The Protection of Personal Information & the Internet: Some Contemporary Challenges

Presented by:

Daniel CaronLegal CounselOffice of the Privacy Commissioner of CanadaUniversity of Ottawa, January 9, 2013

2

Overview

• Which Law Applies?• Cooperation and Coordination• Social Networking • Online Behavioural Advertising• Mobile Device Privacy/Mobile Applications• “Lawful Access”

3

Internet Jurisdiction

• A Borderless Environment• Which Law Applies?• Which Privacy Commissioner/Data Protection

Authority Will Deal With a Specific Issue? • In Canada:

– Lawson v. Accusearch Inc., 2007 FC 125– A “Real and Substantial Connection”

4

International Cooperation/Coordination• Interoperability• Cooperation• Coordination• Int’l DPA Conference in Mexico City 2011:

– Resolution on Privacy Enforcement Coordination at the International Level

• Int’l DPA Conference in Uruguay 2012:– Resolution on the Future of Privacy

5

International Cooperation/Coordination• How the OPC Cooperates/Coordinates:

– Information Sharing With Provincial & Int’l Counterparts

– Joint Investigations– Participating in/hosting Conferences &

Meetings– Membership in Global Networks– Staff Exchanges

6

Some Contemporary Internet Privacy Issues

7

Social Networking• SNSs Raise a Number of Unique Privacy Issues:

– Privacy in a Public Space– Obligations of the SNS v. Obligations of the User– Knowledge and Consent

• Collateral uses of personal information on SNSs– Sharing of Personal Information With Third Parties (i.e.

Apps)– Deletion of Accounts– Collateral Uses

8

Social Networking• A Number of OPC Investigations:

– Facebook Investigations– Nexopia

• But also:– Google Buzz letter– OPC Fact Sheets:

• Social Networking and Privacy• Social Networks Sites in the Workplace: An Introduction• Privacy and Social Networking in the Workplace

9

Online Behavioural Advertising• The tracking of an individual’s online activities, across

sites and over time, in order to deliver advertisements targeted to their inferred interests.

• Businesses generally use “cookies” to track online activities and associate those activities with a specific computer or device – But there are other methods (i.e. web bugs, device fingerprinting, super cookies, flash cookies).

• Many companies engaged in behavioural advertising are ad networks.

10

Online Behavioural Advertising

• Some see this practice as offering many benefits

• However, some potential privacy issues relating to obtaining proper knowledge and consent for the tracking of individuals

• Does OBA involve the collection of “personal information”?

11

Online Behavioural Advertising• What the OPC has Said:

– OPC’s 2010 Consultations on Online Tracking, Profiling, and Targeting, and Cloud Computing

– OPC’s Guidelines on Privacy and Online Behavioural Advertising

– OPC’s Policy Position on Online Behavioural Advertising

• OBA may be considered appropriate under PIPEDA provided it is carried out under certain parameters, and is not made a condition of service for accessing and using the Internet.

12

Mobile Devices & Privacy• Replacing PCs as the de facto device for

connecting to the Internet• Growing Privacy Issues Related to Mobile

Application Developers– Accountability– Openness and Transparency– Meaningful Consent– Justifying & Limiting Collection, Use & Disclosure– Safeguards

13

Mobile Devices & Privacy

• OPC Guidance Documents– Seizing Opportunity: Good Privacy Practices for

Developing Mobile Apps (With BC and Alta)– Gaming consoles and personal information:

playing with privacy

14

Lawful Access• Government proposals to provide “lawful access” go back

more than a decade• Two main aspects:

– Allowing LEAs (and others) to better target certain crimes through:

• “Subscriber information” requests• Production Orders• Preservation Demands• Preservation Orders• Tracking Warrants

– Imposing an obligation on ISPs to build intercept capabilities

15

Lawful Access• Letter to the Editor from Privacy Commissioner

Jennifer Stoddart regarding proposed lawful access legislation (November 7, 2012)

• Commissioner’s Letter to Minister of Public Safety Vic Toews (October 26, 2011)

• Letter to Public Safety Canada from Canada's Privacy Commissioners and Ombudspersons on the current 'Lawful Access' proposals (March 9, 2011)

16

A Word About the OPC

• How the OPC Addresses Internet Privacy Issues– TAB Branch– Research Mandate Under PIPEDA– Investigations & Audits– Litigation

17

Questions?