Post Tagged with: "pipeda"

Android Dev Phone 2 (aka Google Ion & HTC Magic) by Cedric Sam (CC BY-NC-SA 2.0) https://flic.kr/p/7sBBdQ

Bell’s Latest Privacy Solution: Enhance Internet Privacy By Blocking Access to It

The Canadaland report on Bell’s plans to apply to the CRTC to create a website blocking agency unsurprisingly sparked immediate widespread concern. I provided further detail on the proposal, noting the danger of establishing a blocking system without court review of the block list and the very weak case Bell makes to justify it. A critical aspect of the Bell proposal is that it must convince the CRTC that website blocking would further Canada’s telecommunications policy objectives. Given that the CRTC has already ruled that the law prohibits blocking without its approval, that is a difficult standard to meet. I argue that the three justifications raised by Bell – that piracy “threatens the social and economic fabric of Canada”, that the telecommunications system should “encourage compliance with Canadian laws” and that website blocking “will significantly contribute toward the protection of the privacy of Canadian Internet users” – is very weak.

In fact, the privacy argument is not only weak, it is incredibly hypocritical. Bell is arguably the worst major Canadian telecom company on user privacy and its attempt to justify website blocking on the grounds that it wants to protect privacy is shameful. There are obviously far better ways of protecting user privacy from risks on the Internet than blocking access to sites that might create those risks. Further, with literally millions of sites that pose some privacy risk, few would argue that the solution lies in blocking all of them.

Read more ›

December 5, 2017 5 comments News
Equifax Key by GotCredit (CC BY 2.0) https://flic.kr/p/TqZ2V2

Into the Breach: How Canada’s Security Breach Disclosure Regulations Fall Short

With security breaches regularly affecting millions (or even billions) of people, effective security breach disclosure rules are an essential part of a modern privacy law framework. It may surprise many to learn that Canada still does not have mandatory security breach disclosure rules that require companies to notify affected individuals in effect. Rules were passed in 2015, but the accompanying regulations were puzzlingly slow to emerge. The government finally released proposed regulations late in the summer with a consultation that closed earlier this week. My submission, which focused on implementation, content of notices, and proposed “indirect” notification, is posted below.

Read more ›

October 4, 2017 4 comments News
Privacy Is Not A Crime by Kent Lins (CC BY-NC 2.0) https://flic.kr/p/SdZhmU

Fixing PIPEDA: My Appearance Before the Access to Information, Privacy & Ethics Committee

Last week I appeared before the House of Commons Standing Committee on Access to Information, Privacy and Ethics as part of its review of PIPEDA, Canada’s private sector privacy law. The ETHI study is expected to last several months and may provide the foundation for potential reforms. My opening remarks are posted below:

Read more ›

March 28, 2017 2 comments Committees, News
Five Data Privacy Principles from Mozilla (Put on a museum wall) 2014 by Ann Wuyts (CC BY 2.0) https://flic.kr/p/pVKYKn

Do You Consent? Four Ways to Strengthen Digital Privacy

Privacy laws around the world may differ on certain issues, but all share a key principle: the collection, use and disclosure of personal information requires user consent. The challenge in a digital world where data is continuously collected and can be used in a myriad of previously unimaginable ways is how to ensure that the consent model still achieves the objective of giving the public effective control over their personal information.

The Office of the Privacy Commissioner of Canada released a discussion paper earlier this year that opened the door to rethinking how Canadian law addresses consent. The paper suggests several solutions that could enhance consent (greater transparency in privacy policies, technology-specific protections), but also raises the possibility of de-emphasizing consent in favour of removing personally identifiable information or establishing “no-go” zones that would regulate certain uses of information without relying on consent.

My weekly technology law column (Toronto Star version, homepage version) notes that the deadline for submitting comments concludes this week and it is expected that many businesses will call for significant reforms to the current consent model, arguing that it is too onerous and that it does not serve the needs of users or businesses. Instead, they may call for a shift toward codes of practice that reflect specific industry standards alongside basic privacy rules that create limited restrictions on uses of personal information.

Read more ›

August 2, 2016 4 comments Columns
Police telephone by Marcin Wichary (CC BY 2.0) https://flic.kr/p/4nidee

Why the New Canadian Telecom Transparency Rules Fall Short

Canadians have become increasingly troubled by reports revealing that telecom and Internet companies receive millions of requests for subscriber data from a wide range of government departments. In light of public concern, some Internet and telecom companies have begun to issue regular transparency reports that feature aggregate data on the number of requests they receive and the disclosures they make.

The transparency reports from companies such as Rogers, Telus, and TekSavvy have helped shed light on government demands for information and on corporate disclosure practices. However, they also paint an incomplete picture since companies have offered up inconsistent data and some of the largest, including Bell, have thus far refused to come clean on past requests and disclosures.

Read more ›

July 7, 2015 10 comments Columns