CIPPIC has filed a privacy complaint with the Privacy Commissioner of Canada over Bell's deep packet inspection practices. With CAIP raising the privacy issue in its submission to the CRTC, it was only a matter of time before the Privacy Commissioner was asked to intervene. CIPPIC highlights several privacy concerns with Bell's network management practices including:
- Bell's failure to obtain consent for the collection of personal information through DPI from customers of the independent ISPs
- Bell's failure to obtain informed consent from its own customers given the lack of information on network management practices
- Bell's violation of the principle of limiting collection, since the evidence "suggests that Bell can manage its network adequately without inspecting the content of user communications." CIPPIC notes that other providers do not engage in the same practice and that there are less privacy invasive means to address network congestion concerns.
- Bell's violation of the openness principle, given its failure to disclose "in a clear and conspicuous manner to the public its use of DPI for traffic management purposes."
The case obviously has implications that extend beyond just Bell. Indeed, CIPPIC urges the Privacy Commissioner to also investigate DPI usage by other Canadian ISPs.