Wiertz Sebastien - Privacy by Sebastien Wiertz (CC BY 2.0) https://flic.kr/p/ahk6nh

Privacy

The Great Canadian Personal Data Grab

The Royal Bank of Canada updated its mobile application for Android users earlier this month. Like many banking apps, the RBC version allows users to view account balances, pay bills, and find bank branches from their smartphone. Yet when users tried to install the app, they were advised that the bank would gain access to a wide range of personal data.

The long list of personal data – far longer than that found in comparable applications from banks such as TD Canada Trust or Bank of Montreal – included permission to use the device’s camera, to read the user’s call history, to access the user’s Internet browsing habits, and to even check out their browser bookmarks. After users took to Twitter and the Google app review section to complain, RBC advised that it would update the app and that users should “stay tuned” about the permission requirements.

My weekly technology law column (Toronto Star version, homepage version) notes that RBC is not alone in requiring users to disclose more personal information in order to access services. Aeroplan, the loyalty program linked to Air Canada, sent an email last week to hundreds of thousands of Canadians notifying them that it too was changing its data collection practices.

October 16, 2013 — 8 comments — Columns

The Great Canadian Personal Data Grab

Appeared in the Toronto Star on October 12, 2013 as The Great Canadian Personal Data Grab The Royal Bank of Canada updated its mobile application for Android users earlier this month. Like many banking apps, the RBC version allows users to view account balances, pay bills, and find bank branches […]

October 16, 2013 — Comments are Disabled — Columns Archive

Podcast on Internet Privacy

I appeared on the Consult an Expert Tipcast to discuss internet privacy. Listen to the podcast here.

October 16, 2013 — Comments are Disabled — ExtPodcasts

Privacy Commissioners Struggle to Confront Surveillance Issues at Annual Conference

The 35th International Conference of Data Protection and Privacy Commissioners wraps up today in Warsaw, Poland. The conference has become an important annual event, facilitating greater global cooperation on privacy and providing the commissioners with a venue to speak out on key privacy issues. This year, the commissioners issued one declaration (on the “appification” of society) and nine resolutions. The resolutions cover a wide range of issues including profiling, international enforcement, anchoring privacy in international law, and web tracking.

Yet despite the enormous public attention to surveillance issues over the past few months, there are no specific resolutions on the issue. In fact, surveillance is only mentioned once, in a resolution on openness of personal data practices which urges organizations to be more open about their practices and adds that governments should do the same. Perhaps unsurprisingly, the U.S. Federal Trade Commission abstained from voting on the resolution due to the reference to governments. The U.S. may have been particularly uncomfortable with the final paragraph in the explanatory note:

September 26, 2013 — 4 comments — News

The Issue with CSEC Handing over encryption codes to the NSA

I talked to Global News about the Communications Security Establishment Canada (CSEC) handing over encryption codes to the NSA. Canada appears to have opened a backdoor for surveillance by the USA.

September 17, 2013 — Comments are Disabled — News Interviews, Tv / Radio