Columns

Is Bell’s Plan to Monitor and Profile Canadians Legal?

Last week, Bell announced plans to implement new consumer monitoring and profiling practices that would greatly expand how it uses the information it collects on millions of subscribers. The planned scope of Bell’s profiling is unprecedented in Canada, reflecting the power of a vertically-integrated media giant to effortlessly track their customers’ location, media habits, search activity, website interests, and application usage.

My weekly technology law column (Toronto Star version, homepage version) notes the Bell plan generated a significant public backlash with the Privacy Commissioner of Canada launching an immediate investigation. Yet the company steadfastly defended its plans, saying that users are supportive of the new policy and maintaining that it is fully compliant with Canadian law.

Given that many of its customers purchase bundled Internet and wireless services, the magnitude of the profiling extends to virtually all media and communications activity. Bell acknowledges that it will be tracking seemingly everything about their customers: which websites they visit, what search terms they enter, what television shows they watch, what applications they use, and what phone calls they make. Moreover, all of that data will be correlated with additional data points such as location, age, gender, and even bill payment practices.

Bell says it intends to use the data in several ways. First, it will begin to use targeted advertising to its customers by using its detailed consumer profile. The default for the company is that all consumers will be profiled and targeted. If consumers don’t want to receive these targeted ads, Bell will force them to opt-out. Second, Bell says it will aggregate its data to sell to other businesses and marketing companies so that they can use the Bell network usage for their own purposes.

Bell insists that its monitoring and profiling plans are legal, claiming that it followed “every guideline” released by the Privacy Commissioner of Canada. However, the upcoming investigation is likely to focus on whether its use of an opt-out system meets the legal standard.

Last year, the Privacy Commissioner released online behavioural advertising guidelines that permit the use of an opt-out approach in some circumstances. The guidelines may not govern here, however, since they explicitly do not apply to advertising in a mobile context.  

In fact, the guidelines also emphasize that opt-outs can only be used if the information is non-sensitive. Given the breadth of data – which includes locational information, payment records, and profiles on interests and media activities – it is hard to see how it can be fairly characterized as non-sensitive. Rather, to ensure compliance with the law, Bell should be adopting an opt-in model, where its customers are only subject to monitoring and profiling if they proactively make that choice.

The legal concerns with the Bell profiling plan are not limited to the private sector privacy law. The Canadian Radio-television and Telecommunications Commission’s policy on Internet traffic management states that Internet providers are not permitted to use personal information collected for managing their networks for other purposes. If Bell is obtaining some of the profiling information through the deep-packet inspection of customer Internet use, the plan to use the information for profiling purposes would appear to violate the CRTC policy.   

Not only does the Bell profiling plan raise privacy law concerns, but customers are rightly concerned that their profile may be disclosed to law enforcement without a court order.  The law currently permits disclosures as part of a law enforcement investigation without court oversight (though an ISP can refuse the disclosure if there is no warrant). In the past, Bell has not committed to requiring law enforcement to obtain a court order before it discloses information.

Online behavioral advertising may be increasingly common, yet the Bell profiling and monitoring plan extends far beyond what virtually any other company could collect. That may prove appealing to advertisers, but millions of Bell customers may oppose efforts to extensively track their location, online activities, payment practices, and media habits.

Tags: /

20 Comments

  1. Eric Goodwin says:

    HTML Injection?
    There are huge privacy concerns raised by storing and selling this information but my first thought goes to the implication that they’ll be injecting ads into sites as users browse the web.

    Principles of network neutrality make things that break or alter the internet quite unfavourable. DNS redirection and injecting or altering ads as people access the web are pretty egregious violations in my books. I sure hope this whole plan is crushed by existing or forthcoming legislation.

  2. Invasion of Privacy
    Their customers are already paying for a service so I don’t understand the need to target them with ads except to make more money. I don’t trust their security or their intentions with this. Sounds like this is ripe for misuse by Bell, the authorities and 3rd parties.

  3. Because you can doesn’t always mean you should.
    Perhaps it’s legal but is it ethical? Customers need to be treated with respect and not as a commodity.

  4. Have a look at this…
    Have a look at the link to the privacy commission previous investigation and report into DPI. My how things change a few short years later – from using DPI to “shape” network use, to now using it to spy on users (as they said they had no intention of doing).
    Guess the lure of big $$$ was too tempting. This is why the use of DPI should be banned, period. It’s for one thing today… Door is open to something much more insidious tomorrow.

    https://www.priv.gc.ca/cf-dc/2009/2009_010_rep_0813_e.asp

  5. How will it be implemented?
    Like Eric Goodwin above I’m worried as much about how it will be implemented as with what they’re going to collect and what they’re going to do with it.

    On the one hand I like targeted advertising, it’s more effective, therefore cheaper, therefore prices go down (all in theory of course).

    But since Google and presumably the others too already ban ad-blockers in their app stores I’m pretty sure they won’t allow Bell to cut into their ad stream. So it will have be done with the cooperation of Apple, Google, Microsoft, etc. So all our sensitive personal data is going to get shipped across the border where Canadian privacy laws no longer apply.

    To say the least, this is insane!

  6. Bell consistently puts its desire for profit above the service and well being of its customers. Every company does this to some degree but Bell seems to have perfected it.

  7. remember the days..
    Anyone else remember those disks you used to get from places like Burger King, that gave you _FREE_ internet via dial-up so long as you were willing to be subject to advertising… now we are expected to pay for that too?

  8. Keep the momentum
    It seems like momentum on this issue is already waning… Sad really.
    In order for this insane plan to be thwarted, we need growing public outrage-not less!

    There is little difference (in this scheme) to listening in on voice calls; yet, I suspect there would be tremendous public outcry if that were the plan. Fact is, data monitoring is even more invasive. Wake up Canada!

