You Might be Interested In

Over the course of the year, the Office of the Privacy Commissioner of Canada is hosting consultations with Canadians on issues that pose a serious challenge to privacy. In an attempt to learn more about the privacy implications of new industries, the focus of the consultations has been on online tracking, profiling and targeting of consumers, and the increasing prevalence of cloud computing.

Following the first such consultation in Toronto, a second event was held in Montreal on May 19^th, 2010. The event was a resounding success, due in part to the fact that the panels had a lively audience both on and offline.

Did you miss the event? You can still watch the webcast here, and you can check out what was happening on Twitter for each panel below.

Panel 1: Frontiers of Consumer Information Datamining and Analytics

Frontiers of Consumer Information Datamining and Analytics Panel

Panel 2: Online Identity and Reputation

Online Identity and Reputation Panel

Panel 3: Online marketing methods: gaming, advertising, applications and social networks

Online marketing methods: gaming, advertising, applications and social networks panel

There has been a long-standing debate between privacy advocates and government officials about the extent of government interest in the information transmitted across domestic and international networks. The passage of USA PATRIOT Act intensified this debate and prompted concern from a more general audience as well. Ever since, the digerati and online crowd have been whispering and wondering about the interface between search engines, particularly Google, and law enforcement and national security bodies.

In brief, this comes up in classrooms and at conferences in roughly the following exchange:

Q. “So, should I worry about what Google knows about me?”

A. “Maybe, but I’d worry more about what the government gets out of Google, then matches with what they already know about you.”

Around this issue, researchers like Chris Soghoian in the US (as well as Ben Hayes and Simon Davies overseas) have been pushing for greater transparency from both companies and government on the use of broad data production powers.  Last week, to their great credit, Google took a big first step and published an interactive map on the numbers and types of data requests they recieve from governments around the world.  This coincides with another important US private sector push – Digitaldueprocess.org – that is asking for clear, consistent and accountable measures to be put in place when government ask companies to ‘check up’ on their customers.

We commend Google and others involved for this significant first step, look forward to improvements and more details as they tweak the reporting model and sincerely hope other companies (and, ahem! governments) follow suit.

Louise is a central character in our upcoming Consumer Privacy Consultations – not because of her great hair, but because she’s engaged online the way many Canadians are…she buys clothing and books online, she updates her Facebook profile regularly, she’s got an iPhone.

She’s also our fictional case study for examining how our data travels as we engage with the online world – who’s got our data? What are they doing with it?

Below is just one of several scenarios we’ve developed to help ground our conversations during the consultation process. This one will be used during the Advertising panel this week in Toronto. As you read it, ask yourself:

Is Louise aware of how her information may be used when she searches for and buys materials at online bookstores?

How accurate is the advertising profile developed for Louise, given that she shares the computer with other members of her family including her nine-year-old brother?

How could Louise’s profile information be matched with publicly available information to draw inferences about her? What types of decisions are or could be made based on her profile information?  What are the risks of combining online and offline profiles? Or the risks involved in combining different online profiles, like Louise’s Facebook profile with the profile her favourite online bookstore has of her?

Louise is a stylish 21-year college student who likes to meet people and try new things. She is active online and does everything from buying trendy clothing and concert tickets to keeping up touch with friends through posting updates and photos to her Facebook page.  Now in her final year of college, Louise is starting to look for a job. She is putting herself through school by making jewellery and selling it online. She is also a collector of specialty comic books and belongs to an international network of comic book enthusiasts. Louise also has a younger brother, David, who is nine years old.

Louise bought some designer jeans at a store in her local mall with her credit card. She also had the clerk swipe her loyalty card.

When Louise arrived home, she signed into her new account at the store’s web site to learn more about the clothes she had carried into the changing room but not bought. In her excitement to see the store’s merchandise, she clicked through the site’s lengthy privacy policy.

In looking on the store’s web site for a blouse to go with her new jeans, Louise saw an advertisement for jewellery that really appealed to her, so she followed it. Louise felt comfortable at the small Canadian jewellery site because the style of the site was as though she were visiting a friend’s page.

