2010 Consumer Privacy Consultations

Notice of Consultation and Call for Submissions
Privacy Implications of Cloud Computing

Consultation notice:

The Office of the Privacy Commissioner of Canada (OPC) invites your views on the privacy issues related to cloud computing practices and their implications for individuals, organizations, and businesses.

The aim of this consumer consultation is to learn more about cloud computing technology, explore its privacy implications, and find out what privacy protections Canadians expect with respect to cloud computing. The consultation is also intended to promote debate about the impact of these technological developments on privacy, and to inform the next review process for the Personal Information Protection and Electronic Documents Act (PIPEDA).

This is the second OPC privacy consultation in 2010, following the two-part Online Tracking, Profiling and Targeting consultation that was launched on January 18, 2010.

The consultation will begin with an open period for the submission of comments or papers by interested parties. The deadline for submissions is April 15, 2010. This will be followed by a focused panel discussion in Calgary in June. The Office welcomes applications for panel participation from a broad range of participants. Some audience seating will be available, and the event will also be webcast.

Background:

Cloud computing is defined in many different ways: in general, it is the provision of web-based services, located on remote computers, that allow individuals and businesses to use software and hardware managed by third parties. Examples of these services include online file storage, social networking sites, webmail, and online business applications. The cloud computing model allows access to information and computer resources from anywhere that a network connection is available. Cloud computing provides a shared pool of resources, including data storage space, networks, computer processing power, and specialized corporate and user applications.

Proponents of cloud computing have highlighted its advantages, including free or low-cost use of file storage space and easy access to data and computer programs by users, regardless of their location. Businesses and consumers can use powerful computer hardware and software without having to purchase it themselves, giving them a simple and less-costly way to manage and store information.

However, critics have warned about privacy and security risks arising from data storage on remote computers. For example, cloud computing services collect and store increasingly large amounts of information, and users may lose control over who has access to this information, where it may be stored, and how it might be used, retained, or disclosed.  Because data stored within a cloud can be stored in different countries, and may be transmitted to computers in different geographic locations, the information may be subject to the laws of the specific location of the physical computer that holds the data.

Consultation Process:

The aim of this consumer consultation is to learn more about cloud computing, explore its privacy implications, and find out what privacy protections Canadians expect with respect to cloud computing. The consultation is also intended to promote debate about the impact of these technological developments on privacy, and to inform the next PIPEDA review process.

In advance of the panel discussion, we welcome written submissions of a maximum of 15 pages on the privacy implications of cloud computing. We are especially interested in the following issues:

THE DIGITAL ENVIRONMENT

SOCIAL FACTORS

  • Individual practices:
    • Risks consumers take with their personal information

PRINCIPLES FOR INFORMATION GOVERNANCE

  • Accountability (obtaining consent, individual access, accuracy, correction, redress)
  • Transparency (public notice, privacy policies, corporate compliance)
  • Consent (opt-in, opt-out, express, implied)
  • Security (encryption, de-personalization, anonymity)
  • Oversight (review, audits, impact assessments)
  • Safeguards (retention, disposal, destruction)

Getting Involved

1) Written submissions:

You can share your views on the privacy implications of cloud computing:

  • By e-mail: consultation2@priv.gc.ca
  • By postal mail:  2010 Consumer Privacy Consultations, Office of the Privacy Commissioner of Canada, 112 Kent Street, Ottawa, ON, K1A 1H3

Please forward submissions of a maximum of 15 pages by April 15, 2010.

Please indicate whether you are submitting comments on behalf of an organization or as an individual. 

As we cannot guarantee the security of electronic systems or e-mail, we do not recommend sending sensitive personal information electronically at this time.

2) In-person participation:

Panel discussions on the privacy impacts of cloud computing will take place in Calgary in June. We welcome participants from industry, government, consumer associations and civil society, as well as any other interested parties:

  • By e-mail: consultation2@priv.gc.ca
  • By postal mail:  2010 Consumer Privacy Consultations, Office of the Privacy Commissioner of Canada, 112 Kent Street, Ottawa, ON, K1A 1H3

Please indicate your interest in participating by April 15, 2010. 

If you request to take part in the consultation event, as a panelist or as an audience member, we will contact you.  Please note that limited audience seating will be available and the event will be webcast.

Simultaneous interpretation for both official languages will be available at the panel discussion.

Please note that the Office of the Privacy Commissioner of Canada is subject to the Access to Information Act and the Privacy Act.  The Access to Information Act provides a public right of access to government records.  The Privacy Act provides individuals with a right of access to their own personal information and protects that information from unauthorized disclosure.  Some of the information you provide to us in this process may be accessible under the Access to Information Act; this does not include personal information as defined in the Privacy Act.

For more information on the Consultations, please contact:

Melanie Millar-Chapman
Senior Research Analyst
Office of the Privacy Commissioner of Canada
E-mail: melanie.millar-chapman@priv.gc.ca