2019 Update to ‘The Connected Car’

Cover of the Connected Car update for 2019

This report updates FIPA’s 2015 ground-breaking report, The Connected Car: Who is in the Driver’s Seat? As may be expected, there have been major developments both in technology and policy since our first Connected Car report.

Technology that was once exclusively available in high end vehicles has become commonplace. According to one estimate, 98 per cent of vehicles in North America and Europe will be connected by 2021. Car companies are constantly seeking new ways to profit from the collection of data taken from their vehicles, often in partnership with large technology companies like Apple and Google.

Cover of the Connected Car update for 2019

As technology advances, there have been more studies undertaken on what these changes mean for privacy rights. There have been pushes for stronger and more comprehensive legislative activity. Perhaps the most significant legislative change to date is the General Data Protection Regulation in the European Union. Other jurisdictions have also been mooting improved legislation as well as codes or standards to govern particular sectors of the economy or society, including Canada.

The privacy policies of the various car companies have also changed since 2015, generally for the better. One major improvement over what we found in 2015 was that with two exceptions, companies selling connected cars in Canada had their privacy policies available on their Canadian websites.

This allowed us to do a comparison of the privacy policies of the various companies (Original Equipment Manufacturers or OEMs) selling large numbers of cars and trucks in Canada (more than 1000 sales per annum).
We reviewed the privacy policies of 36 different vehicle brands of manufacturers from all over the world. The scope of the research focused on the policies’ treatment of protected data, the openness and accountability of protected data, the accountability to third party processors, whether the policy recognizes the right of access for an individual to his or her own data, the accuracy and security of the data, the purpose specification and notice of changes, the limitations of the use, collection and retention of data, and the types of consent mechanisms that are being used by the manufacturers. In addition, we considered if there are any options for the individual to opt-out. We compared our findings to our 2015 findings in our original Connected Car report to see what had changed.

We found that OEMs’ terms of service and privacy policies respecting connected car services showed significant improvement over 2015. Still these policies are still inadequate when compared to all major data protection principles and requirements under Canadian data protection law.

Although some manufacturers have made an effort to be specific about their uses of personal data and to explain their policies more clearly, key elements of OEM policies are still often unclear or expressed in very broad language. The worst examples are the very broad purposes OEMs continue to provide for collecting, using and sharing personal information, sometimes alongside specifics and sometimes not. While there is now a wider disparity among OEMs in terms of the adequacy of their connected car privacy policies, certain gaps and problems remain across the board.

In light of these shortcomings, and the federal Privacy Commissioner’s repeated statements that he has not received a complaint about this issue, we have decided to remedy this situation. A complaint to Commissioner Therrien is attached to this report, and we hope it will give him the opportunity to bring clarity in an authoritative ruling on this issue.

Download the resource.

For more than twenty years, the B.C. Freedom of Information and Privacy Association has relied on the support of our community to provide resources, educational programming, and one-on-one advice. By making a contribution to the Association in exchange for this resource, you’re helping us provide another two decades of service to Canadians and supporting more publications like this in the future. There is no minimum donation amount. Every bit helps.

Click here to make a donation. We hope you consider supporting the Associations.

Let us know what you think: If you have comments, questions, or concerns about the report, please send them to FIPA at fipa@fipa.bc.ca or tweet to us @BCFIPA.

In Defense of Truth

The last couple of weeks have seen question period in the BC Legislature occupied by the allegations of a whistle-blower accusing the Minister of Citizens’ Services, Jinny Sims, of wrongdoings that include circumventing the freedom of information laws that she oversees.

Compounding this issue are two things: The first is that Jinny Sims apologized only one year ago after admitting to similar infractions of freedom of information laws; the second is her claim that BC now has a positive duty to document.

What follows is examination of the issues at hand, of statements made by MLAs in the Legislature, and of statements made by previous Information and Privacy Commissioners.

Ultimately, this examination is intended to present a path towards the truth.

What is a Duty to Document?

A duty to document is the inclusion of provisions within provincial legislation that compels government to keep records of their decision making process in order to encourage government accountability and facilitate transparency.

The creation of a duty to document would go some distance to counteract past political scandals, like the triple-delete incident that occurred under the previous BC Liberal government.

After that scandal, the BC Liberals introduced Bill 6, which would enshrine a duty to document within the Information Management Act (IMA). The NDP referred to this as a “pre-election PR exercise” at the time.

In the second episode of our podcast, Data Subjects, we go over in detail the difference between adding a positive duty to document government decisions in the IMA or in the Freedom of Information and Protection of Privacy Act (FIPPA).

Despite the NDP’s initial contempt for the Bill 6, they ultimately moved forward with the bill with some amendments. They now celebrate the inclusion of a duty to document within the IMA.

