Post Tagged with: "pipeda"

Google Main Search by MoneyBlogNewz (CC BY 2.0) https://flic.kr/p/92t8FA

Why the Canadian Privacy Commissioner’s Proposed Right to be Forgotten Creates More Problems Than it Solves

The right to be forgotten, which opens the door to public requests for the removal of search results that are “inadequate, irrelevant or no longer relevant”, has been among the world’s most controversial privacy issues since it was first established in Europe in 2014. My Globe and Mail op-ed notes that the new right responds to concerns with potential reputational harms from inaccurate or misleading information online, but faces the challenge of balancing privacy protections with the benefits of the Internet for access to information and freedom of expression.

The Privacy Commissioner of Canada waded into the debate on Friday with a new draft report concluding that Canadian privacy law can be interpreted to include a right to de-index search results with respect to a person’s name that are inaccurate, incomplete, or outdated. The report, which arises from a 2016 consultation on online reputation, sets the stage for potential de-indexing requests in Canada and complaints to the Privacy Commissioner should search engines refuse to comply.

Read more ›

January 29, 2018 8 comments Columns
Android Dev Phone 2 (aka Google Ion & HTC Magic) by Cedric Sam (CC BY-NC-SA 2.0) https://flic.kr/p/7sBBdQ

Bell’s Latest Privacy Solution: Enhance Internet Privacy By Blocking Access to It

The Canadaland report on Bell’s plans to apply to the CRTC to create a website blocking agency unsurprisingly sparked immediate widespread concern. I provided further detail on the proposal, noting the danger of establishing a blocking system without court review of the block list and the very weak case Bell makes to justify it. A critical aspect of the Bell proposal is that it must convince the CRTC that website blocking would further Canada’s telecommunications policy objectives. Given that the CRTC has already ruled that the law prohibits blocking without its approval, that is a difficult standard to meet. I argue that the three justifications raised by Bell – that piracy “threatens the social and economic fabric of Canada”, that the telecommunications system should “encourage compliance with Canadian laws” and that website blocking “will significantly contribute toward the protection of the privacy of Canadian Internet users” – is very weak.

In fact, the privacy argument is not only weak, it is incredibly hypocritical. Bell is arguably the worst major Canadian telecom company on user privacy and its attempt to justify website blocking on the grounds that it wants to protect privacy is shameful. There are obviously far better ways of protecting user privacy from risks on the Internet than blocking access to sites that might create those risks. Further, with literally millions of sites that pose some privacy risk, few would argue that the solution lies in blocking all of them.

Read more ›

December 5, 2017 6 comments News
Equifax Key by GotCredit (CC BY 2.0) https://flic.kr/p/TqZ2V2

Into the Breach: How Canada’s Security Breach Disclosure Regulations Fall Short

With security breaches regularly affecting millions (or even billions) of people, effective security breach disclosure rules are an essential part of a modern privacy law framework. It may surprise many to learn that Canada still does not have mandatory security breach disclosure rules that require companies to notify affected individuals in effect. Rules were passed in 2015, but the accompanying regulations were puzzlingly slow to emerge. The government finally released proposed regulations late in the summer with a consultation that closed earlier this week. My submission, which focused on implementation, content of notices, and proposed “indirect” notification, is posted below.

Read more ›

October 4, 2017 4 comments News
Privacy Is Not A Crime by Kent Lins (CC BY-NC 2.0) https://flic.kr/p/SdZhmU

Fixing PIPEDA: My Appearance Before the Access to Information, Privacy & Ethics Committee

Last week I appeared before the House of Commons Standing Committee on Access to Information, Privacy and Ethics as part of its review of PIPEDA, Canada’s private sector privacy law. The ETHI study is expected to last several months and may provide the foundation for potential reforms. My opening remarks are posted below:

Read more ›

March 28, 2017 2 comments Committees, News
Five Data Privacy Principles from Mozilla (Put on a museum wall) 2014 by Ann Wuyts (CC BY 2.0) https://flic.kr/p/pVKYKn

Do You Consent? Four Ways to Strengthen Digital Privacy

Privacy laws around the world may differ on certain issues, but all share a key principle: the collection, use and disclosure of personal information requires user consent. The challenge in a digital world where data is continuously collected and can be used in a myriad of previously unimaginable ways is how to ensure that the consent model still achieves the objective of giving the public effective control over their personal information.

The Office of the Privacy Commissioner of Canada released a discussion paper earlier this year that opened the door to rethinking how Canadian law addresses consent. The paper suggests several solutions that could enhance consent (greater transparency in privacy policies, technology-specific protections), but also raises the possibility of de-emphasizing consent in favour of removing personally identifiable information or establishing “no-go” zones that would regulate certain uses of information without relying on consent.

My weekly technology law column (Toronto Star version, homepage version) notes that the deadline for submitting comments concludes this week and it is expected that many businesses will call for significant reforms to the current consent model, arguing that it is too onerous and that it does not serve the needs of users or businesses. Instead, they may call for a shift toward codes of practice that reflect specific industry standards alongside basic privacy rules that create limited restrictions on uses of personal information.

Read more ›

August 2, 2016 4 comments Columns