Apple Canada Was Only Tech Company to Respond to Privacy Commish Request on Disclosure Practices

Last week’s revelations on the massive number of requests for subscriber information focused specifically on the responses from major Canadian telecom and Internet providers. The Privacy Commissioner of Canada wrote to the 12 largest providers, who responded with a single document that aggregated the responses of 11 of the companies (though some declined to provide information to questions such as how many user accounts were disclosed).

The Access to Information Act requested documents that contained the telco response also revealed that the Privacy Commissioner sent a similar letter to the leading Internet and technology companies. The list of recipients included Apple, Google, Facebook, Microsoft, Twitter, and eBay. While some of the companies now offer transparency reports that feature data on disclosure requests (and compliance with those requests), few did in 2011. On Friday, I received a supplemental document to my access to information request that contains the full response from Apple Canada.

The document is notable for several reasons. First, Apple Canada responded within one month of the Privacy Commissioner letter, promptly providing specific information on its practices. It advises that the company has a database of approximately 10 million individuals and that it received about 100 requests for information on its users. It does not charge a fee to comply with those requests.

Second, much like the telecom and Internet companies, Apple Canada does not notify the individuals whose information has been requested or disclosed.

Third, I have been advised that there are no other relevant documents to the request. This confirms that Apple Canada was the only company to respond to the Privacy Commissioner request. The other major companies apparently did not respond. Their transparency reports now provide raw data on access requests, though their specific policies on requests, notification of affected individuals, and fees related to requests largely remains a mystery.


  1. Kicked Student says:

    Is it reasonable? I think so. But what do I know…
    So apple gave out info on 100 people (or 100 devices) in a year. 20% of which came with a court order/warrant. Correct?

    So apple basically just gave away info on 80 people without court oversight.

    Is this reasonable? I think I would say yes. 80 people in a year when the law allows enforcement agencies to request emergency info seems perfectly reasonable.

    1.2 million records from 3 companies, Bell et al, does not sound reasonable.

    I am curious to know the details of what the reasoning was behind targeting 80 people though. Although it sounds reasonable, maybe these are requests to find and target kids during the Montreal student protests who might have seen the cops beat on a student and recorded it. In which case, this would be an abuse of power, no?

    No oversight leads to all sorts of nasties, N’est pas?

  2. What about the maker of my car or coffee maker
    Did the privacy commissioner ask Toyota for their disclosures? My Toyota knows where I live, where I drive, how fast I go and the sensors in the seats know how many people are in the car with me. If the police don’t get me on their radar maybe my car will rat me out when I exceed the speed limit!!!

    And my computerized coffee maker knows my morning ritual and it even knows what brand I like. My favorite blend might be an indication of possible connections to Columbia!!

    Oh gosh, all this talk about invasion of privacy is making me paranoid …..

  3. “Oh gosh, all this talk about invasion of privacy is making me paranoid …..”

    No, I think it is making you cynical.