1 minute read
Canadians'PrivateDataNeedstobeSafeguarded
dueto“consentfatigue.”
This follows other recent stories of companieseithersellingpersonaldataornotdoing enough to protect it once it's in their hands or tracking individuals without their consent. Some may recall that Tim Hortons was also rebuked by thePrivacyCommissionerthissummerduetotheir apptrackingandrecordingcustomer'smovements, evenwhentheappwasn'trunning.
Advertisement
In either case, punishment for these companies exists somewhere between negligible and nonexistent. Home Depot is now required to cease providing Meta with customer data until it starts implementing systems to receive direct consent. Tim Hortons had to delete customer locationdatagatheredbytheappandestablishand maintainaprivacymanagementprogram.Nofines, no other punishment, as long as those companies agreetostrengthentheirprivacypolicies.
User data is big business for tech companies.Manytechcompanies,includingMeta, Twitter,YouTube,andothers,providetheirservices for no monetary compensation, but instead collect userdatatothenmonetize,inadditiontotraditional revenue streams like advertising. People have an expectation that if they sign up for a service that uses their data for one purpose, that the data they provide isn't being sold or provided to other companies.
Digital privacy and data protection aren't new concepts in the grand scheme of things. FacebookandYouTubehaveexistedforalmost20 years,andevenemailbecameanormalpartofour everydaylivesforadecadebeforethat.Butneither the current Liberal government nor the former Conservative government has done anything significant to protect user data from the type of practices that Home Depot and Tim Hortons have done with customer data. While PIPIDA and Canada's Anti-Spam Legislation (CASL) are starting points, companies clearly aren't too worried about whether they breach these acts becausethere'slittlepenaltyfordoingso. Canadians are justifiably concerned for theirprivacy,securityandconsumerrights.It'stime we create a Canadian Digital Bill of Rights that protectspeople'sdata.Thisshouldincludeboosting thepowersofthePrivacyCommissionertoenforce orders and levy fines and penalties to ensure compliance by large companies for potential data breaches. It's not enough to take corporations at their word when they say “this won't happen again,” we need to ensure that they protect any personaldatatheyreceivewiththeutmostcare,or face actual, serious consequences. Only when the threat of playing fast and loose with people's personal data results in hurting a corporation's bottom line will they start taking data protection seriously.
Digitalsafetyandprivacyneedtobeplacedabove theprofitsofcompanies. Canadiansdeservetobe comfortableintheknowledgethattheirdataisonly being used in ways in which they have already agreedto.
