Privacy in the Social Media Age
This page has been archived on the Web
Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
Remarks at a workshop hosted by the Legal Services of the Communications Security Establishment Canada
April 20, 2011
Address by Chantal Bernier
Assistant Privacy Commissioner of Canada
(Check against delivery)
Introduction – The reports of privacy's death have been greatly exaggerated
To paraphrase Mark Twain's famous words, reports of privacy's death have been greatly exaggerated. I would like to use this as a starting point for discussing privacy in the social media age. Although our social and professional lives are increasingly being played out online, privacy rights and the value we place on privacy are still very real.
My presentation today will look at the following:
- I will begin with privacy rights: their definition, origin, social value and legal underpinnings.
- I will then examine how privacy rights are transactional in the context of social media.
- Finally, I will discuss the new modalities of privacy. Whereas privacy rights are immutable, the circumstances under which they are exercised have evolved.
First of all, what do we mean by privacy rights? In their static form, they are the right to control what others know about us. In their dynamic form, they refer to the exercise of that control.
Privacy is rooted in our survival instinct: we are all aware that what others know about us can work either for or against us. Simply put, we are talking about reputation, and each one of us instinctively knows just how valuable our reputation is.
Reputations are shaped in large part by gossip, that is, subjective impressions which others have about us and pass on. Our reputations are created by those around us, based on what they observe about us.
That explains why, as human beings, we always want to know more about others while limiting what people know about us. This individual phenomenon also applies to social groups and therefore to states.
Because governments are also social entities, they, too, want to know as much as possible about other governments, while having as much control as they can over what other governments know about them. This may remind you of the objectives of your organization: to protect the integrity of the Government of Canada's communication systems and obtain information from the communication systems of foreign countries.
All groups of people and all societies naturally establish an information social contract, including what may or may not be disclosed to others, out of mutual respect for this individual survival instinct. If we continue the analogy with the CSE, we would immediately think of the agreements in place between Canada and its allies calling on them to share information, but not to spy on each other.
The social contract in Canada is set out in the Canadian Charter of Rights and Freedoms,Footnote 1Footnote 2 Footnote 3 which, by the way, turns 29 this week. Privacy rights are derived from section 8 of the Charter and, subsidiairily, section 7.
Privacy rights are defined in case law through a four-part test based on the Oakes decision, handed down by the Supreme Court of Canada in 1986. At the Office of the Privacy Commissioner, we systematically apply these same criteria when determining whether a measure that constitutes a privacy infringement is justifiable:
- Is the measure required in order to meet a demonstrable need?
- Is the measure likely to be effective in meeting that need?
- Is the loss of privacy proportional to the benefit gained?
- Is there a less privacy-intrusive way of achieving the same end?
Beyond the Charter, there are two federal laws that address privacy rights more specifically: the Privacy Act, which applies to the public sector; and the Personal Information Protection and Electronic Documents Act, which applies to the private sector.
With the information social contract having to be redefined in this age of new information technologies, our society is very concerned about privacy. This can be seen clearly in:
- The number of information requests and complaints we receive: 10,000 information requests and nearly 1,000 complaints annually. In recent years, filings that received extensive media coverage include those made by former members of the Canadian Forces against Veterans Affairs Canada and complaints against Facebook.
- Media coverage. While it is true that the work done by our Office attracts media attention, privacy issues in general make headlines on a daily basis—newspaper articles on body scanners in airports and cyberattacks, or even in-depth reports by TimeFootnote 2 magazine on the trade in personal information or those by The EconomistFootnote 3 on managing the proliferation of data.
Trading personal information
Therefore, privacy remains a fundamental right—but a right that can be traded off:
- In exchange for security: the most obvious example being going through the security checkpoint at the airport.
- In exchange for health.
- In exchange for a service.
- In exchange for employment: we give our employer our name, contact information and SIN.
- in exchange for a relationship;
- In exchange for reputation: in today's world, the more you share, the better your reputation. Not being on Facebook or LinkedIn can cause others to question your very existence in some circles.
None of this is new. Personal information has always been exchanged for considerations such as these. Alessandro Acquisti, a behavioural economist, mentions that even in Roman times, deletion of identity was one of the most severe forms of social punishment. Having one's very existence obliterated is highly undesirable, because as social beings, we value both privacy and notoriety.
But how is personal information being traded in the context of social networks and other online applications?
First, we must consider social networks and online activities as a societal phenomenon:
- According to measurement firm comScore, Canadians spent over 43 hours a month online at the end of 2010—nearly double the worldwide average. And although the same survey showed a growth spurt in the number of users aged 55 and older, I think these numbers may be slightly skewed: while doing outreach at a local school, one OPC employee asked a class of 8- and 9-year-olds to raise their hand if they were on Facebook, and the overwhelming majority of the class raised their hand—even though Facebook's terms of service clearly state that you must be 13 in order to have an account on the site.
- Seemingly every human activity now has an online version.
- People are buying and selling things online,
- they are making new friends and meeting romantic partners,
- they are joining support groups,
- they are earning degrees,
- they are promoting their careers or their businesses,
- they are gaining support for humanitarian causes,
- they are finding new audiences for their artistic pursuits,
- they are joining discussion groups about their hobbies and special interests,
- they are looking up old and new acquaintances,
- and they are even performing searches on their own names, to see what comes up.
Secondly, we must consider social media in its psychological dimension.
- There is a high level of abstraction at play. The difference is between our behaviour in the physical world and our behaviour in the online world. In the physical world, if we stand in front of a window and can see into another window with the blinds open, our reflex is to close the blinds. We don't seem to have a comparable reflex in the online world because we do not perceive, with our senses, our level of exposure. Indeed, it is virtual, abstract. But no less real.
- There is considerable asymmetry in the online world. You are physically alone in your room with the doors locked, while at the same time entirely visible to everyone else on the Internet.
- The relative anonymity of online activities is also a new factor. As was mentioned in a recent suit against LinkedIn in the US, people who browse the Internet expect privacy; they don't expect their search results to be made public, or to be seen.
- And anyone who has spent five minutes on Facebook knows that exhibitionism is prevalent online more than it is in real life. A recent article in Wired magazine pointed out that bragging is much more socially acceptable online than it is in the real world. Someone going on and on about their kids, with vast amounts of supporting photographic evidence, would not be very popular at a cocktail party—yet the same behaviour can score you hundreds of friends on any given social network.
A third dimension to consider is that of social media as a political phenomenon. We have seen how social media can become an effective tool for political change during the Arab Spring. In this slide, you can see a graphic representation of the data transfers happening on Facebook. The most astute among you will notice that Facebook data flows even in areas where Facebook is banned. And it is no wonder:
- Social media can support dissidence.
- Social media can serve as a powerful tool for mobilization.
- Social media can serve to denounce violence, brutality and other human rights abuses.
- And perhaps at the core of the revolution, social media has democratized information. It is no longer reserved to an elite—it is accessible to all.
In 1999, I read a brilliant OECD report on the main drivers of governance in the 21st century. The three main drivers were: globalization, information technology, and citizen engagement. As I watched the events unfold in Egypt this winter, it was like watching a prophecy come true. This new socio-political context is also the new context for privacy.
The new modalities of privacys
These various phenomena—societal, psychological, commercial and political—associated with social media do not shatter the foundations of the fundamental right to privacy. However, they do force us to redefine the modalities of privacy.
In light of the social media revolution, people often wonder if the private/public divide is fading away or if it is shifting. I think we should first ask ourselves whether this boundary has always been as clearly drawn and immutable as we seem to believe.
The concept of privacy hinges first on that of individuality, the definition of which, as philosophers will tell you, has varied throughout the ages.
Next, the relative value placed on public and private life has fluctuated considerably over time.
However, a new factor emerges from the ubiquitousness of social media, which is resulting in a shift from the private to the public spheres. A powerful example in my opinion is that of the Head of MI6, Sir John Sawers, whose holiday photographs ended up on Facebook. Clearly, we have to rethink the ways in which we share our personal information in the social media age.
The surge in social media—and networked life in general—is also prompting us to redefine what personal information is. The definitions contained in both federal laws refer to "information about an identifiable individual."
For a long time, this applied to information such as a person's name, address, date of birth and Social Insurance Number. Nowadays, however, it also includes email addresses, IP addresses, MAC addresses, user names, people's buying history, browsing habits… The list goes on and on.
Moreover, this will also be a central issue in the debate surrounding government's authority over the Internet. Are IP addresses personal information? If so, are warrants required in order to obtain them?
This brings me to the second major question we are asking ourselves in the midst of the social media revolution: have privacy expectations changed? According to US sociologist danah boyd, if we tell an embarrassing story to someone in the physical world, there is always the risk that the person we tell it to will disclose it to someone else. We bare our souls because we trust the person to whom we are speaking, and we trust the context (for example, we are confident that no one is listening to us). The same thing happens online, the only difference being that in the virtual world, the consequences of an indiscretion, of eavesdropping or of a technical glitch are far greater.
The onus is therefore on us to rethink our relationships of trust in the new context of social media.
