Appearance before the Senate Standing Committee on Transport and Communications on the Study on emerging issues related to its communications mandate and to report on the wireless sector

This page has been archived on the Web

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

December 8, 2009
Ottawa, Ontario

Statement by Jennifer Stoddart
Privacy Commissioner of Canada

(Check against delivery)


Introduction

Thank you for the opportunity to speak to a topic of paramount importance to my Office. Indeed, we have identified the impact of emerging information and communications technologies on the privacy of Canadians as one of our four strategic priorities.

I am joined today by Assistant Commissioner Elizabeth Denham and Steve Johnston, our senior security and technology adviser. In the next few minutes, I propose to touch on some key issues, which are explored more fully in a background document you have before you. That should leave time for the questions I understand you have for us.

Context

First let me say that I applaud this committee for undertaking such a far-reaching, far-sighted, and significant study. It takes courage to tackle issues that we know are critical to the social and economic future of Canadians, but that seldom suggest a clear or unambiguous way forward.

That, certainly, is how my Office views the privacy issues related to wireless technologies, universal mobile access, Web 2.0 and the next generation of Internet connectivity: With challenges so complex, there can be no pat solutions. Within Canada and across international boundaries, the responses must be thoughtful, measured, collaborative and nuanced.

As Canada’s privacy guardian, my approach is to explore the privacy implications of these new technologies, and to work within our legislative framework, and in concert with partners in Canada and globally, to strengthen the privacy protections enjoyed by Canadians. 

The future is now

One thing we can say for certain is that the future is now:

Canadians of all ages have already gone wireless, free to work and play from wherever they may be. For most of us, the Internet is a useful and interesting place to visit, while some people live entire second lives there. And governments and private enterprises are harnessing the astonishing power of the digital universe to enhance their operations and advance their interests.

Without doubt, these are dazzling developments. And yet, we must not be blinded to their privacy implications.

At a practical level, we must ask whether safeguards are built in to the design of technological innovations – the passwords and encryption software, the privacy settings and the policies that will help keep personal information out of the wrong hands.

More broadly, we need to apply our existing laws to protect the privacy interests of Canadians. My Office did that in last summer’s Facebook investigation, and we will not shy away from doing it again, should the need arise.

At a broader level still, we must accept that data will flow wherever it needs to go, without regard for national boundaries.

And yet, nations are not without remedies. As Canada has shown through a series of investigative findings and guidelines, we can make clear our expectations for organizations operating within our borders. And we can work with the global community to set common standards for the inter-territorial protection of personal information.

Three key issues

The document which the OPC tabled with you, explore these and many other questions. But permit me now to touch on three issues of primary concern to our Office.

The first is behavioural marketing, in which the online activities of consumers are tracked over time and ads are targeted to their inferred interests. Marketers say the data is aggregated and individuals are not identified, but we’ve seen evidence that identities cannot always be concealed.

The practice also raises issues of consent, because people may not even know that their browsing habits are being monitored, collected, analyzed and used for other purposes.

The second issue is location-based data. Particularly with GPS-enabled mobile devices, it’s easier than ever to pinpoint people’s exact whereabouts. Combining such geospatial information with other data – on shopping or entertainment habits, for example – can yield a whole new class of personal information.

That’s of immeasurable value to businesses and marketers, of course, and it also gives people instant services, such as directions to the nearest coffee shop or drycleaner. At the same time, though, it raises sensitive questions about surveillance and, again, consent for the use of their personal information.

The final issue is cloud computing, in which organizations rent computer usage from third-party providers who actually own the remote servers and related infrastructure. Many enterprises are turning to cloud computing providers to store data or for a range of other applications or services. The advantage is that they don’t have to maintain, repair or upgrade their own computers.

The privacy concern for us, however, is that such servers could be anywhere, including in countries with weak privacy laws. The data can be disaggregated and scattered among servers in many locations. It can also be copied, many times over, which raises questions about unauthorized disclosure, retention and destruction of personal information.

OPC engagement

In light of the challenges posed by these three issues, my Office is organizing expert workshops to examine each in detail.

The Personal Information Protection and Electronic Documents Act has been a powerful tool in our efforts to safeguard the privacy of Canadians, and flexible enough to cope with these emerging technologies. Still, we look forward to refinements that would further strengthen this law.

We will also continue to carry out our other functions aimed at advancing the privacy rights of Canadians, including investigating complaints, conducting audits, reviewing departmental Privacy Impact Assessments, and reaching out to stakeholders and Canadians at large through our research, public awareness and communications activities.

Under the Privacy Act, for instance, we are currently completing an audit of the federal government’s use of wireless networks and devices such as BlackBerrys and iPhones.

We are equally gratified that dozens the world’s leading data protection authorities agreed in Madrid last month to work toward standards for the protection of data flowing across international borders.

Conclusion

In summary, Mr. Chair, I doubt anyone can really grasp all the privacy implications presented by emerging technologies. Nor should we be too confident in predicting the future.

But what we can do is face up to the challenges of today: By tapping in to the best minds, by applying the tools we have, and by working in concert toward policies and practices that will better safeguard the privacy of Canadians tomorrow.

I thank you for the opportunity to speak to these vital matters.

Report a problem or mistake on this page
Please select all that apply (required): Error 1: This field is required.

Note

Date modified: