#CyberFLASH: Using Big Data for targeted advertising could violate Canadian privacy law

 

BCE Beats Profit Estimates as Smartphone Subscribers GainOn April 7, 2015, the Privacy Commissioner of Canada ruled in its Report of Findings #2015-001 against Bell, one of Canada’s largest telecommunications companies. The Commissioner ruled Bell’s targeted advertising program violated federal privacy law, the Personal Information Protection and Electronic Documents Act(PIPEDA), since Bell did not obtain adequate consents for facilitating the delivery of third party behaviourally targeted ads to its customers. Following the release of the Commissioner’s Findings, Bell decided to withdraw its Relevant Ads Program and delete all existing customer profiles related to the program. It is important to note the decision did not take into account whether Bell was in compliance with the Telecommunications Act(Canada), and this issue is currently before the Canadian Radio-television and Telecommunications Commission (CRTC).

The purpose of PIPEDA is to establish rules to govern the collection, use and disclosure of personal information in a manner that recognizes: (a) the right of privacy of individuals with respect to their personal information; and (b) the need of organizations to collect, use or disclose personal information for purposes that a reasonable person would consider appropriate in the circumstances. In making its analysis, the Commissioner examined the sensitivity of the information and the reasonable expectations of Bell’s customers.

The decision establishes “Big Data” as sensitive personal information. Big Data is a broad term used to describe vast amounts of data, collected over time or from multiple sources. Using data analytics or other forms of computational interpretation, Big Data may reveal human preferences, behavior and patterns. Principle 4.3.6 of PIPEDA provides express consent is the appropriate form of consent when personal information is likely to be considered sensitive. The Commissioner found the breadth of information gathered from multiple sources would render the information, when compiled, more sensitive than the individual elements of that information. These multiple sources included:

  • Internet, television and telephone network usage information (such as websites visited and apps used on a mobile device);
  • demographic information (such as billing address, age, gender, language, credit score, average revenue, payment patterns, plan type and mobile device information); and
  • information generated or inferred (e.g. customer interest categories).

Read more here

#CyberFLASH: Bell faces $750 million lawsuit over targeted ad program

bellThe battle over BCE Inc.’s contentious targeted advertising program is moving into the courtroom after a $750-million class action lawsuit was filed against its Bell Mobility and Bell Canada units.

Court documents filed with the Ontario Superior Court of Justice allege that the Mississauga, Ont.-based subsidiaries of BCE breached contractual obligations, privacy laws and the Telecommunications Act resulting from their “unauthorized use and disclosure of [clients’] personal information” to a third party without explicit consent. By doing so for a fee, Bell was “unjustly enriched” and ought to be financially liable for “the anguish, suffering and distress” caused by its “unlawful intrusion,” the filings state.

Bell spokesperson Jacqueline Michelis declined to comment on the lawsuit, filed Thursday.

Ted Charney of Toronto’s Charney Lawyers, one-half of the counsel representing plaintiff Settimo Tocco, a Bell Mobility client with data service who resides in Windsor, Ont., estimates as many as five million of Bell’s 7.9 million wireless customers were tracked under the so-called Relevant Advertising Program (RAP) through their use of Internet data, making this “the largest privacy breach ever ” in Canada.

“We think there’s going to be some damages awarded to each class member, and the real question is ‘what’s the amount going to be?’” Charney said in an interview Friday. “Could be anywhere from a couple hundred dollars to a couple thousand dollars, depending on the nature of the privacy breach and the circumstances of how the breach happened.”

Read more here

 

#CyberFLASH: Why Bell’s targeted ad approach falls short on privacy: Geist

bell.jpg.size.xxlarge.letterboxIn October 2013, Bell announced the launch of a targeted advertising program that uses its customers’ personal information to deliver more “relevant advertising.” The announcement sparked hundreds of complaints with the Privacy Commissioner of Canada and a filing by the Public Interest Advocacy Centre over the same issue with the Canadian Radio-television and Telecommunications Commission.

Nearly a year and a half later, the complaints and filings remain unresolved. The CRTC case has succeeded in placing considerably more information on the public record, however, offering a better perspective on what Bell is doing and why its privacy approach falls short.

From Bell’s perspective, the targeted advertising approach, which it calls RAP or Relevant Ads Program, does not involve the collection of additional information (it already collects whatever is being used) and the company allows users to opt out of this use of their information if they so choose. Moreover, it argues that the program is similar to what telecom companies in the United States as well as Internet giants such as Google and Facebook offer.

Yet documents now available on the public record reveal that there are important differences, creating serious privacy concerns.

Read more here

#CyberFLASH: Google eyes expanded smartphone advertising in 2015

9631175Internet giant Google aims to better use smartphone data to enable advertisers to reach out to mobile users. Google Canada’s Sam Sebastian says the challenge is finding a balance between information collection and user privacy.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.