A third question we have to consider in the social media age is that of consent. Does the very notion of consent to disclose all of this personal information have to be rethought in the context of such wide-scale dissemination? In a research report funded by the Office of the Privacy Commissioner, Avner Levin and some of his colleagues from Ryerson University speak of a split between the perception of adult employers, who take it for granted that it is legitimate to check anything that a potential employee may have posted online, and that of young people applying for jobs, who object to such practices because they pervert the nature of the posting, done solely for the benefit of friends in a social context. They never agreed to photographs of their big night out being used for employment-related purposes, so naturally they object.
When someone posts a comment on his or her blog or posts a photo on his or her personal page, has that person just given his or her implicit consent that this information may be used by anyone and for any purpose? Should consent not be explicit in a context where consequences are so difficult to determine? Does the fact that a piece of information is accessible make it public by default?
For consent to be valid in such an abstract context, people need to be aware of the new risks and the new protection frameworks.
At the public consultations we held last year concerning online consumer privacy, we had the opportunity to reflect on the risks that are present there. The chief observations stemming from those consultations are as follows:
- Information and pictures that are posted online often stay there for good. Even if you decide to delete this information yourself, it can remain for a long time in the cache memory of search sites, or it could have been copied and saved elsewhere. This information and these pictures could potentially be used by anyone, for whatever purpose, and at any time. Can we really give informed consent in such an abstract context?
- And, if we consider the permanent nature of online information, can new parents really consent on their infants' behalf to posting all sorts of information about them, such that their online identity will already be established by the time their children reach the age of reason?
- And when these children grow up and become Internet users themselves—at 13, 10, or 8 years of age—, can they be contractually bound by clicking and accepting the service terms and conditions of social networking sites?
- The risks to online privacy are also the result of a certain kind of information asymmetry: given all of the monitoring, profiling and targeting to which we are subject, only 10% of the information about us will have been provided by us. The rest of it will have been created by others.
- The risk of harm to a person's reputation in social media is reaching unheard-of proportions. You may have heard about a very big case that is now making its way through the courts in Europe, namely that of a Spanish surgeon accused of professional misconduct many years ago. Even though he was acquitted, a newspaper clipping about his alleged misconduct still pops up on the first page in Google search results about him. This case clearly illustrates how privacy rights must, in certain instances, mean the "right to be forgotten," a concept that is the first pillar in the review of the European Union data protection framework currently being conducted by Justice Commissioner Viviane Reding.
- Cybercrime is also a new risk to privacy. While the crimes are not new— harassment, fraud and defamation—, they are facilitated by the relative obscurity of the Internet and by the potential number of victims who can be affected— think of phishing emails, for example.
In the face of these new risks, privacy requires new modalities of protection.
- Security measures: They must be on par with the sensitivity of the information contained in or passing through the infrastructure. Information technology is vulnerable. Consider the so-called "glitch" at PWGSC reported in the press just yesterday, or the attack on TBS's systems this winter. Cybersecurity has become a condition of privacy.
- Transparency: Organizations must be open and upfront about why they need your personal information, what they are going to do with it, how they are going to protect it, who they are going to share it with and how long they are going to hold on to it.
- Consent: Obtaining consent from individuals before collecting and using their personal information should be the default for any enterprise. For consent to be valid, it must be informed: therefore, individuals need to be provided with the information necessary to provide informed consent.
- Disposal: Personal information must be disposed of when it is no longer needed, and it must be disposed of in a secure fashion. For example, our audit on the disposal practices of surplus material in the federal government released last fall highlighted the importance of controls at the end of the process, as organizations dispose of data they no longer need. It was revealed during our audit, for instance, that more than 4 in 10 computers donated by the government to the Computers for Schools program had not been wiped of their data.
These new modalities of protection form a good part of the recommendations we issue to respondents in our investigations and audits that touch on new technologies.
To summarize, Internet, specifically in its Web 2.0 manifestation, is the new agora. The relational rules that govern this new commons must be couched in an appropriate social contract. This social contract must be based on:
- the fundamental principles of privacy as necessary to social survival, notably the right to control the information that is shared about oneself; and
- the inherent characteristics of the new information sharing platforms, in that they render information vulnerable, indelible and ubiquitous.
The measures put in place to protect privacy in this new platform must address these three inherent factors (vulnerability, indelibility and ubiquity), through:
- clear privacy settings and strong protections, in the form of technological safeguards to secure the infrastructure, clear privacy policies and user-friendly options for consent;
- public education and digital literacy—I'm thinking of the OPC's school outreach program, but also at the level of the Government of Canada's Cyber Security Strategy—; and
- a "deletion regime," such as the one that is being considered by Viviane Reding.
The bottom line is that individuals must think before they post and again before they click...
The OPC is keeping a close watch on the evolution of social media and its impact on privacy, notably through ongoing investigations against giants such as Facebook and Google, but also against a dating site and a youth-focussed social network, the results of which are about to be made public.
- Date modified: