You Might be Interested In

On June 21, 2010, The Office of the Privacy Commissioner hosted its third Consumer Privacy Consultation event of the year. Located in Calgary, this consultation event focused primarily on the privacy implications of cloud computing.  Featuring a wide variety of industry experts and engaging panelists, the event was highly successful.

One of the factors contributing to the success of the event was the extraordinary online engagement of citizens both at the event and elsewhere. Using Twitter, interested participants could ask questions, share knowledge and engage with the experts. Hundreds of messages were exchanged over Twitter throughout the day, resulting in a fascinating back-channel to supplement the live interactions taking place at the consultation event itself.

Did you miss the event? You can still check out the Twitter chatter for the event below:

Calgary Consumer Privacy Consultation

Do you know how your location information is used?  A recent survey commissioned by security company, Webroot, asked 1,645 social network users in the U.S. and UK who own location-enabled mobile devices about their use of location-based tools and services.  The survey found that 39 percent of respondents reported using geo-location on their mobile devices and more than half (55 percent) of those users are worried about their loss of privacy. 

A few notable concerns over security and privacy: 49 percent of women (versus 32 percent of men) were highly concerned about letting a would-be stalker know where they are and nearly half (45 percent) are very concerned about letting potential burglars know when they’re away from home (a very real risk outlined nicely by Pleaserobme.com)

The growing popularity of geo-location tools and services (including offerings by industry giants such as Twitter, Apple, Facebook and Google) means that location information is being collected on a colossal scale and the real and potential uses for this information are just starting to work themselves out – from iPhone photos tagged with GPS coordinates to location-based gaming platforms such as Scvngr that enable mobile users to create their own location-based games.

This increase in the collection and use of location information can also pose unique risks for users.  The survey summary notes that a surprising number of respondents engaged in behaviors such as sharing location information with people other than friends that could put them, and their private information, at risk.  A blogger recently wrote about her experience with location sharing gone wrong and Foursquare was recently blasted for unintentional data leakage via their popular location-based service. 

As we note in our recent submission to Industry Canada’s Digital Economy Consultation, good privacy practices can support innovation by reinforcing confidence in users that they have the right to control their personal information and that the technology they use is secure.  With location information, the usual privacy concerns abound and with each cool, new service that hits the market. How to communicate these risks to consumers is something that occupies a great deal of our time.  Dealing with the privacy concerns of location information during the design phase for new services would help businesses avoid expensive (both financial and reputational) after-the-fact privacy fixes and might even provide those privacy-friendly businesses with a significant competitive advantage

We’ve just sent in our submission to the Digital Economy Consultation, available online here.

In our submission, we argue that privacy isn’t an impediment to innovation. Rather, we believe privacy can support innovation by reinforcing confidence in users that they have the right to control their personal information and that the technology they use is secure. Too often privacy is left out of the design stage, and fixes after the fact can be expensive. We recommend that privacy become an integral part of the business models that rely on technology. We want to see a privacy culture that complements Canada’s digital advantage and, in our submission, we put forward a number of recommendations on how the federal government can help build one.

First of all we recommend strengthening privacy protections within the federal government. We’ve written previously about the need to reform the Privacy Act, but we think the federal government can go even further in being a model user of technology – for example, we’d like to see the federal government make Privacy Impact Assessment (PIA) analysis a requirement as part of preparing Memoranda to Cabinet for program approvals. We’d also welcome the federal government’s use of state-of-the-art authentication and protection technologies. Other countries are already exploring this, including the United States, where they are looking at how open-source products and standards can be used to provide identity verification.

The consultation on the digital economy includes a discussion on the importance of digital skills. We increasingly view privacy literacy and online reputation management as part of a suite of digital citizenship skills necessary for success in the digital economy. To this end, we recommend making privacy literacy an integral component of digital citizenship and would like to see the federal government fund research to support digital citizenship programs.

We also recommend providing tools to help small and medium-sized enterprises (SMEs) – and in particular SMEs that are technology innovators – better understand privacy so that privacy is considered at the outset of the design stage, and built into the end product.

Finally, we’d like the federal government to fund “privacy positive” research and development – for instance, network and security technologies that incorporate privacy protections.

With only a handful of days left, we encourage you to read our submission, and the submissions and ideas of others and offer your comments.

Two years ago, we launched our youthprivacy.ca website to engage people on the issues around young people and digital privacy.

When we launched youthprivacy.ca, Twitter had about 500,000 users, Google was rumoured to be entering the mobile phone market, and the idea of managing your digital footprint was just gaining some steam.

To say a lot has changed over the last 24 months would be an understatement.

We want to redesign the site to better present existing and new content, and highlight resources and work being done elsewhere on the topic. We also want the process of rebuilding this website to be open and transparent. We feel that there is a much larger community of public servants and private citizens with the experience, the expertise and the skill sets to make this a useful and highly collaborative exercise.

After all, why build communities of practice if we only continue to build projects within silos and concealed behind departmental garden walls?

We are inviting input from people with interest and expertise from both within government (specifically #w2p and #ux communities of practice, and those with experience reaching out to young people and engaging in public education and social marketing) and external to government (non-profit sector, educators and librarians, young people themselves).

Much of the process will be run on GCpedia to facilitate contribution among Government of Canada employees. For folks external to government without access to GCpedia, we’ll provide some updates on this page – and if you have ideas on how we can open up collaboration to the outside community, let us know.

Check out the wiki page on GCpedia or this page for additional information, and let us know if you interested in pitching in. And I’ll leave you with this thought:

“It’s always easier to tame a wild idea than to invigorate a limp one.”

A few dedicated OPC staffers spend much of their time visiting schools and talking to young people about why privacy is important.  If you believe a popular line of thinking, privacy may seem to be a lost cause in the age of online social networking and “anything goes” disclosure. We who talk to youth on a regular basis, however, are always pleasantly surprised that a generation that is growing up online shows such interest and enthusiasm about protecting their information.  It’s nice when research findings reflect our day-to-day observations that many young people are in fact proactive about protecting their online privacy.

The Pew Research Center’s Internet and American Life Project recently published a report entitled “Reputation, Management, and Social Media” in which it found that “younger users are far more active and deliberate curators of their online profiles when compared with older users.” This infographic shows other interesting report findings about how people interact and conduct themselves online.

Much of the debate around online privacy seems to revolve around binary choices: if you post information online then you can’t expect it to be private; if you join a social networking site then you must want to share your information with everyone.  But the reality is much more nuanced. As danah boyd and others have argued, people want to share information with people they themselves have chosen, via privacy settings. PEW found that 71% of social networking users ages 18-29 have changed the privacy settings on their profiles to limit what they share with others online, and 58% keep some people from seeing certain updates. Contrary to what some tech moguls might want you to believe, online privacy among young people is alive and well.

Over the course of the year, the Office of the Privacy Commissioner of Canada is hosting consultations with Canadians on issues that pose a serious challenge to privacy. In an attempt to learn more about the privacy implications of new industries, the focus of the consultations has been on online tracking, profiling and targeting of consumers, and the increasing prevalence of cloud computing.

Following the first such consultation in Toronto, a second event was held in Montreal on May 19^th, 2010. The event was a resounding success, due in part to the fact that the panels had a lively audience both on and offline.

Did you miss the event? You can still watch the webcast here, and you can check out what was happening on Twitter for each panel below.

Panel 1: Frontiers of Consumer Information Datamining and Analytics

Frontiers of Consumer Information Datamining and Analytics Panel

Panel 2: Online Identity and Reputation

Online Identity and Reputation Panel

Panel 3: Online marketing methods: gaming, advertising, applications and social networks

Online marketing methods: gaming, advertising, applications and social networks panel

Louise is a central character in our upcoming Consumer Privacy Consultations – not because of her great hair, but because she’s engaged online the way many Canadians are…she buys clothing and books online, she updates her Facebook profile regularly, she’s got an iPhone.

She’s also our fictional case study for examining how our data travels as we engage with the online world – who’s got our data? What are they doing with it?

Below is just one of several scenarios we’ve developed to help ground our conversations during the consultation process. This one will be used during the Advertising panel this week in Toronto. As you read it, ask yourself:

Is Louise aware of how her information may be used when she searches for and buys materials at online bookstores?

How accurate is the advertising profile developed for Louise, given that she shares the computer with other members of her family including her nine-year-old brother?

How could Louise’s profile information be matched with publicly available information to draw inferences about her? What types of decisions are or could be made based on her profile information?  What are the risks of combining online and offline profiles? Or the risks involved in combining different online profiles, like Louise’s Facebook profile with the profile her favourite online bookstore has of her?

Louise is a stylish 21-year college student who likes to meet people and try new things. She is active online and does everything from buying trendy clothing and concert tickets to keeping up touch with friends through posting updates and photos to her Facebook page.  Now in her final year of college, Louise is starting to look for a job. She is putting herself through school by making jewellery and selling it online. She is also a collector of specialty comic books and belongs to an international network of comic book enthusiasts. Louise also has a younger brother, David, who is nine years old.

Louise bought some designer jeans at a store in her local mall with her credit card. She also had the clerk swipe her loyalty card.

When Louise arrived home, she signed into her new account at the store’s web site to learn more about the clothes she had carried into the changing room but not bought. In her excitement to see the store’s merchandise, she clicked through the site’s lengthy privacy policy.

