Language selection

OPC Logo Office of the Privacy Commissioner of Canada

Search

Appearance before the Standing Senate Committee on Transport and Communications regarding the practice of collecting and analyzing data from Bell Canada customers for commercial purposes including targeted advertising

April 29, 2014
Ottawa, Ontario

Opening Statement by Chantal Bernier
Interim Privacy Commissioner of Canada

(Check against delivery)

Introduction

Thank you Mister Chair and Members of the Committee for your invitation.

Joining me today is Regan Morris, Legal Counsel.

Today I will address the three issues raised in the Committee’s invitation: i) our views on the practices of the telecommunications industry; ii) responsibilities of telecommunications companies; and iii) safeguards.

As you know, my Office is responsible for overseeing compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s private sector privacy law. Telecommunications companies, therefore, fall under my Office’s jurisdiction.

We are currently investigating the recent changes to Bell Canada’s privacy policy. However, as required under section 20 of PIPEDA, our investigation must be conducted in confidence.

While this means we cannot talk about this investigation specifically, I would like to discuss a few privacy issues as they relate to telecommunications companies.

Practices of Telecommunication Companies

A key issue relevant to telecommunications companies’ practices arises from advances in technology that often involve organizations using personal information to create detailed profiles of consumers in order to personalize products and services according to inferred interests.

Of course, wanting to know about your customer is nothing new. But what is new is the fact that businesses now have the tools to paint increasingly detailed pictures of individuals.

Telecommunications companies’ practices are evolving in the face of competition in the online and digital environment. In the online world, for example, our investigation of Google and online behavioural advertising, released this past January, revealed a business model that uses personal information of individuals’ Internet activities to target advertisements.  The more targeted the advertisement is, the more lucrative it is.

Consent and marketing is one area that we have examined over the years.  Other practices of telecommunications companies that have raised privacy concerns involve the collection of personal information for verification and authentication; the disclosure of personal information to family members; and the disclosure of personal information to law enforcement. 

Responsibilities of Telecommunication Companies

In the face of complexity and competition in the digital age, transparency and the role of privacy policies are key in ensuring valid consent and individual control of personal information.

Last spring, our Office, along with 18 other global enforcement agencies, conducted an online sweep examining the meaningfulness and transparency of privacy policies. The results indicated that many websites had no privacy policies and some had over-generalized statements offering no details on how they were using customer information. As a result of the sweep, some of these organizations have improved their privacy policies.

We have published the full list of observations from the Sweep on our website, which also includes best practices that were observed.

Safeguards

Telecommunication companies must also have appropriate safeguards to protect consumers from inappropriate access to their personal information. Digital technology has enabled organizations to collect and retain vast amounts of information which can be vulnerable to security breaches.  Robust procedures to authenticate individuals and up-to-date technological measures to protect customer information from attacks are key to protecting personal information. 

Our role

In addition to investigating complaints and breaches, my Office addresses privacy challenges through a number of other activities.  For example:

  • we have developed tools to help businesses benefit from technology while respecting privacy, such as guidelines and a policy position on online behavioural advertising, guidance on household accounts, and guidance on online consent and privacy policies to be issued soon;
  • earlier this year, we made recommendations to Parliament to reform existing privacy legislation to require private-sector entities, such as telecommunications companies, to publicly report on their use of  provisions under to release personal information to national security entities without court oversight.

Conclusion

I would like to conclude by emphasizing that compliance with privacy legislation does not present a barrier to innovation.

The privacy issues that telecommunication companies need to address are challenged by issues such as the changing nature of technology.

Respecting privacy within the technology ecosystem is vital.  Addressing transparency, obtaining valid consent, and putting in place appropriate safeguards, are key components of maintaining consumer trust.

I would like to thank the Committee again for their time and I am happy to take your questions.

Date modified: