Text: Small Text  Normal Text  Large Text  Larger Text
  • Columns
  • Prime Minister's Privacy Policy Requires a Re-Write

Blog Archive

PrevPrevApril 2014NextNext

Prime Minister's Privacy Policy Requires a Re-Write

PDF  | Print |  E-mail
Tuesday July 31, 2012
As public concern over Internet privacy has grown in recent years, one of the first responses is invariably to focus on the need for improved disclosure through easily accessible website privacy policies. The policies provide information on how personal information is collected, used, and disclosed to third parties.

While few visitors read the policies from start to finish, it is important for websites to ensure that they are accurate, since misleading statements can lead to liability. My weekly technology law column (Toronto Star version, homepage version) notes the need for accuracy is particularly true if you're say, the Prime Minister of Canada. Yet a reader recently noticed that the Prime Minister's Office website may be incorrectly stating its use of cookies, which are small files that may be placed on user's computer hard drive by a website to monitor usage or identify repeat visitors.

Cookies can be used for a single visit to track how a user arrived at the site or which pages they visit. Alternatively, some cookies are "persistent" since they remain on the user's hard drive for months or years, often storing information such as language preferences or repeat visit data.

In 2003, the Privacy Commissioner of Canada was asked to rule on the privacy issues associated with cookies in a complaint against Air Canada. The commissioner ruled that "information stored by the temporary and permanent cookies qualified as personal information for the purposes of the Act."

The Prime Minister's website features a prominent "Important notices" on its front page, which directs visitors to the site's privacy policy. It states:

We do not regularly use "cookies" to track how our visitors use the site. Whenever we enable "cookies" to facilitate your transactions, we will first inform you.

Notwithstanding the assurances that no cookies track how visitors use the site, the site currently inserts at least five cookies on a user's computer. Two cookies expire at the end of the visit, one lasts for the day, another remains on the computer for six months, and one stays on the computer for two years. 

The site does not provide explicit information on the cookies, but it appears that several are related to Google Analytics, a commonly used service that analyzes website traffic and visitors. The cookies on the Prime Minister's site can be used to track the time of the visit, repeat visits, how the visitor arrived at the site (search engine, link from another site), and how long the visitor stays on the site.

An additional cookie may be linked to a Twitter feed on the site. The Twitter cookie allows that service to track users who are logged into their account at the time and have not requested to stop tracking in their preferences.

The Prime Minister's website is not the only site that has adopted this language but appears to use regularly use cookies. Two related sites - a site devoted to the Speech from the Throne and one on the government's Economic Action plan - both use the same policy language and insert similar cookies.

The source of the problem appears to be the use of an old sample Treasury Board privacy policy that was designed for sites that do not use cookies. Given that these sites use cookies, the policies are inaccurate and should obviously be replaced.

The failure to properly disclose the site's privacy practices points to three issues. First, the use of sample privacy policies may often create problems since websites collect and use personal information in different ways.

Second, websites should regularly revisit their privacy policies to ensure that they reflect current practices.

Third, given the ease with which Internet users can be tracked online, the government should consider incorporating do-not-track provisions into its privacy legislation, thereby ensuring that user privacy choices are respected.
Comments (11)add comment

Anthony Reimer said:

Discard Cookies at end of session
This is why I use a browser that automatically discards all cookies when I quit the browser (the venerable OmniWeb for Mac OS X). If I have to use a different browser (like on my iPad), I block all third-party cookies and flush the others regularly.
July 31, 2012

Keith said:

Exporting cookies to the U.S.
The third party cookies from Google Analytics and Twitter are an interesting part of this story. Not only is the site providing private companies with our browsing information, but since these companies are U.S. based, they are subject to American laws such as the Patriot Act. If any American law enforcement agency wishes to find out who has been visiting the PM site, they can obtain this information without any judicial review. Perhaps Vic Toews can get his surveillance wishes for Canadians met more easily by asking U.S. authorities to do it for him.
July 31, 2012

unimportant said:

False premise. "The need for accuracy is particularly true if you're say, the Prime Minister of Canada."
Nobody reads privacy policies or believes they're true. Few people are both technologically and law-jargon literate enough to read the policy, let alone write one, so they're usually copied off another website. This isn't about "the prime minister", but "even the prime minister".

I'm sorry, the answer to privacy policies isn't law, it's technological. Encryption and anonymization technologies exist to make "privacy violations" impossible. A Canadian "do-not-track" law won't be obeyed on an internet, and government shouldn't coddle people who give up privacy. To help, promote the technology.
July 31, 2012

Gregg said:

AdBlock Plus
And enter ||google-analytics.com on a custom filter line.

August 01, 2012

Odetta Coen said:

Definitely agree that re-write is needed!
It is true that not many Internet users are realizing the amazing importance of blocking the third-party cookies that are tracking their visited websites and gathering all kind of info on a regular base! The problems with our privacy while using Internet are increasing daily, as Facebook became the center of the attention too, regarding all that, but there are no two opinions that extra measures securing our untrackable privacy should eb secured!
Rental Company
August 01, 2012

Denise Eisner said:

Understanding Google Analytics and First Party Cookies
Web analytics experts including Brian Clifton have repeatedly asserted that by default Google Analytics does not collect personally identifiable information (PII) and uses only 1st-party cookies. In addition, all reported data is aggregate. That means it is grouped data and not that of individuals. This would thus mean that explicit consent is not required if the only cookie is set for Google Analytics. Moreover, collecting PII is also against the Google Analytics Terms of Service.

I agree that explicit, plain language policies are the best approach to guide users to make decisions about whether to allow cookies. That said, website owners should be allowed to analyze user trends in order to improve their services. There is a happy medium.
August 01, 2012

Anon-K said:

@Denise Eisner
Agreed. Problem is that these things are used all over the place. For instance, something here is setting off a web security policy violation, in that something related to this site is contacting statcounter.com. Is it directly related? No idea.
August 02, 2012

Anon-P said:

Elusive Medium
Agreed with Denise that there is a happy medium, unfortunate that it's so elusive
August 08, 2012

www.cheapnorthfacejacketssale.co.uk said:

Despite the efforts to combat leaks, information on the Internet chapter has begun to emerge
September 28, 2012

http://www.northfacejacketsau.com/ said:

north face
http://www.northfacejacketsau.com/ women and young adults searching for the most up-to-date outfits within outfits size 18 in addition and also equipment.
October 19, 2012

bestgenericviagra.info said:

Nice Onre
Given that these sites use cookies, the policies are inaccurate and should obviously be replaced.
February 17, 2014

Write comment
smaller | bigger

, ,
Share: Slashdot, Digg, Del.icio.us, Newsfeeder, Reddit, StumbleUpon, TwitterEmailPrintPDF
Related Items: