Post Tagged with: "consent"

delete by Mixy Lorenzo (CC BY-NC-SA 2.0)

No Longer Fit for Purpose: Why Canadian Privacy Law Needs an Update

Canada’s private sector privacy law was first introduced 20 years ago, coinciding with the founding of Google and predating Facebook, the iPhone, and the myriad of smart devices that millions of Canadians now have in their homes. Two decades is a long time in the world of technology and privacy and it shows. There has been modest tinkering with the Canadian rules over the years, but my Globe and Mail opinion piece notes the law is struggling to remain relevant in a digital age when our personal information becomes increasingly valuable and our consent models are little more than a legal fiction.

The House of Commons Standing Committee on Access to Information, Ethics and Privacy last week released the results of a comprehensive study into Canadian privacy law. The report, which features 19 recommendations, provides Innovation, Science and Economic Development Minister Navdeep Bains with a road map for future reforms (I appeared before the committee as one of 68 witnesses from across the policy spectrum).

Read more ›

March 6, 2018 2 comments Columns
Five Data Privacy Principles from Mozilla (Put on a museum wall) 2014 by Ann Wuyts (CC BY 2.0)

Do You Consent? Four Ways to Strengthen Digital Privacy

Privacy laws around the world may differ on certain issues, but all share a key principle: the collection, use and disclosure of personal information requires user consent. The challenge in a digital world where data is continuously collected and can be used in a myriad of previously unimaginable ways is how to ensure that the consent model still achieves the objective of giving the public effective control over their personal information.

The Office of the Privacy Commissioner of Canada released a discussion paper earlier this year that opened the door to rethinking how Canadian law addresses consent. The paper suggests several solutions that could enhance consent (greater transparency in privacy policies, technology-specific protections), but also raises the possibility of de-emphasizing consent in favour of removing personally identifiable information or establishing “no-go” zones that would regulate certain uses of information without relying on consent.

My weekly technology law column (Toronto Star version, homepage version) notes that the deadline for submitting comments concludes this week and it is expected that many businesses will call for significant reforms to the current consent model, arguing that it is too onerous and that it does not serve the needs of users or businesses. Instead, they may call for a shift toward codes of practice that reflect specific industry standards alongside basic privacy rules that create limited restrictions on uses of personal information.

Read more ›

August 2, 2016 4 comments Columns
Did you consent to your involvement in this process? by Quinn Dombrowski (CC BY-SA 2.0)

Canadian Chamber of Commerce, Canadian Marketing Association Take Aim At Digital Privacy Act’s Consent Provision

The Standing Committee on Industry, Science and Technology continues its hearing on the Digital Privacy Act (Bill S-4) yesterday, with appearances from Privacy Commissioner of Canada Daniel Therrien, the Canadian Chamber of Commerce, and the Canadian Marketing Association. Therrien expressed general support for the bill, but concern with the expanded voluntary disclosure provision.

The Canadian Chamber of Commerce and the Canadian Marketing Association seemed to take the committee by surprise by criticizing a provision in the bill that clarifies what constitutes meaningful consent. The proposed provision states:

6.1 For the purposes of clause 4.3 of Schedule 1, the consent of an individual is only valid if it is reasonable to expect that an individual to whom the organization’s activities are directed would understand the nature, purpose and consequences of the collection, use or disclosure of the personal information to which they are consenting.

That provision should be uncontroversial given that it only describes what most would take to mean consent, namely that the person to whom the activities are directed would understand the consequences of consent. Indeed, Therrien expressed support for the change, noting:

Read more ›

February 18, 2015 3 comments News
Please! By Josh Hallett (CC-BY 2.0)

In Defence of Canada’s Anti-Spam Law, Part Two: Why the Legislation Is Really a Consumer Protection and Privacy Law in Disguise

My first post defending Canada’s anti-spam law focused on why spam remains a problem and how the new law may help combat fraudulent spam and target Canadian-based spamming organization. Most would agree that these are legitimate goals, but critics of the law will argue that it still goes too far since it covers all commercial electronic messages, not just fraudulent or harmful messages.

If the law were only designed to deal with harmful spam, they would be right. However, the law was always envisioned as something more than just an anti-spam bill. Indeed, when it was first introduced, it was called the Electronic Commerce Protection Act, reflecting the fact that it was expressly designed to address online consumer protection issues (the name CASL was an unofficial working name developed within Industry Canada). The law has at least three goals: provide Canada with tough anti-spam rules, require software companies to better inform consumers about their programs before installation, and update Canadian privacy standards by re-allocating who bears the cost for the use of personal information in the digital environment.

Read more ›

July 10, 2014 8 comments News
Did you consent to your involvement in this process? by Quinn Dombrowski (CC BY-SA 2.0)

The Benefits of Consent

Commercial email did not grind to a halt the day after Canada’s anti-spam legislation took effect and neither did the coverage about the law’s impact (I appeared on CBC’s The Current to debate the issue). Coverage included Microsoft backtracking from its earlier decision to stop security update emails, apparently taking the time to actually read the legislation and find the exception for security notification. There was also a CBC story about the Canadian Avalanche Centre, which stopped an email service after hundred of customization options became “too much of a hassle to maintain”, but the CBC used the timing to link the decision to CASL.

But what really caught my attention was this tweet from Jason Faber, the marketing manager at BoldRadius.

Read more ›

July 3, 2014 1 comment News