Archive for the ‘Internet’ Category

16 Dec 2011

Drawing the line between monitoring and tracking


Given the time of year, many Canadians are spending time in malls. 

By now, most have come to terms with the fact that security cameras survey nearly every corner of every store. 

This is well known – and if stores obey Canada’s private sector privacy law, they provide notice.

In short, if you’re out shopping, you’re informed that you’re on camera.

But now, how would you feel if there were people on the other side of the cameras, not simply monitoring to see what you might steal, but instead keeping tabs on the specific stores you visited … of the specific brands, styles, colours and sizes of clothes you tried on … on the magazines you leafed through at a newsstand … of what exactly you ordered from the food court … in addition to everything you actually bought from stores during your visit?  

Copious notes would be recorded throughout and filed upon your exit. 

Upon returning, you would be recognized and new data would be entered into your file accordingly.

This may sound far-fetched, but something similar is happening regularly to eight in 10 Canadians aged 16 and older, according to Statistics Canada’s latest figures.

While it’s not actually happening to people browsing in malls, it is happening to most anyone browsing online, through a practice called behavioural advertising.

Online advertising used to consist of mini billboards that came up for everyone who visited a certain page or made a particular search query.

Today, increasingly, ads are based on profiles compiled on us by tracking our browsing activity over time. 

It’s usually carried out by third-parties who follow users via cookies or web beacons.

These effectively lay a trail of digital bread crumbs which are tracked and analyzed to determine your interests based on where and what you click and, in turn, what ads may interest you which are effectively “beamed” onto pages upon your visit.

Some people appreciate ads being tailored to them.

Others might feel like they’re browsing in that earlier-described mall.    

Either way, the information involved in this practice can identify individuals and will generally constitute personal information under Canada’s private sector privacy law.

As a result, individuals must be made aware of what’s happening when they browse and provide meaningful consent. 

If you were unaware of this practice, you’re not alone. In general, to find out you’re being tracked, you need to dig down deep into a typical website’s lengthy, legalistic privacy policy.

To be fair, this is a fairly new practice in the still evolving digital world. Some advertisers are making an effort to inform users and many may be unsure how to ply their trade in compliance with privacy law.

For example, what constitutes meaningful consent?

This is why my Office has just released a new guidance which explains that “opt-out” consent may be used so long as some conditions are met.

First, individuals must be:

  • made aware of the purposes for the practice in a manner that is clear, obvious and understandable.  In other words, one shouldn’t have to hunt for it;
  • informed of these purposes at or before the time of collection and should be provided with information about the parties involved in the advertising; and
  • able to easily opt-out of the practice, ideally at or before the time the information is collected.

In addition, the opt-out should both take effect immediately and be persistent, while the information collected and used:

  • must be limited, to the extent practicable, to non-sensitive information (for example, avoiding sensitive data such as health information); and
  • should be destroyed as soon as possible or “anonymised,” so if someone gains access to it through say hacking, it can’t be used to identify specific individuals.

Further, the use of tracking techniques of which users are unaware and can’t decline such as web bugs, web beacons and super cookies in the current context of behavioural advertising should be avoided.

On top of this, websites specifically aimed at kids should not allow tracking for behavioural advertising, as it is difficult to obtain meaningful consent from children. 

Attention to this is needed as a recent report noted 40 percent of kids aged two to four have used a smartphone, tablet or video iPod.

All told, in the months to come, we’ll be watching the watchers to see that our guidance is being followed. 

And if we see troubling trends, we’ll take enforcement action.


14 Nov 2011

Is anything of value ever truly free?


Many people would tend to think of Internet content as being free.

And indeed, we can spend seemingly endless hours reading online news articles and watching Youtube videos, all without handing over a penny.

But is there a cost?

One might say that depends on how much you value your privacy.

One thing beyond dispute however, is the fact that advertisers see immense value in the data trails we create when surfing the web.

Our IP number can reveal the city or region in which we live.

Our web traffic can provide a pretty strong sense of what we’re interested in, particularly if it shows we travel to the same sites regularly or even daily.

All this to say, once a site you visit provides you with a cookie, advertisers follow the trail of crumbs.

In the end, they target and tailor ads to your perceived interests which appear on various sites you visit.

Some may see benefits in this as they’d prefer being offered products and services that do indeed correspond to their interests.

Others may chafe at the thought of being ceaselessly monitored.

For anyone who wants to learn more about behavioural advertising, I invite you to click here to read our latest fact sheet.

And stay tuned. You’ll be hearing more from us on this in the weeks to come in the form of new information for organizations


5 Oct 2011

Lost in the “cloud?” Our new fact sheet can help clear things up!


Over the last few years, the word “cloud” has been given new life. 

At one time, it was associated with blocking out the sun or bringing rain. 

Today it’s become synonymous with providing access anywhere, anytime to the photo-sharing, email and social network accounts of individuals and cutting IT infrastructure costs for businesses.

Put simply, cloud services allow users to access data over the Internet which is stored or hosted on third party servers. In other words, the third party stores it so you can spare your hard drive additional burden. 

As the use of cloud computing services increases, my Office has developed a fact sheet answering questions you may have on the privacy implications of this growing trend.

For example:

  • What are the security risks (and/or benefits) of cloud services?
  • How does Canada’s private sector privacy law apply to such services?
  • May the laws of countries where data is hosted apply?

All in all, whether you’re a small business owner weighing the pros and cons of a cloud service to store customer or client data, or if you’re considering an affordable, less memory-taxing way to store your family photos, I encourage you to give it a read, by clicking here. 

And stay tuned, because our Office is also preparing some words of advice specifically for small – and medium-sized enterprises considering using cloud services which will be available in the coming months.


26 Sep 2011

Privacy: Let’s see what they think!


We’re launching our fourth annual My Privacy & Me Video Contest, where students aged 12 to 18 show us what they have to say about privacy.

To participate, we’re asking them to create their own video public service announcements about privacy issues related to any one of these four categories:

  • mobile devices;
  • social networking;
  • online gaming; or
  • cybersecurity.

All contest details can be found here.

Entries must be submitted by teams of one or two people. Schools may submit up to 10 different videos. (If a school has more than 10 videos to submit, we suggest a contest be held within the school to select the 10 best submissions for this contest).

First-place winners in each category will receive a $350 gift card, second-place winners will receive a $200 gift card, and third-place winners will win a $100 gift card. The deadline is Wednesday, Feb. 1, 2012 at noon ET.

For inspiration, we encourage teams to watch the 2010 winning videos. Then, power up their video cameras, and show us what they have to say!


9 Sep 2011

OPC Unveils New Youth Privacy Tool


The Office of the Privacy Commissioner of Canada is launching a new youth privacy tool that will help teachers and community leaders talk with younger Canadians about their privacy online.

The tool launched today is called Protecting Your Online Rep and comes right in time for back-to-school. It offers people who work with youth all the information necessary to provide an engaging and effective presentation in their own school or community.

The package includes a PowerPoint presentation with detailed speaking notes for each slide, along with class discussion topics, for Grades 9 to 12 (Secondary III to V in Quebec). Educators and others interested in delivering the presentation can find the package here.

The goal of the new tool is to teach young people that technology can affect their privacy, and to show them how to build a secure online identity and keep their personal information safe.

Link to news release


8 Aug 2011

Insights on Privacy – Youth Privacy


Do youth care about privacy? We will explore this question on September 8, 2011, when our Office holds its next Insights on Privacy armchair discussion.  We have invited two experts on young people’s use of social media, Kate Raynes-Goldie (@oceanpark) and Matthew Johnson (@MFJ72) to talk about what privacy means to youth and how we can help youth preserve their privacy by promoting digital literacy skills.

