1 / 14

Forgetting, Non-Forgetting and Quasi-Forgetting: Canadian Policy and Corporate Practice

Forgetting, Non-Forgetting and Quasi-Forgetting: Canadian Policy and Corporate Practice. Colin J. Bennett, Adam Molnar and Christopher Parsons Department of Political Science University of Victoria BC, Canada www.colinbennett.ca cjb@uvic.ca. Analysis of Social Networking Services.

mira
Download Presentation

Forgetting, Non-Forgetting and Quasi-Forgetting: Canadian Policy and Corporate Practice

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Forgetting, Non-Forgetting and Quasi-Forgetting: Canadian Policy and Corporate Practice Colin J. Bennett, Adam Molnar and Christopher Parsons Department of Political Science University of Victoria BC, Canada www.colinbennett.ca cjb@uvic.ca

  2. Analysis of Social Networking Services • 23 top SNSs in terms of usage in Canada • Content Analysis of Privacy Policies • Tests of Subject Access to PII by researchers • Law Enforcement Compliance Guides • Bill C-30 “Lawful Access” Legislation • Building Website – Canadian Access to Social Media Information (CATSMI) Funded by Social Sciences and Humanities Research Council of Canada (SSHRC) and Office of the Privacy Commissioner

  3. Federally Regulated Private Sector •  The Protection of Personal Information and Electronic Documents Act (PIPEDA) 2000 •  Applies to federally regulated businesses (communications, transportation, banking) and any enterprise that transmits personal data across provincial or international boundaries for a commercial purpose • Overseen by the Office of the Privacy Commissioner of Canada • Also applies to provincial regulated businesses where no “substantially similar legislation”

  4. The “Real and Substantial Connection to Canada” Test • Acusearch Decision – www.abika.com (2009) • Facebook Investigations (2009-2012) • WhatsApp Investigation with Dutch DPA (2012-13) • Cloud-Computing Applications

  5. Responses to Subject Access Requests Under PIPEDA, personal information means “information about an identifiable individual, but does not include the name, title or business address or telephone number of an employee of an organization.” • PII provided: Facebook, Twitter, Google+ • Responses received but no PII (yet): LinkedIn • PII refused: Tumblr • All others: No responses AND NO METADATA Complaint against Twitter?

  6. The Anatomy of a Tweet

  7. Article 17 of New EU Draft Regulation • The data subject shall have the right to obtain from the controller the erasure of personal data relating to them and the abstention from further dissemination of such data, especially in relation to personal data which are made available by the data subject while he or she was a child, where one of the following grounds applies:

  8. Article 17 of New EU Draft Regulation • the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; • the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or when the storage period consented to has expired, and where there is no other legal ground for the processing of the data; • the data subject objects to the processing of personal data pursuant to Article 19; • the processing of the data does not comply with this Regulation for other reasons. (EXEMPTIONS OR JOURNALISTIC AND ARTISTIC PURPOSES)

  9. Google’s Interpretation • THREE PROGRESSIVELY DIFFICULT PROVISIONS • Right to erase something generated by the user • Right to erase reposting of original posting • Right to erase posting by a third party

  10. Is there a right to be forgotten in non-European (Canadian) law? • Obligation of the data controller rather than right of data subject • Retention schedules -- PIAs • Withdrawal of consent for processing

  11. Forgetting, Non-Forgetting and Quasi-Forgetting • Forgetting, but not yet • Forgetting, but only for what we deem to be PII • Forgetting, but not information that friends have said and shared about you • Forgetting, but only for us, not for others • Forgetting, but not when requests come from law enforcement • Forgetting, but we cannot ensure complete erasure • Forgetting, except for third-party analytics

  12. The “Net Never Forgets” • “You may not realize it, but whenever you go online, you’re building an identity through the words and images you post and the activities you do. This can become part of your reputation, and it can be a lasting one. Once personal information goes online, it may be difficult to delete. While you may be able to delete it in one place, there may be cached versions or copies stored elsewhere that you cannot control. Digital storage is cheap and computer memory is plentiful--and unlike people, the Net never forgets”  (Jennifer Stoddart, Canadian Privacy Commissioner, January 28th, 2011).

More Related