The right to be forgotten in Canada
How is Canada's human rights record in the digital age?
Federally, two pieces of legislation regulate the protection of privacy by Canadian entities. Provincial legislation, when found to be sufficiently similar, overrides the requirements of these two bills:
The Privacy Act governs federal departments and agencies
The Personal Information Protection and Electronic Documents Act (PIPEDA) governs private-sector organizations
PIPEDA received a notable update when the Digital Privacy Act received royal assent in 2015. The Office of the Privacy Commissioner contends that both pieces provide a right to be forgotten, but only from search engines. In light of recent events, it seems timely to question whether that is sufficient. The Equifax hack, the revelation to the general public that Facebook is a largely unguarded treasure trove for data miners, and the news that Grindr was sharing personal medical details with third parties have reminded the general public of two age-old truisms:
If it's on the internet, anyone can find it.
No system is impenetrable.
More recently, Facebook 'broke' Tinder in what only be described as a knee-jerk reaction when a rushed security update cut off the apps' ability to access user information on Facebook. Many would view a broken dating app as a marginal concern, or even a positive for society. It's best thought of in the following terms: in rushing to strengthen network security, the operator has locked out a third-party vendor and deprived the main user-base of any utility derived from it. Imagine the consequences of this scenario if it played out elsewhere. What if Visa, in strengthening user-authentication, locked out POS-terminals for a major gas-stop or ATM operator. The disruption would be nothing short of chaos and the legal issues neverending.
Now here's a more scary thought, though one familiar to most federal employees in Canada affected by the Pheonix payroll system: Imagine if a national government locked out any department or subnational government from their systems. Consider the issues if police forces couldn't share data, or airports couldn't communicate with the FAA. What if it was deliberate, a sacrifice for the greater good? journalists have grappled with issues of access to information since long before the dawn of the internet in a way very similar to the modern data-economy. Both require the collection of information, sometimes against the interests of relevant parties, to be commoditized in newspapers and ad space.
Recently, a symposium was held in Toronto, addressing these issues within a Canadian context. The event, Striking the Balance, featured a number of privacy experts and leaders within the tech and journalism industries. The debates they had are part of an ongoing global discussion playing out in every country that we should all be mindful of.
[youtube