Police telephone by Marcin Wichary (CC BY 2.0) https://flic.kr/p/4nidee

Police telephone by Marcin Wichary (CC BY 2.0) https://flic.kr/p/4nidee

Columns

Why the New Canadian Telecom Transparency Rules Fall Short

Canadians have become increasingly troubled by reports revealing that telecom and Internet companies receive millions of requests for subscriber data from a wide range of government departments. In light of public concern, some Internet and telecom companies have begun to issue regular transparency reports that feature aggregate data on the number of requests they receive and the disclosures they make.

The transparency reports from companies such as Rogers, Telus, and TekSavvy have helped shed light on government demands for information and on corporate disclosure practices. However, they also paint an incomplete picture since companies have offered up inconsistent data and some of the largest, including Bell, have thus far refused to come clean on past requests and disclosures.

My weekly technology law column notes that the Privacy Commissioner of Canada released a report last week that showed that all transparency reports are not created equal. For example, TekSavvy has provided information on the content of the disclosures, the number of accounts affected, and instances where users were notified. By contrast, companies such as Rogers, Telus, Allstream, and Wind Mobile have not disclosed this information, offering more limited data.

In an effort to create greater uniformity in transparency reporting, Industry Canada has just released new transparency reporting guidelines. The government states that it has released the guidelines “to help private organizations be open with their customers, regarding the management and sharing of their personal information with government, while respecting the work of law enforcement, national security agencies, and regulatory authorities.”

While the Privacy Commissioner of Canada lauded their release, the guidelines raise several significant concerns.

First, for rules purporting to enhance transparency, their development was surprisingly secretive. The Privacy Commissioner states that they were developed in consultation with the government and “industry stakeholders”, yet the public and privacy groups appear to have been excluded from the process. Given the importance of guidelines that are fundamentally about the rights of the public to know when their personal information is being disclosed, a secretive, exclusionary process badly taints the final result.

Second, the guidelines effectively create new limitations on the transparency where previously none existed. For example, TekSavvy’s transparency report provides specific aggregated number of disclosures (e.g. 52 requests for data on customer usage of devices in 2012 and 2013). The government guidelines prohibit specific disclosures where the number is less than 100, requiring companies to instead present a range of 0 – 100.  The result is less transparency, not more. Moreover, the guidelines prohibit regional information (it must be Canada-wide) and their release must be delayed by at least six months from the time of the original request.

Third, the limits on transparency come without an appropriate regulatory or legal process. The government could have addressed the issue of transparency reporting within the Digital Privacy Act, which recently received royal assent. Indeed, the issue was repeatedly discussed during committee hearings. Yet by adopting a closed-door, non-transparent approach, the government has pushed new limitations on Internet and telecom companies without the opportunity for public comment or debate.

Fourth, disclosure under the guidelines is not mandated as the government has been careful to note that disclosure is merely an option. However, the law requires organizations to be open about their privacy practices, which arguably would include transparency reporting on personal information requests and disclosures.  Further, individuals are entitled to demand that companies provide access to their information file, including details on how their personal information is used and whether it has been disclosed. By emphasizing the voluntary nature of the guidelines and declining to establish a clear legal requirement, the government may have actually weakened corporate transparency obligations.

Canadian companies have been slow to respond to the increased demand for greater transparency in how their personal information is collected, used, and disclosed. The new guidelines represent a good first step in standardizing the public data, but they ultimately fall short due to a secretive process, new limits on disclosure, and the absence of an unequivocal requirement to keep the public informed.

10 Comments

  1. ~Yawn~ Harper government/secretive back-door meetings/corporate America and law-enforcement/excluding real stake holders like actual Canadian people.

    I’d like to hear something new for a change.

    Actually, I’d like a government that actually represents the people and not the corporations and Stormtrooper law enforcement efforts.

  2. Just like in the US, telecoms are now prohibited from telling people whether or not they got zero requests. Now it must be part of a range 0-100.

    Who is the government looking out for, exactly?

  3. It has been 2 years for me and my family dealing with the privacy commissioner of canada and they are still refusing to help us get any of our information from the Harper government. We just hope when a new government comes to power they will decide to release our information the Harper government is refusing to give to us. We are not holding our breath.

  4. Interesting how the telecom transparency project has back fired regarding governing policy. What would anyone expect from a government hell bent on getting info from teleco’s? Anyone with half a brain could see the end result of this here. Seems this project has been more of an attempt to promo Teksavvy than anything else.

    “Given the importance of guidelines that are fundamentally about the rights of the public to know when their personal information is being disclosed, a secretive, exclusionary process badly taints the final result.”

    As I recall, not ONE Telecom provider has given a definite answer to those users who questioned them about their information being disclosed to law enforcement. All teleco’s dodged the issue. Transparency is one thing, privacy is another. Don’t get the two mixed up. Teleco’s don’t care about their users privacy!

  5. The only problem here is not one of transparency (or lack thereof) but the fact that some people still think there is something called privacy. So, any “rule” that governs how you should/could be informed as to your information that has been passed along to someone else really doesn’t matter. It has been passed along and there is nothing you can do about it. Everything about you is being processed, used and turned into cash. Get over it or get unplugged. I don’t see how being told that will change the fact that it happened.

    • The problem isn’t that some people still think we should have the right to [online] privacy, it is that many people seem to think it is acceptable that we currently live in a world with little to no [online] privacy.
      So these people need to stop being so fatalistic about the end of privacy and start standing up for human rights. Make an effort to support the people and organizations that fight for your rights.
      Privacy online is far from a technical impossibility, it just takes the populace to apply a lot of pressure on the organization/governments that have a vested interest in no online privacy. After all, the people behind these organizations/govs are far fewer then the remainder of the populace in any Country, so it should be easy to take back our rights if the majority of the populace would just realize it is a good thing to get their privacy rights back.

      Easy, right.

  6. looters will be shot on sight.
    managers, downloaders and the rabid will object.

    The survivors will be shot again.
    privacy, property and freedom of info evolve….

    the ‘secret’ files say you’re a druggie terrorist molester,
    predictive software calls you a danger.

    but it was being run on them, right?
    right?
    right?

    packrat2

  7. Austin Powers says:

    @pat donovan

    Saul, is that you?

  8. Pingback: Canadian Transparency Publications | Technology, Thoughts & Trinkets