a case study in how not to collect and use e-mail addresses


1-shutterstock_66401092%20-%20spammail

Our Office recently concluded an investigation that has resulted in two important firsts along with some key lessons learned for businesses conducting e-mail marketing.

The investigation represents our first action taken under the “address-harvesting” provisions of the Personal Information Protection and Electronic Documents Act (PIPEDA) introduced by Canada’s anti-spam law (CASL).   It also resulted in the implementation of our first compliance agreement, a new tool made possible by changes to PIPEDA introduced by the Digital Privacy Act.

Read the rest of this entry »


11 May 2016

Mending the consent model: A call for solutions


ReadingPrivacyPolicies

We all encounter scores of user agreements when we go online. Do you read the full terms and conditions governing your use of a site, or do you just hit the “I accept” button and surf on?

If you were to read everything, research suggests you’re spending more than 10 full, 24-hour days of your life every year, immersed in privacy policies and related legalese. If you’re more inclined to skip that stuff and hit “OK”, then know that you’re explicitly allowing the organization to collect, use and share your personal information, exactly as it said it would in that fine print you ignored.

Providing meaningful consent is a cornerstone of Canada’s federal private sector privacy legislation.

Read the rest of this entry »