Kate Raynes-Goldie is completing her PhD in the Department of Internet Studies at Curtin University of Technology. Her current research explores Facebook privacy issues by combining a study of the ideologies that drive the site’s privacy architecture with a nuanced look at user understandings and practices. Kate is also a Research Associate at Ryerson University’s EDGE Lab, where she is researching privacy, autonomy and social media for children.  She is the founder of PrivacyCampTO, Canada’s first privacy unconference. 

As Director of Education with Media Awareness Network, Matthew Johnson creates resources for educators, parents and community groups. He is the designer of MNet’s comprehensive digital literacy tutorials Passport to the Internet (Grades 4-8) and MyWorld (Grades 9-12). Matthew also writes the Talk Media blog, one of the most popular sections of the MNet Web site.  He has given presentations and interviews to parents, school, community and industry groups on topics such as the effect of media violence on children, video game addiction, alcohol advertising, children’s use of new media and the moral dimensions of computer games.

This event is the fifth in a series hosted by the OPC to shed light on experts doing new and thought-provoking work in the field of privacy.

To participate:

We are inviting full participation in this discussion. For those of you who attend the session in person, we will be asking for questions from the audience as well as inviting you to tweet the content using the #privtalks hashtag.

If you are unable to attend the session in person, and would like the speakers to address a particular aspect of this topic, please send your question to knowledge.savoir@priv.gc.ca by September 2nd and we will try to incorporate it in the issues we cover.

The video of this event will be made available after the presentation, as we’ve done for previous Speakers Series events.

Space is limited and is available on a first-come, first-served basis. Please RSVP before September 6th, 2011. Simultaneous interpretation for both official languages will be available.

When: 2:00-4:00 p.m. Thursday, September 8, 2011
Where: Minto Suites Hotel, 185 Lyon Street North, 2nd Floor, Salon Vanier/Stanley

RSVP: knowledge.savoir@priv.gc.ca


20 Jul 2011

Young Canadians in a Wired World – Phase III is Here!


The Media Awareness Network, benefactor of the Office of the Privacy Commissioner’s Contributions Program, has launched the third Phase (Phase III) of its ongoing study, Young Canadians in a Wired World (YCWW). This third phase is a crucial element to the project, as it will shed a more distinct light on the need for online education resources in classrooms and communities.

The study is the most comprehensive and wide-ranging study of youth internet use in Canada. The project tracks and investigates the behaviours, attitudes, and opinions of Canadian children and youth with respect to their use of the Internet. There have been two previous phases over seven years. The first comprised of telephone interviews with parents, focus groups with parents and children and quantitative research findings from a national school-based survey of 5,682 students in grades 4 – 11. The second stage includes qualitative research findings from focus groups with parents and young people aged 11 – 17, and quantitative research findings from a national school-based survey of 5,272 students from grades 4 – 11. You can find more information on these first two phases here.

MNet’s research has gathered a wealth of information about the online activities of Canadian youth, and has raised a number of privacy issues that require society’s attention. Perhaps most importantly, the research has highlighted the importance of education as a key response in helping young people make smart and informed online decisions, as well as stay safe online.

The third phase in MNet’s research will help inform public policy and support the development of relevant digital literacy resources for Canadian homes, schools, and communities. MNet has already begun implementing the new research through various interviews and focus groups. Phase III of the research project is scheduled to be completed in 2012, finishing with a nation-wide field study of a representative sample of Canadian students and teachers.

Stay tuned for more updates about this exciting endeavour.

For more information, please contact Francois Cadieux at Francois.Cadieux@priv.gc.ca.


3 Jun 2011

Insights on Privacy – Privacy, Surveillance, and Public Safety


On June 23rd, 2011, the Office of the Privacy Commissioner is holding the fourth Insights on Privacy armchair discussion. We heard in April about opportunities for privacy in the design of intimate devices that we share our lives with every day, like smart phones, and the sensor-rich landscape that’s upon us.

To complement this talk, we’ve invited David Murakami-Wood and Craig Forcese to examine the privacy risks in a society that is placing its citizens under greater surveillance with each passing year.

