British Columbians want action on privacy protection: Polling results

FIPA-sponsored poll shows BC wants key reforms to privacy laws  

VANCOUVER, June 4, 2020 – Polling results released today indicate that British Columbians want increased public education and enhanced protections to their privacy rights, among other key reforms to privacy laws.  

The BC Freedom of Information and Privacy Association (FIPA) commissioned an Ipsos poll, a leading independent market research company, on public opinion regarding BC’s private sector privacy laws. The questions posed will inform FIPA’s submission to the Special Legislative Committee reviewing BC’s Personal Information Privacy Act (PIPA).  

A summary of poll questions and results are posted below. Tables of results can be found here.

The polling results indicate that British Columbians are concerned about the protection for their personal information. 56% of British Columbians either don’t know or feel the current laws and practices are insufficient to protect their personal information. 47% of respondents believe organizations are not open and transparent about how they collect and use personal information. 

In addition, 75% of British Columbians answered that they were concerned about an organization transferring their personal information from BC to organizations outside of Canada. 

Finally, awareness of privacy rights and protections is concerningly low with only 32% of British Columbians aware of PIPA, 31% aware of BC’s Information and Privacy Commissioner, 40% aware of the right to file a complaint relating to the handling of their personal information, 33% know that they can request access to their personal information from businesses, and 33% know nothing about these topics.  

British Columbians strongly support increasing public education about privacy, including a change in education curriculums. 75% of British Columbians believe that it is important to have a targeted curriculum for K-12 schools relating to privacy rights, with 78% answering the same for post-secondary students. 

“The results of this poll show that British Columbians are concerned about how their personal information is handled by organizations,” said FIPA Executive Director Jason Woywada. “We hope that these results will help inform the Special Legislative Committee and the BC Government’s actions to implement much-needed reforms to PIPA to provide British Columbians’ the degree of protection they deserve and expect.” 


Jason Woywada, Executive Director 
BC Freedom of Information and Privacy Association | (o) 604-739-9788 

Ipsos posed the following questions to 802 British Columbians on behalf of FIPA, and received the following responses: 

1. Existing laws and organizational practices provide sufficient protection of my personal information. 
Yes – 43% 
No – 28% 
Don’t know – 28% 

2. Organizations are open and transparent about how they collect and use my personal information. 
Yes – 33% 
No – 47% 
Don’t know – 20% 

3. How concerned are you about an organization transferring your personal information from BC to organizations outside of Canada? 
4- Very concerned – 34% 
3- 41 % 
2- 19%
1- Not concerned at all – 6% 

4.1. How important do you consider the following items as components of general public education? – Resources for individuals regarding personal information and privacy rights 
4 – Very important – 51%
3- 37%
2- 11% 
1- Not important at all – 1% 

4.2. How important do you consider the following items as components of general public education? – Resources for individuals learning about how to protect their personal information 
4- Very important – 53%
3- 34%
2- 12%
1-Not important at all – 1% 

4.3. How important do you consider the following items as components of general public education? – Resources for individuals on obtaining help, information, and advice related to privacy 
4- Very important – 47% 
3- 40% 
2- 12% 
1-Not important at all – 1% 

4.4. How important do you consider the following items as components of general public education? – Targeted curriculum for K-12 schools relating to privacy rights
4- Very important – 35% 
3- 40% 
2- 21%
1-Not important at all – 4% 

4.5. How important do you consider the following items as components of general public education? – Targeted curriculum for post-secondary schools relating to privacy rights 
4- Very important – 37% 
3 -40% 
2- 20% 
1-Not important at all – 3% 

5. Choose the statements that best reflect your knowledge of your privacy rights 
I am aware of BC’s Personal Information Protection Act – 32% 
I am aware of BC’s Information and Privacy Commissioner – 31% 
I am aware that I can request access to my personal information from businesses – 33% 
I am aware of the right to file a complaint relating to the handling of my personal information – 40% 
None of these – 33% 

These responses, as well as breakdowns by gender, education, age group, region, income, and household composition, can be downloaded here. The Ipsos Factum can be found here.

Joint letter on data collection and privacy in the COVID-19 era.

BC FIPA, along with other civil society groups, has signed on to Open Media’s joint letter calling for measures to be put in place to ensure Canadians’ right to privacy is protected, and not undermined after the crisis is over.

Specifically, we are asking for a clear message from the provincial and federal governments stating that they will not turn to digital tracking and location data collection to address COVID-19 concerns.

With that in mind, we are looking to pre-empt potential bad policies by putting forward seven key principles that should be in place to preserve our privacy and our democracy:

  1. Prioritize approaches to help people stay at home which do not involve surveillance.
  2. Due process for adopting any new powers.
  3. Consent must be favoured.
  4. Put strict limits on data collection and retention.
  5. Put strict limits on use and disclosure.
  6. There must be oversight, transparency and accountability.
  7. Any surveillance efforts related to COVID-19 must not fall under the domain of security, law enforcement or intelligence agencies.

