ITBusiness.ca

Companies exposing Canadians’ personal information face no penalty

By Brian Jackson

As social networking becomes more popular and online advertisers seek more effective ways to target their messages, our society is trying to cope with how to protect our privacy while sharing more details about ourselves than ever before via the Web.

If you doubt that the collection of personal details online is the top privacy concern, just look to the Privacy Commissioner of Canada’s work over the last several years. It has been preoccupied with Facebook, protecting children’s’ online privacy, fighting spam, and Google Streetview, just to name a few. Now we hear that commissioner Jennifer Stoddart will be turning a watchful eye towards companies engaging in online behavioural advertising.

Brian Jackson, Associate Editor, ITBusiness.ca

Appearing at a conference hosted by the Association of Canadian Advertisers, Stoddart said advertisers can’t use tracking technology that users are unaware of or unable to decline. If they do, they could face disciplinary measures such as an audit by the office, or being taken to Federal Court and publicly shamed. But we’ve heard this watchdog bark before, and rarely have we seen it bite.

After Google Buzz turned what had been private personal information into publicly accessible information in April 2010, Stoddart sent a stern letter to Google CEO (at the time) Eric Schmidt and intonated with other international privacy commissioners that this was the last straw. Yet when Google admitted its Streetview cars had accidently scalped personal data from unprotected WiFi hotspots and stored it in a database, the Commissioner’s only response was to send an engineer and request the data be deleted, then make recommendations on how Google could improve its privacy practices.

After spending a year probing Facebook due to a complaint from the Canadian Internet Policy and Public Interest Clinic (CIPPIC) at the University of Ottawa, Stoddart was able to pressure Facebook into committing to many privacy changes for the better. But CIPPIC was never completely satisfied that all problems were addressed.

This week, it looks like Facebook will once again escape penalty for breaching user privacy as a class-action lawsuit representing Canadian members of the social network is halted in its tracks with a settlement agreement. To escape any liability for changing its default privacy settings to expose more user information around the beginning of 2010, Facebook only had to agree to pay a paltry $76,000 and commit to keeping its current privacy policy “substantially the same” for three years.

One main reason the law firm opted to settle with Facebook is because a Quebec judge deemed that the main plaintiff must have to bring his case to court in Santa Clara, Calif. That is what he agreed to, after all, when he accepted Facebook’s ridiculously long terms of service contract that is required to create an account.

Canadians who had their information exposed are left with nothing and unless they opt out of the settlement, will have no option for recourse in the future. Facebook wouldn’t comment on the settlement of this lawsuit.

Meanwhile, the Privacy Commissioner remains mum on that status of a second investigation into Facebook focusing on user invitations, the implementation of the “Like” button and other issues.

Stoddart’s office is doing the best job it can to tackle the online challenges to privacy faced by Canadians. Observers say the office is too underfunded to actually take offenders to court, and it doesn’t have the power to fine firms directly. Considering its lack of teeth, it has won some serious privacy improvements from major players.

Until the Privacy Commissioner is armed with more powers to deal out damage to those breaching the privacy of Canadians, and our courts consider it a serious offence to leak personal information no matter what is in the “terms of service” agreement, Canadians can expect their personal data to fall prey to further breaches. If it’s not from a big player like Facebook or Google, then it will be a small business that makes the flub.

If we value our privacy, then we should demand more action when it is violated – even online.

Exit mobile version