However, the inclusion of the duty to document within the IMA as it currently stands is not sufficient to create any real change. The IMA doesn’t contain any significant penalties for non-compliance and won’t provide greater government accountability.

Ultimately, the inclusion of the duty to document in the IMA gives oversight power to the Minister of Citizens’ Services. Whereas, if the duty to document were to be added to the Freedom of Information and Protection of Privacy Act, independent oversight would be provided by the Office of the Information and Privacy Commissioner.

All this can be a bit confusing. Even Attorney General David Eby is confused about who has jurisdiction to investigate the very serious allegations raised by the whistle-blower.

In the Legislature, he stood up and called on the BC Information and Privacy Commissioner Michael McEvoy to investigate:

But, according to Commissioner McEvoy, only the Minister herself has the power to investigate the claims that are being levied against her:

When Minister Jinny Sims stands in the BC Legislature and says that the allegations against her unfounded, she is absolutely correct. And that’s exactly the problem. The only person empowered to investigate these kinds of claims is the Minister herself.

How do we defend the truth?

In instances where the truth has been conveniently misrepresented, it’s important for everyone, in an age of disinformation and alternative facts, to ask questions.

On May 29, 2019, Minister Jinny Sims stood in the BC Legislature and said that the legislative amendments to the IMA: “Respond directly to the recommendations that came from the former BC Information and Privacy Commissioners David Loukidelis and Elizabeth Denham.”

However, Elizabeth Denham has said on the record multiple times that she recommends including a duty to document in the FIPPA and not the IMA.

Here’s what she said to the all-party Special Committee of the BC Legislature that reviewed FIPPA in 2016:

Here’s a link to the full report produced by the Special Committee. Ultimately, they made this recommendation to government:

Perhaps, this is the source of Attorney General David Eby’s confusion, as he was a member of the all-party Special Committee that made this recommendation to include the duty to document in the FIPPA.

A recommendation that, ultimately, his NDP government decided to ignore.

In addition to her statements made to the Special Committee, Elizabeth Denham has stated her recommendation for the inclusion of a duty to document within the FIPPA in the report outlining her office’s investigation into the triple-delete scandal.

In that report, she made this recommendation:

Presented above are two pieces of evidence that clearly state former Information and Privacy Commissioner Elizabeth Denham’s recommendation that the duty to document should be included in the FIPPA and not the IMA.

How do we return to the truth?

Ultimately, the evidence is unequivocal; these two pieces of evidence explicitly state Elizabeth Denham’s recommendation to include the duty to document within the FIPPA.

Words have power. When statements are made, intentionally or unintentionally, they need to be supported with evidence. The evidence here suggests that Minister Sims has misrepresented the truth in her statements in the BC Legislature.

An acknowledgement of this mistake would be a good start. Furthering this, would be an official recognition of the fact that BC does not have a positive duty to document that ensures government accountability and facilitates transparency.

Logically following this, would be an acknowledgement of the hypocrisy of an acting Minister investigating her own alleged misconduct.

But the only thing that will truly bring us in line with some semblance of the truth, would be the actual creation of a positive duty to document.

FIPA’s Annual General Meeting for 2019

Join us on June 27, 2019 for our 2019 Annual General Meeting. The meeting will take place at the Vancouver Public Library’s Central Branch (350 W Georgia St.) in the Alma VanDusen Room at 6:30 PM.

We’re excited to welcome Bryan Carney from The Tyee as the guest speaker. His reporting covers freedom of information and privacy, including stories about Facebook’s “sniper-targeting”, an RCMP social media monitoring program, and the Royal Bank of Canada’s alleged ability to read private social media messages.

Please RSVP to fipa@fipa.bc.ca in order to confirm your attendance. Light refreshments will be served.

On the podcast: The History of FIPPA

On this episode of the show, we go back to a time before British Columbia had freedom of information or privacy laws—to the year 1990—and find out what it was like to request information from government.

Then, we find out how a small group of dedicated individuals were able to advocate, draft, and ultimately bring about B.C.’s Freedom of Information and Protection of Privacy Act, bringing this province one step closer to the ideal of open government.

We’ll hear about how the new legislation offered the promise of greater government transparency and accountability, and about what’s transpired in the nearly thirty years since the Act was passed.

Guests on this episode include: FIPA co-founder Darrell Evans, FIPA co-founder and former Information and Privacy Commissioner David Loukidelis, current Information and Privacy Commissioner Michael McEvoy, former Attorney General Colin Gableman, former MLA Barry Jones, current MP Murray Rankin, and the Vancouver Sun’s legislative reporter Vaughn Palmer.