She also liked the styles of jewellery on the site so she bought a necklace and clicked on the “Like” button to update her friends on her latest purchase. From there, she left the store site and searched for the listing of a concert and bought 2 tickets. After that, she checked the status of the online auction she was participating in to get a new specialty comic book.

After this, Louise updated her Facebook page to let her friends know about her purchases and to see who else would be attending the concert. From Facebook, she checked out her favourite online bookstore where she purchased a book that was recommended to her by another comic book expert.

We’re hoping to generate some discussion around Louise’s activities – join the discussion by commenting on our blog, or jumping into the Twitter-stream on Thursday (hashtag #priv2010). We also invite you to check out the live webcast.

Here in Ottawa, a group of like-minded citizens held an open data hackfest last weekend, meant to show off cool apps designed by local developers using public municipal data.

The event shone a spotlight on some really innovative tools and highlighted the benefit to citizens that open data can bring.

But what about the privacy risks inherent in, say, an app that helps you locate the nearest bus stop?

Such an application might rely on GPS capabilities to pinpoint your location. It might also aggregate your data, in order to provide you with better options based on your travel habits. But why should a developer assume that the user would want to repeatedly share their location over time? From the user’s point of view, is providing that information – and potentially other pieces of personal information – to a developer I don’t know for a purpose (or purposes) I’m unclear about – worth trading for some intel on where I can catch the next bus downtown?

And if you want to continue down that path, what about crowdsourcing and the collection of aggregated (but not personal) data? There would be obvious benefits to using both in creating something like a traffic monitoring app, but what about the potential risks to privacy when someone begins to combine crowdsourced and aggregated data with personal information like IP addresses or data culled from a database elsewhere?

But it’s not that these apps are fundamentally flawed – anyone who’s ever been lost in an unfamiliar neighbourhood or city can appreciate the value in a Google Maps mash-up on your iPhone.

But – as a developer – why assume that the user wants to share multiple pieces of information? Why not ask first? Or provide options for users to protect their privacy, like Google Latitude which allows you to delete selected waypoints?

The rise of location-based tracking represents a new frontier for consumer privacy, which is why it’s one of a number of topics we’re examining during our 2010 Consumer Privacy Consultations. We’ll be webcasting the first session taking place in Toronto this Thursday, April 29. You can also follow the discussion on Twitter – we’re at @PrivacyPrivee and anything related to this consultation will be tagged with #priv2010.

Late yesterday, Canada’s privacy commissioner, along with data protection authorities from France, Germany, Israel, Italy, Ireland, Netherlands, New Zealand, Spain and the United Kingdom sent a letter to Google CEO Eric Schmidt to express their concerns about privacy issues related to Google Buzz.

Are we unfairly picking on Google? Because the privacy practices we mention in our letter are not Google’s alone – they are representative of an industry-wide habit of launching first, debugging later. But Google is a world leader, and a company that has shown it is not afraid of jumping into the data protection debate. We hope that our letter sends a message to others in the online world as well – your users care about their privacy.

The full letter and news release are available on our site, but here are some excerpts:

We are increasingly concerned that, too often, the privacy rights of the world’s citizens are being forgotten as Google rolls out new technological applications.  We were disturbed by your recent rollout of the Google Buzz social networking application, which betrayed a disappointing disregard for fundamental privacy norms and laws.  Moreover, this was not the first time you have failed to take adequate account of privacy considerations when launching new services….

It is unacceptable to roll out a product that unilaterally renders personal information public, with the intention of repairing problems later as they arise.  Privacy cannot be sidelined in the rush to introduce new technologies to online audiences around the world.

We’ve asked Google for a response, but we also want to know what you think. Let us know in the comments section, or join us via webcast and Twitter (hashtag #priv2010) at our first public consultation next Thursday, April 29.

The intersection of geolocational apps and social media has produced…virtual graffiti.

At several American universities, students with cellphones are tagging campus landmarks with comments and labels using location-aware apps like Foursquare. Some universities have found ways to teach through tagging:

“At North Carolina State University, meanwhile, a new library service shows smartphone users historical pictures of campus buildings based on where users are standing, including a snapshot of the first freshman class, from 1890, when the agricultural college’s hot mobile technology was horses.”

