Online privacy and identity A regulatory body - PowerPoint PPT Presentation

1 / 17

About This Presentation

Title:

Online privacy and identity A regulatory body

Description:

... that are accessible from Canada may fall under the OPC's ... The Ticketmaster case. The private life of avatars. Office of the Privacy Commissioner of Canada ... – PowerPoint PPT presentation

Number of Views:64

Avg rating:3.0/5.0

Slides: 18

Provided by: mque4

Category:

more less

Transcript and Presenter's Notes

Title: Online privacy and identity A regulatory body

1
Online privacy and identityA regulatory bodys
perspective
Office of the Privacy Commissioner of
Canada Commissariat à la protection de la vie
privée du Canada
April 21, 2008, Montreal, QC
2
Internet Use and the Norm
Office of the Privacy Commissioner of
Canada Commissariat à la protection de la vie
privée du Canada

50 million in sales to Canadians
10 million Canadians use social networking sites
1 million Canadians visit Second Life each week
Over 1 billion in revenue from online advertising

3
Issues for the OPC
Office of the Privacy Commissioner of
Canada Commissariat à la protection de la vie
privée du Canada

Enforcing the law in a virtual environment
Enforcing Canadian standards in a global context

4
Personal Information Online
Office of the Privacy Commissioner of
Canada Commissariat à la protection de la vie
privée du Canada

Consumption
Financial institutions
Carelessness of Internet users
25 use privacy settings
3 adjust their cookies

5
Educating the Public
Office of the Privacy Commissioner of
Canada Commissariat à la protection de la vie
privée du Canada

Blogs
Protecting yourself when using social networking
sites

6
Ads Targeted at Consumers
Office of the Privacy Commissioner of
Canada Commissariat à la protection de la vie
privée du Canada

Marketing value
Online profiling is becoming more accurate
Googles acquisition of DoubleClick

7
Federal Trade Commission
Office of the Privacy Commissioner of
Canada Commissariat à la protection de la vie
privée du Canada

Proposed Online Behavioral Advertising Privacy
Principles
December 2007
Different from Canada

8
Jurisdiction in the Virtual World
Office of the Privacy Commissioner of
Canada Commissariat à la protection de la vie
privée du Canada

Lawson v. Accusearch Inc. (F.C.), 2007 FC 125
Real and substantial connection because much of
the data came from Canada/was about a Canadian
The issue of being able to effectively carry out
an investigation is separate from the issue of
having jurisdiction to investigate

9
Outcome
Office of the Privacy Commissioner of
Canada Commissariat à la protection de la vie
privée du Canada

Sites that are accessible from Canada may fall
under the OPCs jurisdiction for investigations
These sites must comply with PIPEDA

10
PIPEDA Standards
Office of the Privacy Commissioner of
Canada Commissariat à la protection de la vie
privée du Canada

The Streetview caseGoogle
The Ticketmaster case
The private life of avatars

11
International Cooperation is Essential
Office of the Privacy Commissioner of
Canada Commissariat à la protection de la vie
privée du Canada

FTC
Cooperation
Possibility of intervening in Accusearch Inc.s
appeal to the U.S. Tenth Circuit Court of Appeals
OECD
Guidelines on the Protection of Privacy and
Transborder Flows of Personal Data

12
The Influence of Canadian Standards- TJX
Office of the Privacy Commissioner of
Canada Commissariat à la protection de la vie
privée du Canada

Alberta-Federal investigation
Public findings
Loss of 60.8 million to date
A reserve fund of 178.1 million set up by
TJXthis represents an estimate of total losses

13
Security of Personal Information
Office of the Privacy Commissioner of
Canada Commissariat à la protection de la vie
privée du Canada

Identity theft/false pretence
Bill C-27 (An Act to Amend the Criminal Code)
Recklessness as to subsequent use of identity
information
being reckless

14
Review PIPEDA
Office of the Privacy Commissioner of
Canada Commissariat à la protection de la vie
privée du Canada

Provision on data breach notification
A clear definition of triggers and thresholds
for notification is essential
Two-step approach (i) notify those affected by a
loss of personal information where there is a
high risk of significant harm and (ii) have a
requirement that the OPC be advised of any major
loss or theft
OPCneed for objective information on the extent
and cause of losses

15
Identity in Context
Office of the Privacy Commissioner of
Canada Commissariat à la protection de la vie
privée du Canada

Gordon v. Canada (Health)(2008 FC 258)
Information will be about an identifiable
individual where there is a serious possibility
that an individual could be identified through
the use of that information, alone or in
combination with other available information.

16
Conclusion
Office of the Privacy Commissioner of
Canada Commissariat à la protection de la vie
privée du Canada

Canada
European standards
Individuals right/choice regarding protection of
their personal information
Multinational companies must ensure they comply
with PIPEDA online

17
Conclusion
Office of the Privacy Commissioner of
Canada Commissariat à la protection de la vie
privée du Canada

Privacy, continually redefined
Wyndowe v. Rousseau (2008 FCA 39)
An individual has a right of access to the
information he or she provides in the context of
an independent medical exam performed by a
third-party doctor and to the final opinion of
the doctor
Privacy Commissioner v. Blood Tribe Department of
Health (SCC decision pending)
Review of solicitor-client privileged documents