In the past month, PACC president Sharon Polsky, MAPP had the honor of being invited to testify before the Standing Committee on Industry and Technology (INDU) to contribute to its study of Bill C-27, and the Standing Committee on Access to Information, Privacy and Ethics (ETHI), which is studying the Use of Social Media Platforms for Data Harvesting and Unethical or Illicit Sharing of Personal Information with Foreign Entities.
In both Committees, Sharon’s testimony reflected the views of PACC members and her own research through the last three decades.
Although the studies are being conducted by different groups of MPs, about different matters, there are several commonalities that relate to privacy, safety, security, and democracy.
The current consent model — which has facilitated the collection and monetization of vast amounts of personal information by social media companies and data brokers — continues under Bill C-27. The Bill does not require any greater granularity when stating the purpose for collecting personal information; so we can expect the status quo to remain, without any way for users to really understand what they are agreeing to when they click “I Agree”.
Sharon reminded Committee members that many companies and regulators acknowledge that few people actually read website privacy policies; and pointed out that organizations that collect personal information knowing they have not obtained informed consent are in violation of privacy laws that require they obtain informed consent when or before collecting personal information.
MP Matthew Greene questioned the effectiveness of current consent mechanisms, and asked how the process could be improved. That was an opportunity for Sharon to describe a new internationally-applicable consent model being developed that will include a publicly‑accessible index of organizational compliance with privacy laws. The new consent model will put the onus on organizations to demonstrate whether and the extent to which they comply with privacy laws, enabling people to make informed choices and facilitating regulatory enforcement. A critical component of compliance is demonstrating that an organization’s privacy officer is qualified to do the work, as demonstrated by their certification under the PACC Professional Certification program.
MPs in both Committees also expressed concern about children’s online safety; so it was fitting that Sharon was invited to testify before the ETHI Committee on World Children’s Day, which commemorates the 1989 adoption of the UN Convention on the Rights of the Child.
A detailed discussion of Bill C-27 is being drafted; and ETHI Committee Chairman, John Brassard requested a written submission expanding on the issues and recommendations Sharon raised in her testimony.
PACC members are invited to share their insights about Bill C-27 and the issues surrounding data harvesting and social media platforms, so they might be incorporated into the submissions for the ETHI and the INDU Committees.