And students have found, er, innovative ways to tag spots around campus – one of the deans at the University as at Dallas discovered his office had been tagged in Foursquare with the comment “Watch out for lame jokes!”

The ability to virtually tag places, things and people isn’t new, but it does create challenges when it comes to managing our identities online – who owns that material? Foursquare? The tagger? The person tagged? Right now, the responsibility is in the hands of the tagged – for instance, look at the care university students take in reviewing, and untagging when necessary, photos of themselves that get posted to Facebook after a particularly spectacular weekend.

Is this likely to change? Probably not – online as in offline, we should all know what face we’re putting forward.

This post, by co-op student Erin Siksay, is cross-posted from our youth blog.

I searched myself online the other day and came up with a profile I had created some years ago, complete with picture and date of birth, name, and e-mail address. So many websites require at least some personal information in order to view exclusive content or enjoy the services provided by the website, it gets difficult keeping track of all the websites I’ve signed up for. Inevitably, some end up being neglected or forgotten. Then, years later, they pop up when I’m feeling bored (and perhaps narcissistic) and searching myself online.

I had the website e-mail me my username and password so I could delete the account (and all of its revealing information) from their server so it wouldn’t appear in the search engine queue. (Luckily I’ve used the same e-mail address for many years). If you find yourself in the same situation but with an unknown or expired e-mail address, you can always write to the moderators or developers of the website and request that your profile be taken down or removed.

You may be selective with what information you put into an online profile, but with lots of profiles online it can become difficult to keep track of exactly what personal information is available on the web. One website might require a postal code, another a birthdate. Pieced together, these separate profiles can reveal a lot about the user. This combined profile can then be used for targeted marketing or even more malicious purposes.

Make sure your profile doesn’t come back to haunt you.

Once again, students from the Encounters with Canada program have selected the winners of our annual student video contest! Here are the winners for our 2009 competition:

The three top video artists in the live action category were:

1^st place: Jeffery Burge, Vanessa Caicedo, Alexandra Georgaras, Gareth Imrie and Fiona Sauder of Canterbury High School in Ottawa, Ontario, with a video titled “Think Before You Click”. They win a $100 gift card and an iPod Touch.

2^nd place: David Borish and Mory Kaba of Glebe Collegiate Institute in Ottawa, Ontario, with a video titled “Friend or Foe”. They win a $250 gift card.

3^rd place: Jennifer Paul from Brampton, Ontario, with a video titled “Too Good to be True”. She wins a $150 gift card.

The three top video artists in the animation category were:

1^st place: Tyler Ford and Matthew Kerr of Osgoode Township High School in Metcalfe, Ontario, with a video titled “Privacy: Think Before You Click”. They win a $100 gift card and an iPod Touch.

2^nd place: Rebecca Kartzmart and Emily Patterson of Osgoode Township High School in Metcalfe, Ontario, with a video titled “Carol the Carrot”. They win a $250 gift card.

3^rd place: Scott Piper of Osgoode Township High School in Metcalfe, Ontario, with a video titled “Privacy Matters”. He wins a $150 gift card.

The three top video artists in the French video category were:

1^st place: Benjamin Dion-Weiss of l’École secondaire publique De La Salle in Ottawa, Ontario, with a video titled “Le réseautage social d’après le Comte Hackula”. He wins a $100 gift card and an iPod Touch.

2^nd place: Stéphanie Lemieux and Emily Vendette of l’École secondaire catholique Embrun in Embrun, Ontario, with a video titled “Le Journal de Lisa”. They win a $250 gift card.

3^rd place: Cosmo Darwin of l’École secondaire publique De La Salle in Ottawa, Ontario, with a video titled “Trouvée & Perdu”. He wins a $150 gift card.

The three top video artists in the Junior category were:

1^st place: Mackenzie Giffen, Chris Johnstone, Chris Nattrass, Curtis Sookhoo and Gabriel Zingle of F.R. Haythorne Junior High in Sherwood Park, Alberta, with a video titled “The Spanish Lottery”. They win a $100 gift card and an iPod Touch.

