article-aa

The Irish Data Protection Commission received notification that contractors at the company had listened to people’s communications with their Google digital assistants. In response, Google said in a blog post it reviews and transcribes a “small set of queries” users ask the Google Assistant as “part of the process of building speech technology.” It also admitted, “One of these language reviewers has violated our data security policies by leaking confidential Dutch audio data.” (Bloomberg)

Read this article for free

By entering your e-mail you consent to receiving commercial electronic messages from The Logic Inc. containing news, updates, offers or promotions about The Logic Inc.’s products and services. You can withdraw your consent at anytime. Please refer to our privacy policy or contact us for more details.

Already a subscriber?

Talking point: The review follows new privacy features from Google meant to thwart consumers’ reservations about giving the company more personal data. But in this instance, Google was not aware of the breach—in its post, it said it didn’t know about the violation until it was reported. Ireland’s commissioner for data protection has at least 20 investigations into Big Tech companies open, including into Twitter, Apple and Facebook subsidiaries WhatsApp and Instagram. Investigations can result in hefty fines. However, privacy experts, data watchdogs and academics have raised doubts that Ireland—despite its position as Europe’s lead regulator on data protection—will go as far as to impose regulations on Big Tech companies, many of which  have headquarters in the country for tax purposes. 

article-aa

Canada’s top court has ruled that the police violated the law by searching a man’s computer without his consent or a warrant, even though the computer contained child pornography. “The devices Canadians use every day, like laptops and cell phones, contain a great deal of private information,” reads a summary of the decision on the court’s website. “This case was important because it affected the privacy rights of all Canadians in shared devices.” (The Logic)

Read this article for free

By entering your e-mail you consent to receiving commercial electronic messages from The Logic Inc. containing news, updates, offers or promotions about The Logic Inc.’s products and services. You can withdraw your consent at anytime. Please refer to our privacy policy or contact us for more details.

Already a subscriber?

Talking point: The Supreme Court has shifted significantly since 2014, when it ruled police can search cell phones during arrests without warrants. Back then, the court ruled that the importance of quick police investigations superseded privacy concerns. Civil liberties groups argued unsuccessfully in that case that phones contain all kinds of deeply private information that should require a warrant. In the summary of today’s ruling, the court seemed much more sympathetic to that line of argument, writing that phones “can also be used to access even more information stored elsewhere, like in email and social media accounts.”

article-aa

Daniel Therrien wanted tech firms to get explicit consent from consumers if their data was going to cross borders, launching a consultation in April to solicit feedback. He received 87 submissions, including many from businesses that said the new rules would create significant problems for them. In response, Therrien has decided to keep the current rules, but will advocate for legislative changes to strengthen privacy obligations for companies. (The Logic)

Read this article for free

By entering your e-mail you consent to receiving commercial electronic messages from The Logic Inc. containing news, updates, offers or promotions about The Logic Inc.’s products and services. You can withdraw your consent at anytime. Please refer to our privacy policy or contact us for more details.

Already a subscriber?

Talking point: This is a victory for large tech firms, which strongly objected to Therrien’s proposed reforms. Avoiding regulation in the short term saves tech companies the hassle of asking customers to consent to having their data cross borders. It also lets them avoid disclosing when they’re sending data to potentially embarrassing third-party contractors. In the potential fight to come over new legislation, Therrien has some allies, including the House of Commons ethics committee and a number of privacy activists. However, the tech firms are unlikely to roll over. Another potentially massive roadblock: the new USMCA trade agreement, which bars Canada from restricting many types of cross-border data transfers.

article-aa

The organization found that more than 75 per cent of the 136 websites they analyzed contain third-party trackers for marketing purposes—mostly from Google, Facebook and Amazon’s advertising services. A portion of the sites revealed to third parties the specific mental health concerns for which users searched. Most of the sites do not meet standards set out by EU privacy law for obtaining user consent, according to the study. (The Logic)

Read this article for free

By entering your e-mail you consent to receiving commercial electronic messages from The Logic Inc. containing news, updates, offers or promotions about The Logic Inc.’s products and services. You can withdraw your consent at anytime. Please refer to our privacy policy or contact us for more details.

Already a subscriber?

