1 / 17

Online privacy and identity A regulatory body’s perspective

Office of the Privacy Commissioner of Canada Commissariat à la protection de la vie privée du Canada. Online privacy and identity A regulatory body’s perspective. April 21, 2008, Montreal, QC. Office of the Privacy Commissioner of Canada Commissariat à la protection de la vie privée du Canada.

marcia-salas
Download Presentation

Online privacy and identity A regulatory body’s perspective

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Office of the Privacy Commissioner of Canada Commissariat à la protection de la vie privée du Canada Online privacy and identityA regulatory body’s perspective April 21, 2008, Montreal, QC

  2. Office of the Privacy Commissioner of Canada Commissariat à la protection de la vie privée du Canada Internet Use and the Norm • $50 million in sales to Canadians • 10 million Canadians use social networking sites • 1 million Canadians visit Second Life each week • Over $1 billion in revenue from online advertising

  3. Office of the Privacy Commissioner of Canada Commissariat à la protection de la vie privée du Canada Issues for the OPC • Enforcing the law in a virtual environment • Enforcing Canadian standards in a global context

  4. Office of the Privacy Commissioner of Canada Commissariat à la protection de la vie privée du Canada Personal Information Online • Consumption • Financial institutions • Carelessness of Internet users • 25% use privacy settings • 3% adjust their cookies

  5. Office of the Privacy Commissioner of Canada Commissariat à la protection de la vie privée du Canada Educating the Public • Blogs • Protecting yourself when using social networking sites

  6. Office of the Privacy Commissioner of Canada Commissariat à la protection de la vie privée du Canada Ads Targeted at Consumers • Marketing value • Online profiling is becoming more accurate • Google’s acquisition of DoubleClick

  7. Office of the Privacy Commissioner of Canada Commissariat à la protection de la vie privée du Canada Federal Trade Commission • Proposed Online Behavioral Advertising Privacy Principles —December 2007 • Different from Canada

  8. Office of the Privacy Commissioner of Canada Commissariat à la protection de la vie privée du Canada Jurisdiction in the Virtual World • Lawson v. Accusearch Inc. (F.C.), 2007 FC 125 • Real and substantial connection because much of the data came from Canada/was about a Canadian • The issue of being able to effectively carry out an investigation is separate from the issue of having jurisdiction to investigate

  9. Office of the Privacy Commissioner of Canada Commissariat à la protection de la vie privée du Canada Outcome • Sites that are accessible from Canada may fall under the OPC’s jurisdiction for investigations • These sites must comply with PIPEDA

  10. Office of the Privacy Commissioner of Canada Commissariat à la protection de la vie privée du Canada PIPEDA Standards • The Streetview case—Google • The Ticketmaster case • The private life of avatars

  11. Office of the Privacy Commissioner of Canada Commissariat à la protection de la vie privée du Canada International Cooperation is Essential • FTC • Cooperation • Possibility of intervening in Accusearch Inc.’s appeal to the U.S. Tenth Circuit Court of Appeals • OECD • Guidelines on the Protection of Privacy and Transborder Flows of Personal Data

  12. Office of the Privacy Commissioner of Canada Commissariat à la protection de la vie privée du Canada The Influence of Canadian Standards- TJX • Alberta-Federal investigation • Public findings • Loss of $60.8 million to date • A reserve fund of $178.1 million set up by TJX—this represents an estimate of total losses

  13. Office of the Privacy Commissioner of Canada Commissariat à la protection de la vie privée du Canada Security of Personal Information • Identity theft/false pretence • Bill C-27 (An Act to Amend the Criminal Code) • Recklessness as to subsequent use of identity information • “…being reckless”

  14. Office of the Privacy Commissioner of Canada Commissariat à la protection de la vie privée du Canada Review PIPEDA • Provision on data breach notification • A clear definition of “triggers” and “thresholds” for notification is essential • Two-step approach: (i) notify those affected by a loss of personal information where there is “a high risk of significant harm”; and (ii) have a requirement that the OPC be advised of “any major loss or theft” • OPC—need for objective information on the extent and cause of losses

  15. Office of the Privacy Commissioner of Canada Commissariat à la protection de la vie privée du Canada Identity in Context • Gordon v.Canada (Health)(2008 FC 258) • Information will be about an identifiable individual where there is a serious possibility that an individual could be identified through the use of that information, alone or in combination with other available information.

  16. Office of the Privacy Commissioner of Canada Commissariat à la protection de la vie privée du Canada Conclusion • Canada • European standards • Individuals: right/choice regarding protection of their personal information • Multinational companies must ensure they comply with PIPEDA online

  17. Office of the Privacy Commissioner of Canada Commissariat à la protection de la vie privée du Canada Conclusion • Privacy, continually redefined • Wyndowe v. Rousseau (2008 FCA 39) • An individual has a right of access to the information he or she provides in the context of an independent medical exam performed by a third-party doctor and to the final opinion of the doctor • Privacy Commissioner v.Blood Tribe Department of Health (SCC decision pending) • Review of solicitor-client privileged documents

More Related