David Murakami Wood is an Associate Professor in the Department of Sociology at Queen’s University and holds a Canada Research Chair (Tier 2) in Surveillance Studies. Until August 2009, he was Reader in Surveillance Studies in the Global Urban Research Unit at Newcastle University in the UK. He had an ESRC Research Fellowship for a project called Cultures of Urban Surveillance, which looked at the globalization of surveillance in different global cities. David is a member of The Surveillance Studies Centre at Queen’s and is part of The New Transparency research initiative. He is also Managing Editor of Surveillance & Society, the international journal of surveillance studies, and a founder-member of the Surveillance Studies Network.

Craig Forcese, LL.M, has been an Associate Professor in the Faculty of Law at the University of Ottawa since 2003. Previously, he practiced international trade law with Hughes Hubbard & Reed LLP in Washington D.C., representing clients in proceedings before the U.S. Department of Commerce, the U.S. International Trade Commission, the U.S. Trade Representative, and the World Trade Organization. He also served as a law clerk for Mr. Justice Andrew MacKay at the Federal Court of Canada. Craig is the author of a number of books on law and national security, and a frequent blogger.

To participate:

If you are unable to attend the session in person, and would like the speakers to address a particular aspect of this topic, please send your question to knowledge.savoir@priv.gc.ca by June 20th and we will try to incorporate it in the issues we cover. You are also invited to tweet the content using the #privtalks hashtag, whether attending in person or not.

The video of this event will be made available after the presentation, as we’ve done for previous Speakers Series events.

Space is limited and is available on a first-come, first-served basis. Please RSVP before June 20, 2011. Simultaneous interpretation for both official languages will be available.

When: 2:00-4:00 p.m. Thursday, June 23, 2011
Where: Minto Suites Hotel, 185 Lyon Street North, 2nd Floor, Salon Vanier/Stanley

RSVP: knowledge.savoir@priv.gc.ca


6 Apr 2011

Privacy and network education


Last month, our Office was invited to participate in a youth privacy conference hosted by the American Library Association (ALA). The ALA’s Office for Intellectual Freedom has been focused on the issue of libraries and privacy awareness for the last three years, thanks to a grant from the Open Society Institute.  They plan to focus their efforts in 2011 on developing strategies for how best to deliver the privacy message to young people and see libraries as ideal places for youth to learn about privacy. They brought together privacy advocates, policy experts, librarians, educators, and our Office to pick our brains on how to best achieve this.

Their keynote speaker was Cory Doctorow of BoingBoing, who gave a very engaging talk via Skype where he advocated for network education – an approach we’ve discussed in this blog before.

He argues for the development of critical thinking skills, and defines the goal of youth privacy initiatives as  “A future where ‘why do you need to know this?’ is the default position when someone asks our kids to disclose information.”

He gave a similar talk at TEDx Observer recently on privacy and kids – worth watching:


4 Apr 2011

OPC Hosts International Group – Monitoring Risks and Highlighting Opportunities


Our Office is pleased to be hosting the 49th meeting of the “Berlin Group”, more formally known as the International Working Group on Data Protection in Telecommunications, which takes place today and tomorrow, in Montreal. This is the first time that this Group has met in Canada. Participants in the meeting, representing more than 20 international data protection and privacy authorities, will be focusing on privacy-related topics such as electronic payments, vehicle event data recorders and locational privacy.

The Berlin Group was established in 1983 by the Berlin Commissioner for Data Protection and Freedom of Information. The Group has, through its continuing examination of the data protection and privacy implications of telecommunications-based systems and services, developed into what the current Chairman and Berlin Commissioner, Dr. Alexander Dix, refers to as “an early warning system monitoring the risks arising from new technological developments, but at the same time, highlighting the opportunities of a privacy-friendly network architecture”.

The Group takes a very inclusive approach on what constitutes a telecommunications-based system or service. Over the years, this has resulted in a detailed examination of a broad range of subjects, everything from search engines and location-based services to social network services and road pricing systems.