Talking point: Since the General Data Protection Regulation came into effect in May 2018, European regulators have handed out three fines for the improper handling of health data totalling 480,510, but none of those cases concerned websites serving sensitive data to advertisers. Health data is subject to extra protections under the law, which prohibits data controllers from processing it, except under certain limited conditions, like when doing so is medically necessary. While health websites have yet to clash with European regulators, hospitals and other medical clinics have had to make costly adjustments to adapt to the regulation and, so far, one clinic has been fined for its misuse of personal data.

article-aa

At 446, the number of breaches is six times higher than the same period the year prior—the surge follows a law that came into effect in November 2018 that requires businesses to report data breaches that pose “a real risk of significant harm to individuals” to the Office of the Privacy Commissioner of Canada (OPC). (Attention Control)

Read this article for free

By entering your e-mail you consent to receiving commercial electronic messages from The Logic Inc. containing news, updates, offers or promotions about The Logic Inc.’s products and services. You can withdraw your consent at anytime. Please refer to our privacy policy or contact us for more details.

Already a subscriber?

Talking point: Political parties are not subject to federal privacy laws that regulate the use of personal data—such as the Personal Information Protection and Electronic Documents Act—while businesses are. This means that parties—which are increasingly using personal data to target voters—are not obligated to report data breaches to the OPC. Even B.C.’s relatively robust privacy legislation—where an adjudicator recently ruled that both federally and provincially registered political parties are subject to the province’s privacy laws—does not contain a provision mandating parties to report data breaches to the OPC. But federal, provincial, and territorial privacy watchdogs are calling for the federal government to close the regulatory blindspot for political parties—including two recommendations by the House ethics committee in June and December 2018. While there are no breach statistics available for political parties, municipalities are frequent targets of cyberattacks—Saskatoon, as well as Ontario’s Stratford, Midland and Wasaga Beach, have all been targeted by hackers in recent years.

article-aa

Facebook is now required to launch an independent privacy committee, create a team of privacy compliance officers and exercise “greater oversight” of third-party apps, among other provisions. Co-founder and CEO Mark Zuckerberg must certify the company’s compliance with these new rules every quarter, or else face individual civil and/or criminal penalties. The U.S. Federal Trade Commission (FTC)’s two Democratic commissioners voted against the settlement. Following the news, Facebook stock rose 1.03 per cent in late afternoon trading. (Financial Times)

Read this article for free

By entering your e-mail you consent to receiving commercial electronic messages from The Logic Inc. containing news, updates, offers or promotions about The Logic Inc.’s products and services. You can withdraw your consent at anytime. Please refer to our privacy policy or contact us for more details.

Already a subscriber?

Talking point: Joseph Simons, chair of the FTC, emphasized the magnitude of the fine—which is the largest-ever imposed by the commission—and said the new rules in the settlement are designed to remake Facebook’s privacy culture. Meanwhile, Rohit Chopra, one of the FTC’s two democratic commissioners, said the decision fails to address the root cause of the violations, which he said was Facebook’s practice of monetizing user behaviour through mass surveillance. That model carries dangerous societal repercussions, argued Chopra, who also said the settlement’s terms give Facebook an “unusual legal breadth” of protections, including letting the firm decide for itself how much user data it collects and how it’s used in targeted advertising. Earlier Wednesday, the U.S. Securities and Exchange Commission filed a complaint against Facebook, alleging its public disclosures characterized its misuse of user data as merely hypothetical, while knowing that Cambridge Analytica had actually misused the data. Facebook will report its second-quarter earnings later Wednesday.

article-aa

Michael McEvoy is looking into whether the province’s personal information rules apply to federal parties operating in B.C. While they are currently required to publish privacy policies, they’re not held to any standards or subject to enforcement. B.C. is the only jurisdiction in Canada where privacy laws cover political parties. If McEvoy finds that federal parties are subject to B.C. laws, he could issue a binding order requiring them to comply with those rules, which give individuals the right to know what personal information organizations have about them, and bans organizations from collecting more data than they need to provide a product or service. (Toronto Star)

Read this article for free

By entering your e-mail you consent to receiving commercial electronic messages from The Logic Inc. containing news, updates, offers or promotions about The Logic Inc.’s products and services. You can withdraw your consent at anytime. Please refer to our privacy policy or contact us for more details.

Already a subscriber?

