The Protection of Personal Information & the Internet: Some Contemporary Challenges
Presented by:
Daniel CaronLegal CounselOffice of the Privacy Commissioner of CanadaUniversity of Ottawa, January 9, 2013
2
Overview
• Which Law Applies?• Cooperation and Coordination• Social Networking • Online Behavioural Advertising• Mobile Device Privacy/Mobile Applications• “Lawful Access”
3
Internet Jurisdiction
• A Borderless Environment• Which Law Applies?• Which Privacy Commissioner/Data Protection
Authority Will Deal With a Specific Issue? • In Canada:
– Lawson v. Accusearch Inc., 2007 FC 125– A “Real and Substantial Connection”
4
International Cooperation/Coordination• Interoperability• Cooperation• Coordination• Int’l DPA Conference in Mexico City 2011:
– Resolution on Privacy Enforcement Coordination at the International Level
• Int’l DPA Conference in Uruguay 2012:– Resolution on the Future of Privacy
5
International Cooperation/Coordination• How the OPC Cooperates/Coordinates:
– Information Sharing With Provincial & Int’l Counterparts
– Joint Investigations– Participating in/hosting Conferences &
Meetings– Membership in Global Networks– Staff Exchanges
6
Some Contemporary Internet Privacy Issues
7
Social Networking• SNSs Raise a Number of Unique Privacy Issues:
– Privacy in a Public Space– Obligations of the SNS v. Obligations of the User– Knowledge and Consent
• Collateral uses of personal information on SNSs– Sharing of Personal Information With Third Parties (i.e.
Apps)– Deletion of Accounts– Collateral Uses
8
Social Networking• A Number of OPC Investigations:
– Facebook Investigations– Nexopia
• But also:– Google Buzz letter– OPC Fact Sheets:
• Social Networking and Privacy• Social Networks Sites in the Workplace: An Introduction• Privacy and Social Networking in the Workplace
9
Online Behavioural Advertising• The tracking of an individual’s online activities, across
sites and over time, in order to deliver advertisements targeted to their inferred interests.
• Businesses generally use “cookies” to track online activities and associate those activities with a specific computer or device – But there are other methods (i.e. web bugs, device fingerprinting, super cookies, flash cookies).
• Many companies engaged in behavioural advertising are ad networks.
10
Online Behavioural Advertising
• Some see this practice as offering many benefits
• However, some potential privacy issues relating to obtaining proper knowledge and consent for the tracking of individuals
• Does OBA involve the collection of “personal information”?
11
Online Behavioural Advertising• What the OPC has Said:
– OPC’s 2010 Consultations on Online Tracking, Profiling, and Targeting, and Cloud Computing
– OPC’s Guidelines on Privacy and Online Behavioural Advertising
– OPC’s Policy Position on Online Behavioural Advertising
• OBA may be considered appropriate under PIPEDA provided it is carried out under certain parameters, and is not made a condition of service for accessing and using the Internet.
12
Mobile Devices & Privacy• Replacing PCs as the de facto device for
connecting to the Internet• Growing Privacy Issues Related to Mobile
Application Developers– Accountability– Openness and Transparency– Meaningful Consent– Justifying & Limiting Collection, Use & Disclosure– Safeguards
13
Mobile Devices & Privacy
• OPC Guidance Documents– Seizing Opportunity: Good Privacy Practices for
Developing Mobile Apps (With BC and Alta)– Gaming consoles and personal information:
playing with privacy
14
Lawful Access• Government proposals to provide “lawful access” go back
more than a decade• Two main aspects:
– Allowing LEAs (and others) to better target certain crimes through:
• “Subscriber information” requests• Production Orders• Preservation Demands• Preservation Orders• Tracking Warrants
– Imposing an obligation on ISPs to build intercept capabilities
15
Lawful Access• Letter to the Editor from Privacy Commissioner
Jennifer Stoddart regarding proposed lawful access legislation (November 7, 2012)
• Commissioner’s Letter to Minister of Public Safety Vic Toews (October 26, 2011)
• Letter to Public Safety Canada from Canada's Privacy Commissioners and Ombudspersons on the current 'Lawful Access' proposals (March 9, 2011)
16
A Word About the OPC
• How the OPC Addresses Internet Privacy Issues– TAB Branch– Research Mandate Under PIPEDA– Investigations & Audits– Litigation
17
Questions?