Greater trans­parency re­quired to pro­tect pri­vacy in the dig­i­tal age

BY DALE SMITH

Policy - - Before The Bell | From The Editor - BY DALE SMITH

In the age of covert pri­vacy degra­da­tion, com­modi­tized data and pro­file har­vest­ing, what should gov­ern­ments be do­ing to pro­tect cit­i­zens and democ­racy? While cor­po­ra­tions and gov­ern­ments are col­lect­ing, an­a­lyz­ing and shar­ing the per­sonal data of Cana­di­ans on an un­prece­dented scale, tens of mil­lions of us have fallen vic­tim to pri­vacy breaches, of­ten due to out­dated reg­u­la­tion or lack of en­force­ment. Be­fore the Bell asked ex­perts and stake­hold­ers to ad­dress how pol­icy needs to evolve to keep pace with pri­vacy and se­cu­rity in the dig­i­tal age.

An­drew Burtch, the Cana­dian War Mu­seum’s post-1945 his­to­rian, helped to sit­u­ate the con­text of the dis­cus­sion, re­call­ing episodes dur­ing which pri­vacy and civil lib­er­ties were sub­or­di­nated to na­tional se­cu­rity, such as the purge of gays and les­bians from the civil ser­vice be­cause they were viewed as be­ing vul­ner­a­ble to blackmail.

Rachel Cur­ran, prin­ci­pal with Harper and As­so­ciates, noted that the pre­vi­ous Con­ser­va­tive gov­ern­ment was sur­prised by the cross-par­ti­san back­lash to its pro­posal to give law en­force­ment ba­sic sub­scriber data.

“For us, it started the con­ver­sa­tion about pri­vacy rights, what do Cana­di­ans re­ally know about what’s be­ing col­lected, what in­put they should have into what’s be­ing col­lected and how it’s used,” said Cur­ran.

Michael Cur­ran, pub­lisher of Great River Me­dia and the Ot­tawa Busi­ness Jour­nal, said that most peo­ple don’t un­der­stand how much their data is be­ing col­lected with things like loy­alty cards, even when they find ad­ver­tis­ing that tracks them around the In­ter­net to be “creepy.” He also pro­posed that har­mo­niz­ing pri­vacy rules with the Euro­pean Union’s new on­line pri­vacy reg­u­la­tions makes sense for busi­nesses.

“The more that gov­ern­ments can do to har­mo­nize those reg­u­la­tions, the more it would al­low those cor­po­ra­tions to fo­cus on the spirit of the law and not get caught in the slightly dif­fer­ent vari­a­tions of reg­u­la­tions,” he said.

Chan­tal Bernier, for­mer in­terim pri­vacy com­mis­sioner of Canada and cur­rently coun­sel and head of Den­tons’ Cana­dian pri­vacy and cy­ber­se­cu­rity prac­tice, noted what’s dif­fer­ent about pri­vacy in the dig­i­tal age: Firstly, the ab­strac­tion of the in­ter­net; that we think we’re alone when us­ing it when we’re re­ally not; sec­ond, that it’s more com­plex than even MIT PhDs re­al­ize; and third, the opac­ity of its busi­ness cul­ture and prac­tices leaves con­sumers more vul­ner­a­ble than we know.

“All those al­go­rithms that de­tect us lik­ing this or that are trade se­crets,” said Bernier. “It’s the se­cret sauce that com­pa­nies don’t want to sell. There’s an opac­ity there that keeps us from know­ing what’s go­ing on.”

Bernier also noted that much of her prac­tice nowa­days is help­ing Cana­di­ans come into com­pli­ance with the new Euro­pean pri­vacy stan­dards, which is a regime that more prop­erly re­stores the bal­ance be­tween the users and the trans­parency of the col­lec­tion of data.

Erin Kelly, pres­i­dent and CEO of Ad­vanced Sym­bol­ics, said that be­cause her com­pany has al­ways had a pol­icy against mi­cro-tar­get­ing, and in many ways ex­ceeded the new Euro­pean pri­vacy stan­dards, the re­cent Facebook/Cam­bridge An­a­lyt­ica sit­u­a­tion has ac­tu­ally been ben­e­fi­cial to her busi­ness. She also noted that the col­lec­tion of per­sonal data doesn’t ac­tu­ally work.

“That’s why we do things at the pop­u­la­tion level,” said Kelly. “If I made my money as a for­tune teller does, try­ing to fig­ure out what you’re go­ing to do on any given day, my mar­gin of er­ror is go­ing to be huge — it wouldn’t be ac­cu­rate. But look­ing at the trends of 200,000 peo­ple, I can pretty much say that this is the party that’s ahead [in an elec­tion forecast].”

Corinne Pohlmann, se­nior VP of na­tional af­fairs and part­ner­ships with the Cana­dian Fed­er­a­tion of In­de­pen­dent Busi­ness, said that from a small busi­ness per­spec­tive, the new Euro­pean pri­vacy reg­u­la­tions have given rise to a lot of ques­tions from busi­ness own­ers.

“For small busi­nesses, all they want to be told is what they need to do,” said Pohlmann. “For us, that’s find­ing ways to build tem­plates in terms of what a pri­vacy pol­icy looks like and how it works for a com­pany of your size and the type of in­for­ma­tion that you have.”

Sylvia Kingsmill, part­ner in the risk con­sult­ing prac­tice of KPMG, was in­volved in cre­at­ing the Pri­vacy by De­sign cer­ti­fi­ca­tion pro­gram at Ry­er­son Univer­sity. It en­ables Cana­dian or­ga­ni­za­tions to demon­strate that they’re re­spon­si­ble, ac­count­able and eth­i­cal with the in­for­ma­tion they’re en­trusted with.

“We did it as a best prac­tice be­cause there was no le­gal re­quire­ment to do that,” said Kingsmill. “There was a real mar­ket ap­petite to ad­dress this and to have a di­ag­nos­tic tool to demon­strate to Cana­dian cit­i­zens that they can be trusted.”

The goal of Pri­vacy by De­sign is to build pri­vacy into the ar­chi­tec­ture of a new sys­tem, on the fol­low­ing prin­ci­ples: be­ing proac­tive; hav­ing strong pri­vacy de­fault set­tings; em­bed­ding pri­vacy and se­cu­rity into any prod­uct or cul­ture of an or­ga­ni­za­tion; avoid­ing zero-sum think­ing; en­sur­ing that there is trans­parency and open­ness; pro­vid­ing se­cu­rity through­out the en­tire data life­cy­cle; and re­spect­ing the end-user.

Nathaniel Ersk­ine-Smith, Lib­eral MP for Beaches East-York and vice-chair of the Stand­ing Com­mit­tee on Ac­cess to In­for­ma­tion, Pri­vacy and Ethics, said that Canada has stronger pri­vacy laws than many coun­tries, but our Pri­vacy Com­mis­sioner needs more tools to en­force those laws and to au­dit com­pa­nies more proac­tively.

“A lot of what we’ve heard has fo­cused on trans­parency,” said Ersk­ine-Smith. “More in­for­ma­tion is re­quired from com­pa­nies to say ‘Here’s how we use the in­for­ma­tion, here’s why we col­lect the in­for­ma­tion, and here’s what we do with it’. Pri­vacy poli­cies need to be sim­pli­fied by a sig­nif­i­cant de­gree.”

What do Cana­di­ans re­ally know about what’s be­ing col­lected, what in­put they should have into what’s be­ing col­lected and how it’s used.” — Rachel Cur­ran Harper and As­so­ciates

Newspapers in English

Newspapers from Canada

© PressReader. All rights reserved.