2^nd place: Trevor Aiello, Connor Bergersen, Chad Bullock and Lochlan Thomson of F.R. Haythorne Junior High in Sherwood Park, Alberta, with a video titled “A lesson In Privacy”. They win a $250 gift card.

3^rd place: Matthew Craner, Scott Deshane, Madison Gilchrist, Joe Matishak and Graeme Wyatt of F.R. Haythorne Junior High in Sherwood Park, Alberta, with a video titled “The Phone Number Test”. They win a $150 gift card.

We also recognized seven teachers for their enthusiastic participation in the contest. They were:

• Crystal Getschel, of F.R. Haythorne Junior High in Sherwood Park, Alberta, with 26 entries.
• Majed Mattar, of Osgoode Township High School in Metcalfe, Ontario, with 21 entries.
• Professor Kaduri, of Tanenbaum Community Hebrew Academy of Toronto, Ontario, with 15 entries.
• Grant Holmes, of École secondaire publique De La Salle, Ottawa, Ontario, with 11 entries.
• Carol Shaw, of Woodstock Collegiate Institute, Woodstock, Ontario, with 8 entries.
• Kevin Shae, of Sir Robert Borden High School, Ottawa, Ontario with 6 entries.
• Stephen Willcock, of Canterbury High School, Ottawa, Ontario, with 5 entries.

Each teacher will receive a $250 gift certificate at Indigo Books and Music to use for personal use or for the school they represent.

The videos will be posted as soon as possible to our youth site. They will also be available on our YouTube channel.

We were thrilled with the number and quality of submissions we received for our second competition. We’ll be launching the 2010 contest in May!

The combination of microblogging services like Twitter and location-aware social networking games on your mobile device like Foursquare is like the Red Bull and vodka of the internet – it’s one big party until your great-aunt’s end table is smashed.

Twitter, of course, enables its users to post short 140-character messages. Social networking games like Foursquare encourage players to post their precise location information in order to gain points – the more locations you “check in”, the more points you gain. These “check-ins” can also be automatically posted to a player’s Twitter or Facebook account.

A couple of Dutch developers have created a site called PleaseRobMe to point out the dangers of posting so much information on your whereabouts.

Don’t get us wrong, we love the whole location-aware thing. The information is very interesting and can be used to create some pretty awesome applications….  The danger is publicly telling people where you are. This is because it leaves one place you’re definitely not… home. So here we are; on one end we’re leaving lights on when we’re going on a holiday, and on the other we’re telling everybody on the internet we’re not home.

The creators of PleaseRobMe point out that users could be putting others around them at risk as well. Foursquare players, for example might also be posting location information for places they frequent…like the homes of friends and family.

The site – which took developers four hours to build – is a witty little reminder to consider the possible repurcussions of what we post online.

On Data Privacy 2010 we’d like to take a moment to remind everyone that is the responsibility of both individuals and companies to make sure that personal information is safe.

If you own a company, or work for a big one: in the past, you may have had to ensure that your customers’ name and address information (and in some cases credit card and billing information) were safe. Now, many of you are providing technology and tools for your customers to put increasing amounts of personal information online. Does your company have the systems in place to safeguard this information? Do you give your customers the tools and options to control how their information is used?

If you are a user of new and cool technology: in the past a telephone was a telephone, a video game was a video game, a stuffed toy was simply that – a stuffed toy. Today, more and more toys and handheld tools come with the ability to go online. Do you understand how to enjoy your toys and gadgets without putting your personal information at risk?

If you are a parent or guardian, teacher, coach or caregiver: do the young people in your life understand how to use all these new toys and gadgets while keeping their personal information safe? Our office has recently made youth privacy a key priority. Today, we have posted some new resources to the Parents & Teachers section of our youth web site. The resources include information on 12 privacy issues (such as the importance of privacy settings and knowing who your friends are on social networking sites), along with ideas for generating discussion about each issue with young people. You can use these resources to start discussion about personal privacy and the importance of thinking about what you post on the Internet.

Regardless of which group you are in – if you need any information about how to keep personal information secure, visit our web sites – priv.gc.ca and youthprivacy.ca.