More information on these principles can be found here.

Data Privacy Design Jam: What is meaningful consent in an age of connected devices?

BC FIPA, in partnership with the Vancouver Design Nerds, held a two-day design jam in Ottawa March 5th and 6th. The purpose of this event was to explore issues around meaningful consent in the context of everyday life ranging from personal wearable technologies to smart homes and smart cities and their relationship to big data. With these different scales in mind, we sought to create new models of generating meaningful consent to mitigate the negative impact these technologies have on privacy. The two-day event brought together a diverse group of experts from academia and industry to advocates and activists working in this space to find creative solutions through a collaborative and inter-disciplinary approach.

Data Privacy Design Jam report title page

The final ‘prototypes’ that emerged after the second day varied in terms of how they approached meaningful consent, but an underlying theme that intersected all four groups was a focus on empowering individuals to take control over their personal information through various methods .

It is important to note that this project in itself is not the final stage in our work on meaningful consent and connected societies. Rather, this project has become a ‘jumping-off point’ that will launch future research and events to further address these issues. More specifically, we have begun to explore the feasibility of hosting another design jam with everyday consumers from various backgrounds rather than expert participants. The process we used could be adapted for either a representative sample of the general public or a predefined select target audience. By providing a similar initial problem and thought processes, the results would provide useful insights to how the public views issues of consent in a modern context.

Download the full report here.

BC FIPA would like to thank the Office of the Privacy Commissioner of Canada for the opportunity to explore this important issue through the Contributions Program.

The Right to Erasure

The right to erasure

This is the third in our series on the privacy promises we can expect from a Liberal minority government.

Information about the Right to Erasure is from Innovation, Science and Economic Development Canada’s ‘Digital Charter: Trust in a digital world’, and the Liberal Party of Canada’s election 2019 platform document, ‘Forward: A real plan for the middle class’ (40).

The Promise

In the Liberal Party’s election platform, they committed to a new online right to “withdraw, remove, and erase basic personal data from a platform” (40). This seems to build and expand upon the third principle contained within Canada’s Digital Charter:

Control and Consent: Canadians will have control over what data they are sharing, who is using their personal data and for what purposes, and know that their privacy is protected.”

– Canada’s Digital Charter

Unclear within this promise are two major things: what is defined as a platform; and how this new right will be different from what is currently contained within Canada’s private sector privacy legislation, the Personal Information and Protection of Electronic Documents Act.

And, on the surface, it would appear that this new right does not go as far as the European Union’s ‘Right to be Forgotten’, which is found within the General Data Protection Regulations, and allows citizens to request that personal data be erased for a host of reasons and from entities not limited to “platforms”. Notably, this includes making requests to delist website pages in search results.

The Office of the Privacy Commissioner of Canada is currently seeking a determination from the Federal Court in order to clarify whether Google’s search engine is subject to PIPEDA. Thus, it may turn out that Canadians already have the ability to request that search engine’s de-index web pages that are responsive to a person’s name should they present unwarranted reputational harm.

The Reality

So far it’s unclear how this new right to erasure goes further than the access and correction rights that currently exist within Canada’s federal privacy legislation, the Privacy Act and PIPEDA, and B.C.’s provincial privacy legislation, FIPPA and PIPA.

Currently, PIPEDA does provide Canadians with some measure of control over their personal information. It does this by allowing individuals to correct the accuracy of their personal information in the control of a private organization, to withdraw their consent for the use of personal information, and to file a complaint with the Office of the Privacy Commissioner of Canada in order to create a record of dispute.

While these are not equivalent measures to the European Union’s ‘Right to be Forgotten’, they do allow Canadians some measure of control over their personal information and at the very least present a mechanism for addressing issues related to online reputational harm. In addition, PIPEDA also contains provisions that limit the amount of time that personal information can be retained, which in turn helps to ensure that personal information is disposed of when it is no longer required.

The Future

Important questions remain though about how effective these measures are in a digital environment. PIPEDA was created in 2000, as the internet and digital technologies were only emerging. Today, the internet is being used in ways, and on devices, that could not have been predicted 20 years ago.

With private organizations becoming increasingly reliant on personal information as a fundamental component of their business model, and the storage of personal information no longer experiencing the same physical and financial constraints, more needs to be done to protect consumers and to rebuild trust.

If Canada’s federal privacy legislation is amended to contain this new right to erasure, it may create the need to amend provincial privacy legislation to also include this new right in order to retain its equivalency. As well, new powers will need to be ascribed to provincial and federal information and privacy commissioners in order for them to be able to enforce new digital rights, like the Right to Erasure.