After some of the most-visited Canadian Web sites gave away our personal information without asking us, the Privacy Commissioner of Canada is choosing to help keep the offending firms’ secret.

Apparently the privacy of a group of corporations – potentially in violation of Canada’s privacy laws – is more important than the public citizens they cater too, and the Privacy Commissioner’s office has a duty to protect. The revelation that data is being leaked to advertisers like water held in a strainer came after a summer study looking at 25 Web sites – 11 of them had privacy problems.

Specifically what is happening is that popular Web sites that ask Canadians for information in order to create accounts or remember user preferences are taking that information and sharing it with advertisers and marketers. The businesses doing this didn’t ask for your permission to share this information and you certainly don’t know who these advertisers are. It’s a serious offence – imagine how you’d feel if Elections Canada took the information you gave them so you could vote, but then shared it with political parties so they could send you fundraising requests.

At a time when many businesses are trying to build customer confidence in e-commerce among consumers, this sort of news is exactly what feeds into a general distrust of doing things on the Internet. It’s the reason that online banking was so slowly adopted (though now widely used) in Canada and the reason that many still won’t enter a credit card number into an online form. By not naming the Web sites that are violating Canadian’s privacy, the commissioner is feeding a general distrust of all Web sites on the Internet despite their efforts to protect personal information.

Jennifer Stoddart’s office that has in the past argued – and rightfully so – that it doesn’t have sharp enough teeth when it comes to punishing privacy violators. Yet it is refusing to use one of the rights it does have in this case, which is to publicly shame offenders by naming them. It should.

Naming the companies would bring light to the situation. Canadians would be better informed of whether they were likely victims of the data leaks. Also, online consumers could opt to not use – or at least not provide information to – the offending Web sites until they see that reparations have been made. It’s actually possible that these privacy leaks are continuing to happen despite the commissioner’s intervention.

Most importantly, online businesses need to be sent a message that user privacy is important. It’s not OK to leak data to advertisers and profit from doing so, then patch up those leaks when someone complains. Because it can be so easily violated, privacy has to be at the forefront of online consumer interactions – built in from the ground up instead of repaired later as an afterthought.

It’s just about respect for consumers, for Canadians.

 

Share on LinkedIn Share with Google+
More Articles

  • Thanks for writing this story Brian. As someone who runs a summer camp, I understand the commitment we have to protecting the privacy of the families with whom we work. I also thought I understood the laws that binds us to this commitment and the consequences if we failed to do so. After reading your story, the privacy act and the role of the Privacy Commissioner isn’t as clear as I believed.

  • AlbertG

    Hi Brian,

    Would you mind posting the email of the privacy commissioner so we can send them our reaction to this as well – maybe a flood of people objecting might get them to reconsider and have them release the names.

  • Great idea Albert. Here is the Contact Us page for the Privacy Commissioner’s office: http://www.priv.gc.ca/cu-cn/index_e.asp