Joint letter on data collection and privacy in the COVID-19 era.

BC FIPA, along with other civil society groups, has signed on to Open Media’s joint letter calling for measures to be put in place to ensure Canadians’ right to privacy is protected, and not undermined after the crisis is over.

Specifically, we are asking for a clear message from the provincial and federal governments stating that they will not turn to digital tracking and location data collection to address COVID-19 concerns.

With that in mind, we are looking to pre-empt potential bad policies by putting forward seven key principles that should be in place to preserve our privacy and our democracy:

  1. Prioritize approaches to help people stay at home which do not involve surveillance.
  2. Due process for adopting any new powers.
  3. Consent must be favoured.
  4. Put strict limits on data collection and retention.
  5. Put strict limits on use and disclosure.
  6. There must be oversight, transparency and accountability.
  7. Any surveillance efforts related to COVID-19 must not fall under the domain of security, law enforcement or intelligence agencies.

More information on these principles can be found here.

Data Privacy Design Jam: What is meaningful consent in an age of connected devices?

BC FIPA, in partnership with the Vancouver Design Nerds, held a two-day design jam in Ottawa March 5th and 6th. The purpose of this event was to explore issues around meaningful consent in the context of everyday life ranging from personal wearable technologies to smart homes and smart cities and their relationship to big data. With these different scales in mind, we sought to create new models of generating meaningful consent to mitigate the negative impact these technologies have on privacy. The two-day event brought together a diverse group of experts from academia and industry to advocates and activists working in this space to find creative solutions through a collaborative and inter-disciplinary approach.

Data Privacy Design Jam report title page

The final ‘prototypes’ that emerged after the second day varied in terms of how they approached meaningful consent, but an underlying theme that intersected all four groups was a focus on empowering individuals to take control over their personal information through various methods .

It is important to note that this project in itself is not the final stage in our work on meaningful consent and connected societies. Rather, this project has become a ‘jumping-off point’ that will launch future research and events to further address these issues. More specifically, we have begun to explore the feasibility of hosting another design jam with everyday consumers from various backgrounds rather than expert participants. The process we used could be adapted for either a representative sample of the general public or a predefined select target audience. By providing a similar initial problem and thought processes, the results would provide useful insights to how the public views issues of consent in a modern context.

Download the full report here.

BC FIPA would like to thank the Office of the Privacy Commissioner of Canada for the opportunity to explore this important issue through the Contributions Program.

The Right to Data Portability

This is the second in our series on the privacy promises we can expect from a Liberal minority government.

From Innovation, Science and Economic Development Canada’s ‘Digital Charter: Trust in a digital world’, and the Liberal Party of Canada’s election 2019 platform document, ‘Forward: A real plan for the middle class’ (40).

In Canada’s Digital Charter, data portability fits within the fourth principle:

‘Transparency, Portability and Interoperability: Canadians will have clear and manageable access to their personal data and should be free to share or transfer it without undue burden.’

Clear and manageable access

Theoretically, Canadians already have “clear and manageable access” to their personal data.

For federal government institutions, Canadians have a right of access contained within section 12 of the Privacy Act. For private sector businesses, Canadians can submit requests to access personal information under the Personal Information Protection and Electronic Documents Act (PIPEDA).

In British Columbia, access to personal information held by provincial public bodies is realized through section 5 of the Freedom of Information and Protection of Privacy Act (FIPPA). For private businesses within the province, section 23 of the Personal Information Protection Act (PIPA) gives residents this ability.

In theory, the information rights enshrined within these four Acts already gives Canadians “clear and manageable access to personal data”. What’s new then is the ability to “share or transfer it without undue burden.”

What this means, exactly, is not quite as clear.

Sharing and transferring data without undue burden

In their 2019 election platform, the Liberal Party describes data portability as the ability for people to “take their data from platform to platform” (40).

From this, we might assume that someone would have the right to extract all of their data from a platform like Facebook, Twitter, or Snapchat, and transfer it to a new platform that offers a similar service.

Why would someone want to do this? One reason might be that an alternative service provider offers greater privacy protections, which in turn would create greater competition among monopolistic platforms.

This also gives Canadians the opportunity to make meaningful choices about how they share their personal information with platforms.

International models

In the European Union, Article 20 of the General Data Protection Regulations (GDPR) gives residents a right to data portability. This right allows data subjects to receive personal data about themselves from data controllers and transmit that data to other controllers.

The GDPR also ensures that the data is provided “in a structured, commonly used and machine-readable format” and provides the right to have the personal data transmitted directly from one data controller to another.

A major difference between the European Union’s GDPR and Canada’s PIPEDA is that Canada’s private sector privacy legislation frames privacy as data protection and not as a fundamental human right.

What does a humans rights based approach to privacy look like in legislation? Article 4 of the GDPR lists the fundamental rights the Regulation respects, which include:

“[T]he respect for private and family life, home and communications, the protection of personal data, freedom of thought, conscience and religion, freedom of expression and information, freedom to conduct a business, the right to an effective remedy and a fair trial, and cultural, religious and linguistic diversity.’

The proposed right to data portability is a significant step towards creating a human rights based approach to privacy in Canada. While it is not as comprehensive as the GDPR, it will give individuals greater autonomy in their ability to control their own personal data.

Transparency, Privacy, and the Federal Election

It is election season, and the leaders of Canada’s political parties are making promises, presenting platforms, and answering questions about plans and policies.

The next Government of Canada will have to take positions on transparency reform, privacy in a digital age, democracy and Big Data, and the regulation of increasingly-intrusive surveillance practices.

We want to make sure that the information and privacy rights are part of the public conversation during the election period, and we want your help!

Send us an email at fipa@fipa.bc.ca and share the information and privacy policy questions that you would like to see answered by the federal political parties.

We will be compiling an Election Questionnaire, just as we did during BC’s last provincial election, and sending it to the major parties.

The election is on the horizon, so we hope to hear from you soon!