A report published this week revealed that Canadian Internet providers are still falling short when it comes to being transparent about how they protect their customers’ privacy.
The report found that all telecom companies need to do more to keep customers informed about how they safeguard privacy.
The report, entitled Keeping Internet Users in the Know or in the Dark?, was released by IXmaps.ca and New Transparency Projects as part of a project spearheaded by Prof. Andrew Clement at the Faculty of Information, University of Toronto and Dr. Jonathan Obar, Faculty of Social Science and Humanities, University of Ontario Institute of Technology, with the assistance of a group of law students at UofT. They examined the data privacy transparency policies of 43 large and small companies that provide internet services to Canadians.
The report features an at-a-glance Star Chart, rating ISPs according to 10 key transparency criteria. The project was completed with the assistance of a group of nine law students from the University of Toronto’s Center for Innovation Law and Policy. They worked with Prof. Clement and Dr. Obar to update the criteria document, develop explanations to distinguish full, half, and no stars, and also took an in-depth look at the transparency of wireless service providers that control 90% of the market.
“Internet carriers are generally not transparent in their handling of personal information, earning on average only 2 stars out of 10 possible,” the report reads. “It is very difficult for Canadians to hold these important organizations to account and develop the trust in them appropriate to the sensitivity of the information they carry is such large volumes.”
The report makes these two “primary” recommendations alongside 11 smaller ones.
- To earn the trust of Canadians, the companies that carry their personal information via the internet need to be much more transparent about the handling of information – who has access to it, on what terms, how long it is kept, where it is stored, processed and routed – and generally more actively promote the privacy interests of their subscribers.
- Given the risks of mass suspicionless surveillance, especially by the National Security Agency, when Canadians’ data transits the U.S. or is handled by U.S. based transit providers, and the absence of legal or constitutional protections for Canadians’ data in these cases, Canadian retail carriers should avoid transferring personal data to companies that bring such exposure. Thus can be achieved by only handing domestic traffic off inside Canada to carriers that are exclusively within Canadian jurisdiction.
The project received funding from the Social Sciences and Humanities Research Council of Canada, the Office of the Privacy Commissioner of Canada and Canadian Internet Registration Authority (CIRA), and is affiliated with the New Transparency Project and the Information Policy Research Program at the Faculty of Information, University of Toronto.