In looking on the store’s web site for a blouse to go with her new jeans, Louise saw an advertisement for jewellery that really appealed to her, so she followed it. Louise felt comfortable at the small Canadian jewellery site because the style of the site was as though she were visiting a friend’s page.

She also liked the styles of jewellery on the site so she bought a necklace and clicked on the “Like” button to update her friends on her latest purchase. From there, she left the store site and searched for the listing of a concert and bought 2 tickets. After that, she checked the status of the online auction she was participating in to get a new specialty comic book.

After this, Louise updated her Facebook page to let her friends know about her purchases and to see who else would be attending the concert. From Facebook, she checked out her favourite online bookstore where she purchased a book that was recommended to her by another comic book expert.

We’re hoping to generate some discussion around Louise’s activities – join the discussion by commenting on our blog, or jumping into the Twitter-stream on Thursday (hashtag #priv2010). We also invite you to check out the live webcast.

Here in Ottawa, a group of like-minded citizens held an open data hackfest last weekend, meant to show off cool apps designed by local developers using public municipal data.

The event shone a spotlight on some really innovative tools and highlighted the benefit to citizens that open data can bring.

But what about the privacy risks inherent in, say, an app that helps you locate the nearest bus stop?

Such an application might rely on GPS capabilities to pinpoint your location. It might also aggregate your data, in order to provide you with better options based on your travel habits. But why should a developer assume that the user would want to repeatedly share their location over time? From the user’s point of view, is providing that information – and potentially other pieces of personal information – to a developer I don’t know for a purpose (or purposes) I’m unclear about – worth trading for some intel on where I can catch the next bus downtown?

And if you want to continue down that path, what about crowdsourcing and the collection of aggregated (but not personal) data? There would be obvious benefits to using both in creating something like a traffic monitoring app, but what about the potential risks to privacy when someone begins to combine crowdsourced and aggregated data with personal information like IP addresses or data culled from a database elsewhere?

But it’s not that these apps are fundamentally flawed – anyone who’s ever been lost in an unfamiliar neighbourhood or city can appreciate the value in a Google Maps mash-up on your iPhone.

But – as a developer – why assume that the user wants to share multiple pieces of information? Why not ask first? Or provide options for users to protect their privacy, like Google Latitude which allows you to delete selected waypoints?

The rise of location-based tracking represents a new frontier for consumer privacy, which is why it’s one of a number of topics we’re examining during our 2010 Consumer Privacy Consultations. We’ll be webcasting the first session taking place in Toronto this Thursday, April 29. You can also follow the discussion on Twitter – we’re at @PrivacyPrivee and anything related to this consultation will be tagged with #priv2010.

Late yesterday, Canada’s privacy commissioner, along with data protection authorities from France, Germany, Israel, Italy, Ireland, Netherlands, New Zealand, Spain and the United Kingdom sent a letter to Google CEO Eric Schmidt to express their concerns about privacy issues related to Google Buzz.

Are we unfairly picking on Google? Because the privacy practices we mention in our letter are not Google’s alone – they are representative of an industry-wide habit of launching first, debugging later. But Google is a world leader, and a company that has shown it is not afraid of jumping into the data protection debate. We hope that our letter sends a message to others in the online world as well – your users care about their privacy.

The full letter and news release are available on our site, but here are some excerpts:

We are increasingly concerned that, too often, the privacy rights of the world’s citizens are being forgotten as Google rolls out new technological applications.  We were disturbed by your recent rollout of the Google Buzz social networking application, which betrayed a disappointing disregard for fundamental privacy norms and laws.  Moreover, this was not the first time you have failed to take adequate account of privacy considerations when launching new services….

It is unacceptable to roll out a product that unilaterally renders personal information public, with the intention of repairing problems later as they arise.  Privacy cannot be sidelined in the rush to introduce new technologies to online audiences around the world.

We’ve asked Google for a response, but we also want to know what you think. Let us know in the comments section, or join us via webcast and Twitter (hashtag #priv2010) at our first public consultation next Thursday, April 29.

Last week, researchers from Berkeley and the University of Pennsylvania released a study on young peoples’ attitudes and knowledge when it comes to their privacy. Their study found many similarities between young and older Americans when it came to sensitivity about online privacy, bucking the conventional wisdom that “kids don’t care” about privacy.

Also interesting: Some American youth incorrectly believe laws protect their privacy online and offline more than it actually does. Researchers suggest

This lack of knowledge in a tempting environment, rather than a cavalier lack of concern regarding privacy, may be an important reason large numbers of them engage with the digital world in a seemingly unconcerned manner.

Their report is timely and will provide interesting fodder for our upcoming panel discussion on children’s privacy online next week in Toronto. Be sure to tune in to the webcast next April 29 and join the conversation on Twitter (#priv2010).