  9. “If Bell is obtaining some of the profiling information through the deep-packet inspection of customer Internet use, the plan to use the information for profiling purposes would appear to violate the CRTC policy.”

    “Deep packet inspection” is a euphemism for WIRETAPPING. s.184 (and related) of the Criminal Code states that without consent this is illegal.

  10. Ding Dong Gone says:

    My wife just agreed that we can cancel our last remaining Bell Service
    I left Bell Mobility for good three years ago. I never subscribed to their Internet or Satellite TV services. I have been wanting to dump their land line service for two years and this morning just moments ago when I informed my wife of this latest stupidity from them she said call them up and cancel and she was once an employee!

    Free at last…free at last 🙂

  11. Even the collection and selling of online stats maybe illegal in Canadian copyright law, and may jeopardize the ISPs neutral status, let alone injecting ads to online content:

    http://jkoblovsky.wordpress.com/2013/11/01/bell-canadas-data-grab-may-shift-isp-liability/

  12. old times
    Does anyone here remember the good old times when sympatico mail was residing on Bell’s servers, and they also gave you a small but useful web server space with it? Well, had they not decided to outsource the e-mail service to MS (in 2004), they would now have had a technically and legally justified reason for keeping copies of your mail and web pages on their servers lol

  13. I worked for Bell Indirectly…
    Through The Source.
    The single most important thing was to get people on contracts. They didn’t give a damn that I sold items all day with a 70% GPM and more extended warranties (pure profit) in the entire district, they wanted contracts, contracts, contracts! Now it doesn’t take a rocket scientist to figure out “data mining” activities.

  14. Sucked in by Bell
    A full invasion of privacy
    I am a 3 year cell contract holder with Bell and find their service in my area to be very poor. Have tried to resolve it and I call them, they tell me to go to the local store which does not fix problem. Then back to calling Bell again. It just goes in a circle. Nor will Bell reduce their rate for poor cell service.

    Now they want to gather all my private information and sell it? And I cannot even Opt-Out? They can bypass the laws in this country and neither the CRTC or Privacy Commission can do anything. Where are our elected officials?

  15. Quit BELL!
    I got rid of all Bell services then built a new home and didn’t even install a trench or line for Bell now or in the future from the pole. Will NEVER touch anything to do with Bell ever again after all of the problems I had with them like paying for a an unlisted number for years only to keep getting phone calls because they were still selling our unlisted number to several “local” phonebook publications to be printed. Then they kept charging me money after cancelling… trying to get them to finally get my account to a 0.00 balance took months eventhough they owed me money because they said they would credit me because they were selling my unlisted number by accident(which they admitted was a bug in their system and had happened to other customers as well)!

  16. This just pisses me off to no end
    I head about this briefly today on CBC radio and then went to the bell site to look this up. This steams my ass to no end. They have no business doing DPI on my connection, nor do they have any business trying to screw around with DNS and other stuff to try and inject ads they want me to see instead of the ads that should be seen by the websites I choose to visit and support.

    Could bell also in violation of contracts between me and another website because they are changing the ads that get seen?

  17. Household Privacy Issues
    A big issue I see is that Bell has no idea which household member is using the service at any time. It could be an adult, child, husband, wife or visitor.
    Thus any behavioural advertising leaks privacy to other household members. One should not neglect the potential harm this could do.
    The account owner may opt-in but this would violate the rights of other household members.
    Thus even opt-in is illegal and the entire scheme must be scrapped.
    And thus there is no argument for the tracking either.
    This MUST be stopped.

  18. I agree…
    Yes, the plan should be stopped… however, I don’t beleive Bell will simply “do the right thing”… they will continue to go down this road as long as it is profitable. Either that, or they want to get sued?

    Anyway, vote with your wallet and drop all Bell services, for as long as this nonsense continues. If you are in a contract FIGHT HARD, bring up CCTS, PIPEDA, consumer protect act, etc. and if you are a “squeaky” enough wheel, they will likely be glad to relase you from the contract without penalty… if nothing else just to stop you from phoning and complaining to their staff for an hour every day 😉

  19. No updates?
    I’ve been looking at http://www.priv.gc.ca and http://www.crtc.gc.ca, but there are no updates on this matter.
    I’ve asked Bell’s Privacy Ombudsman (Bill Abbott) about how exactly Bell is going to serve those “relevant ads”, but so far no reply.
    In the case of mobile phones, are they going to send annoying text messages?
    How exactly are they going to target consumers with those ads?
    Are they going to tamper with the HTML content to insert ads? (in the case of browsers)

    The only way to collect the data Bell is specifying is by storing all URLs (ALL).
    That means that if a website is using query strings as HTTP parameters (without POST) then everything you submit will be stored – even data that is supposed to remain private. (in a sense…)
    It’s obvious that using query strings to interchange private info is a bad practice, but that’s something out of our control.

    So, anytime we connect to the internet (home, mobile) every http connection / URL will be stored by Bell, whether we like it or not.
    And, for Bell to push those “relevant ads”, each one of those URLs will be associated to our Bell accounts.

    And that is just not acceptable – clearly violating our privacy.
    As already discussed, opting out only works for those “ads”, there is no option to opt-out for the data collection.

  20. Good
    H&K jewelry is a major jewelry manufacturer and exporter in China. Our main products are 925 sterling silver jewelry,316L stainless steel Jewelry,Brass jewelry.We have creative designs of ring earring, pendant, bracelet, necklace, opal jewelry, pearl jewelry.
    http://www.hkjewel.com
    http://www.hkjewel.comStainless Steel JewelryStainless Steel EarringStainless Steel NecklaceStainless Steel PandentBraceletSetSilver JewelryBrass Jewelry