Talking point: The B.C. watchdog’s move could be the quickest way to bring federal parties under privacy laws. Federal privacy commissioner Daniel Therrien has repeatedly called for that to happen. But the Liberal government hasn’t acted; in October 2018, Democratic Institutions Minister Karina Gould said MPs need to study the issue. They have: the House ethics committee recommended the change in two separate reports in 2018. Therrien declined to comment on McEvoy’s move, but the commissioners have worked together in the past, conducting a joint investigation of Facebook’s handling of Canadian users’ data that ended up in the possession of Cambridge Analytica. Meanwhile, Bits of Freedom, a Dutch digital rights organization, said Facebook failed to prevent it from buying ads in other countries during the European elections, violating its promise to stop foreign interference.

article-aa

The commissioner wants companies to specifically highlight if data is crossing borders when asking consumers to sign terms of service agreements. The commissioner is conducting consultations on transborder data flows, and is asking stakeholders a number of questions, including whether they think people should be told the country their data will be sent to and which third parties will have access to it. Responses are due by June 4. (The Logic)

Read this article for free

By entering your e-mail you consent to receiving commercial electronic messages from The Logic Inc. containing news, updates, offers or promotions about The Logic Inc.’s products and services. You can withdraw your consent at anytime. Please refer to our privacy policy or contact us for more details.

Already a subscriber?

Talking point: Tech companies have fought back against similar consent provisions in other countries. Disclosing which countries data is going to can reveal valuable information about where companies do business, and having to disclose third party contractors could reveal embarrassing relationships—like Facebook giving the Royal Bank of Canada access to its data. The fight over transborder data flows in Canada has largely been fought behind the scenes, with large tech companies seeking to avoid regulation, and privacy activists and certain MPs—including the House of Commons Ethics Committee—calling for more. The federal government has repeatedly said it is considering regulating tech giants, but has not passed new laws, and it’s running out of time to do so before the fall election. The privacy commissioner can act without new legislation being passed, but has limited enforcement powers.

article-aa

An investigation into last year’s Equifax data breach found that the company’s Canadian arm didn’t have the consent needed to transfer customers’ data across the border to its U.S. parent company and that it held onto that information for too long. Now under a proposed policy from the privacy commissioner, firms would need to get customers’ consent before moving information outside of the country, and give them a “clear and easily accessible choice” about any non-essential data gathering or use. The consultation period, which will help shape the new policy, closes June 4. (The Logic)

Read this article for free

By entering your e-mail you consent to receiving commercial electronic messages from The Logic Inc. containing news, updates, offers or promotions about The Logic Inc.’s products and services. You can withdraw your consent at anytime. Please refer to our privacy policy or contact us for more details.

Already a subscriber?

Talking point: Under the new USMCA trade agreement, Canada can’t stop data transfers like the one that resulted in Canadians being included in the Equifax hack. But if the privacy commissioner adopts its new positions and companies feel compelled to comply, the transfers could get a little bit harder, in spite of the watchdog’s limited punitive powers. Given a more obvious choice, customers may decline consent or opt out of further collection and processing, depriving firms of valuable data.

article-aa

In a written submission to the government’s National Digital and Data Consultations, Daniel Therrien proposed that any new law include “enforceable rights” for individuals, and that his office be given the ability to compel disclosure and issue fines to organizations that fail to comply. He also reiterated his call that Canadian political parties be subject to privacy laws. (Office of the Privacy Commissioner of Canada)

Read this article for free

By entering your e-mail you consent to receiving commercial electronic messages from The Logic Inc. containing news, updates, offers or promotions about The Logic Inc.’s products and services. You can withdraw your consent at anytime. Please refer to our privacy policy or contact us for more details.

Already a subscriber?

Talking point: Therrien’s office is currently investigating two instances of the use of personal information that have caused widespread concern: the Facebook-Cambridge Analytica scandal, and Statistics Canada’s proposed pilot project using banking data. The enforcement powers he’s seeking were also recommended by a House of Commons committee reviewing federal privacy regulation. And, they’re similar to those recently given to Britain’s privacy commissioner, Elizabeth Denham. Denham was interim privacy commissioner in Canada in 2008, and issued a report on Facebook’s handling of user data that foreshadowed the current scandal. Back then, the company treated her report and recommendations “as more like advice,” Denham told the International Grand Committee on Disinformation last week.