Canada

The growing fight over personal information

The steady erosion of personal privacy, more than just airport scanners.

Just a few days after marking the New Year, Canadians learned they would soon be revealing yet another personal part of themselves: their bodies to airport scanners.

A decade ago, this intrusion would have seemed implausible. But now it is just another milestone in the steady erosion of privacy that computers and a restive world have brought about.

Today, closed-circuit television cameras stealthily capture pedestrians' images in the downtowns of at least 14 Canadian cities and countless shopping malls. Retail clerks routinely ask for customers' phone numbers or email addresses to add to a data bank.

Privacy Commissioner Jennifer Stoddart talking to the media about changes to the popular social networking site Facebook in August 2009. (Adrian Wyld/Canadian Press)

And social networking sites like Facebook have become bulletin boards for all manner of intimate detail.

Whether gossiping on a social networking site or chatting loudly on a cellphone on the downtown bus, people spill out secrets that once would have been reserved for a diary or best friend.

"People are telling things about themselves or their situations that they should really keep private," says Louise Fox, owner of The Etiquette Ladies, a company that schools everyone from kids to adults on manners.

"You never know where you're going to end up."

Data mines

Some people learn the hard way from these mistakes: They discover their personal information has been stolen and used to obtain a bank loan by someone else; or they are turned down for their dream job because of a middle-of-the-night musing or a compromising photo posted online.

Most, though, spend little time thinking about the possible fallout from this erosion of privacy. But that should probably stop, as the implications of all this data hoarding are becoming more widespread.

Leave aside the proliferation of closed-circuit TV cameras. And the virtual strip search that airline passengers will soon be undergoing.

Since 9/11, governments themselves have become huge data gatherers, all in the name of security.

But they aren't the only ones. In recent years, businesses have also evolved into massive information aggregators.

In the best-case scenario, this data is used to serve consumers better, for example by presenting other products that might interest them or offering special deals while shopping online.

But it can also be used for more ambiguous purposes.

A devil's bargain?

Commercial data banks are "a Faustian challenge," says Murray Long, a privacy consultant to government and businesses. "If we want something from a corporation, we have to be prepared to give up some privacy to get it."

Today, organizations known as data brokers collect personal information on consumers from a range of sources, including online shopping, web searches, social networking sites and public record databases.

Often people give their consent unknowingly by failing to properly read the privacy policy in contracts or default settings, an issue that is once again plaguing Facebook, the popular social networking website.

In recent weeks, Canada's privacy commissioner, Jennifer Stoddart, launched a second probe  into how Facebook treats personal information.

It is to go along with a more wide-sweeping examination into how personal data is being mined by both social networking sites and other businesses, with public hearings to be held later in the spring.

The hearings are designed to lead into a parliamentary review of the Personal Information Protection and Electronic Documents Act, which is now nine years old.

New Facebook privacy settings are unveiled in San Francisco in December 2009. But they do not stop the controversy. (Associated Press)

One of the main issues here is that so-called data brokers use this information to create detailed profiles, which are in turn sold to different buyers.

Retailers and other businesses can then use this data to try to answer questions about current or potential customers, such as how their health is or whether they can pay bills on time.

There are Canadian laws that guard against certain kinds of data pooling, as this type of information collection is known.

But as soon as this information crosses a border those safeguards can disappear, says Long

As companies outsource many of their operations, "data is moving globally much more than it ever did," Long says.

"It creates all kinds of pressures and concerns about who actually has our data, where it's stored and what kinds of protections are in place."

Pigeon-holed

What worries experts such as Queen's University's David Lyon is that this personal information is being used to sort people into groups.

That can mean that if you end up in the wrong category, you could face discrimination in the guise of inferior service or even advertisements that target personal vulnerabilities like gambling.

What's more, if you are caught in this kind of web, there is no easy way to change classifications.

The exchange of data is so obscure that individuals won't know why they landed in that particular group, says Lyon, who is director of the university's Surveillance Studies Centre.

"We are less aware than we should be about what happens to that data. The consequences, especially for those more vulnerable and marginal are huge."

Children targeted

Indeed, one often-targeted group is children, particularly if they visit certain popular websites designed for interaction.

A group called the Public Interest Advocacy Centre in Ottawa says that some of these sites use personal information to adapt the website to fit the child's profile. Then advertisers pay for exposure to this profiled child through games or other fun activities.

PIAC is calling for a ban on the collection of personal information for kids under 13. When they turn 18, it would like to see their private data wiped from websites unless they consent to leave it as is.

Following the attempted bombing of a Detroit-bound airliner on Christmas Day 2009, body scanners were introduced at airports in Canada, the U.S. and Europe. (Associated Press)

"Social networking is a huge swindle," says John Lawford, a lawyer with PIAC. "Everybody has been taken for a ride.

"People didn't question the business model. But that business model is to sell personal information to targets ads."

Facebook doesn't share personal information outright with companies unless given consent, its policy states.

But when the website changed and supposedly tightened its privacy rules in December, in response to complaints, it created a new default setting that allegedly reveals more private information, unless that person specifically chooses otherwise.

The site also allows advertisers to select certain characteristics for its ads, which are then directed at the appropriate users.

Why should anyone care if personalized ads are directed at them? They might be susceptible to the products targeted at them, whether it's sugary foods, weight loss pills, or gambling, Lawford points out.

Or they could find themselves boxed in a certain category from an early age.

"The person is typecast or stereotyped at an age when you're not supposed to do that," he says. "Even the criminal law doesn't do that: It gives a second chance."

now