OTTAWA – Bell Canada’s new privacy policy, implemented last fall and which sparked outcry from customers, is now under scrutiny of the Senate. The communications and broadcasting company’s practices are currently under investigation by the Office of the Privacy Commissioner.
While Red Chamber can’t look at the specific details of the company’s customer information collection practices because they are subject to an ongoing investigation, the Standing Senate Committee on Transportation and Communications did get the opportunity to question Canada’s top privacy watchdog on broad issues around privacy law and communications companies.
Chantal Bernier, interim Privacy Commissioner, noted that it’s not new that companies collect and use customer information for commercial purposes. “But what is new is the fact that businesses now have the tools to paint increasingly detailed pictures of individuals,” she said during her appearance on Tuesday.
The emergence of the online and digital environments as vehicles for a broad range of services is now forcing companies, including telecommunications carriers, to increasingly use the surfing and viewing habits of their customers to gain more insight into their likes, dislikes and preferences. Google provides an example of a company that collects, analyzes and uses individuals’ web surfing activities in behavioural advertising.
This is very important for companies operating in the online environment, argued Bernier.
“The more targeted the advertisement is, the more lucrative is,” she said in her opening remarks.
But even in a world where companies can access more granular data about their customers, there still needs to be some overriding principles to protect individuals from the misuse of their information.
“In the face of complexity and competition in the digital age, transparency and the role of privacy policies are key in ensuring valid consent and individual control of personal information,” stated Bernier.
Safeguards must also be implemented by telecommunications companies to protect against inappropriate access of personal information.
“Digital technology has enabled organizations to collect and retain vast amounts of information which can be vulnerable to security breaches. Robust procedures to authenticate individuals and up to date technological measures to protect customer information from attacks are key to protecting personal information,” she added.
Bernier acknowledged that the telecommunications market is competitive and that privacy laws shouldn’t be a barrier to doing business. Rather PIPEDA (the Personal Information Protection and Electronic Documents Act) is supposed to ensure “fair balance between economic growth – allowing organizations to collect what they need to do business – and privacy,” said Bernier.
In the case of sensitive information and that for children, consent needs to be explicit and an opt-in approach would be best. There are, however, situations where an opt-out principle would work, particularly as it relates to customer experience. But this doesn’t mean that telecommunications companies can play willy-nilly with customers’ personal information.
In an opt-out scenario, “transparency must be met and it must be very clear to the consumer what opt-out leads to in terms of what is collected, what are they going to do with it, who are they going to share it with and the consumer must be in control of all of that,” stressed Bernier.
The Privacy Commissioner noted under questioning that there is a need to add more enforcement capacity to the office because of the imbalance of power between individuals and companies. In Bernier’s view, provisions under proposed Bill S-4 would provided that added strength.
Among those are: a rule giving the Office one year rather than 45 days to send an investigation to the courts; giving companies found in violation of the law time to come into compliance; and a provision that requires companies to report incidents of personal information breach.
While this proposed bill makes it way through the Senate, changes to Canada’s privacy guidelines regarding online consent are coming later this year, noted Bernier. They will deal with consent on mobile devices as well as include guidelines and a policy position on online behavioural advertising. The guidelines are expected to be released in May.
She’s also hopeful that Parliament will also soon respond to recommendations from the Privacy Commissioner’s office on how to strengthen the country’s privacy laws. Among those recommendations is a requirement on telecommunications companies to publicly report on how they comply with PIPEDA. There is another on releasing personal information to national security entities without court oversight.
Bell Canada appears before the committee on Wednesday.
