Evidence of meeting #51 for Access to Information, Privacy and Ethics in the 41st Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was nexopia.
A recording is available from Parliament.
3:50 p.m.
Conservative
Patricia Davidson Conservative Sarnia—Lambton, ON
Is there a danger in legislating too much, because of the rapidity with which technology changes and the slowness with which legislation changes? Is it better not to have it in legislation?
October 18th, 2012 / 3:50 p.m.
Executive Director and General Counsel , Public Interest Advocacy Centre
Let's take the example of data breaches. Now there's something that has shown that, although we have a good act, something can come along such as hacking or data-handling practices that can become a chronic problem. It's worth tuning up the act for that. Otherwise, the act itself, PIPEDA, is very technology neutral and written in an all-encompassing way. It really just needs tweaks. It's not something that needs to be changed much. It's a good framework. What's missing on top, from our point of view, is teeth in the enforcement.
3:55 p.m.
Conservative
Patricia Davidson Conservative Sarnia—Lambton, ON
I want to go back for a minute to the issue you were talking about with Nexopia and the 24 concerns and complaints that were raised. I think they agreed to comply with 20, but not with four.
3:55 p.m.
Executive Director and General Counsel , Public Interest Advocacy Centre
That's right.
3:55 p.m.
Conservative
Patricia Davidson Conservative Sarnia—Lambton, ON
Were those four all on retention issues, or were they on different things?
3:55 p.m.
Executive Director and General Counsel , Public Interest Advocacy Centre
They were all on retention issues.
3:55 p.m.
Conservative
Patricia Davidson Conservative Sarnia—Lambton, ON
What would be different about them? Why would there be four different ones?
3:55 p.m.
Executive Director and General Counsel , Public Interest Advocacy Centre
I believe one of them was a refusal to set up a retention schedule for new users. So it would say that you had to keep it for three years after you stopped being a user. One was offering a true delete button. There were two more that I'm afraid I'd have to take a look at my phone to find for you, but I could probably do that.
3:55 p.m.
Conservative
3:55 p.m.
Executive Director and General Counsel , Public Interest Advocacy Centre
No. At the moment, Nexopia will suspend an account so that you can't get into it, but it is still in existence in their servers.
3:55 p.m.
Conservative
Patricia Davidson Conservative Sarnia—Lambton, ON
With other companies, is there is a true delete button?
3:55 p.m.
Executive Director and General Counsel , Public Interest Advocacy Centre
There are not many companies that do true delete. My understanding is that you can go through Facebook for individual items and delete. But the question is whether they are truly deleted or not in backup of backup of backup. They say they are for most purposes. But you have to go item by item; you can't delete a whole profile easily. I don't know of any websites that do a good job of that at the moment, but I can't claim to know of them all.
3:55 p.m.
NDP
The Chair NDP Pierre-Luc Dusseault
Your time is up.
I am going to give the floor to Mr. MacAulay, who is here with us today.
You have seven minutes.
3:55 p.m.
Liberal
Lawrence MacAulay Liberal Cardigan, PE
Thank you, Mr. Chair.
I'm new at this committee. I appreciate your presentation and appreciate having you here.
Is there such a thing, even though Nexopia does not have it, as a true delete button? Can we know that information is not there?
3:55 p.m.
Executive Director and General Counsel , Public Interest Advocacy Centre
I think that's a very hard one for social networks, which are designed to solicit and then keep information. That's the way they run. I don't believe they've been designed from the ground up to easily delete information permanently and to guarantee, on an auditable basis, that it's been done, whereas a hospital or something else that has a more robust data-handling information services background might be able to do that.
The problem they often cite is that they make backups. Then the backup has it. And then a previous backup has it, and you'll never get rid of it. So, theoretically, we can always get to it.
But it's just a system design thing. If it's required, then I'm sure they'll be able to design it into the next version.
3:55 p.m.
Liberal
Lawrence MacAulay Liberal Cardigan, PE
Again, perhaps it's inappropriate, but could it be designed? That's just a matter of opinion. I think the delete button is something like speaking to a reporter off the record: it's off the record till they need it. That's basically what you're telling us.
3:55 p.m.
Executive Director and General Counsel , Public Interest Advocacy Centre
At the moment, I think that's the reality for most social networks, because the pressure is to keep data and/or at least anonymize it so it can be used for other purposes and you don't lose the value of it.
3:55 p.m.
Liberal
Lawrence MacAulay Liberal Cardigan, PE
It certainly seems quite serious to me when you can collect information on what sex they are, what they desire, and this type of thing. That's serious. They make money on this type of activity. It's totally unacceptable.
3:55 p.m.
Executive Director and General Counsel , Public Interest Advocacy Centre
The Privacy Commissioner said in her finding, especially for youth users, that a lot of the information was sensitive: which school you go to, what gender you are. They had a very long list of interests, and a lot of the interests are things like clubbing, partying, drinking, or things that might be something they don't want parents or other adults to see.
3:55 p.m.
Executive Director and General Counsel , Public Interest Advocacy Centre
It's a choice, so it's been identified by that person. There are also a lot of free forums, so you can write your friends, just like on Facebook or anything else. I think a lot of the information is just sensitive through its context.
3:55 p.m.
Liberal
Lawrence MacAulay Liberal Cardigan, PE
There's a big difference between being 14 and 24, too, and you don't want that on there.
4 p.m.
Executive Director and General Counsel , Public Interest Advocacy Centre
A big part of our complaint was saying that it might be reasonable for an adult at 24 to make the choice to put that sort of sensitive information into a public area, but often teens don't have the maturity to understand that it's going to be available either outside the site, in the case of Nexopia, or even within the site.
4 p.m.
Liberal
Lawrence MacAulay Liberal Cardigan, PE
I take it you think the Privacy Commissioner should have more authority, more clout, to be able to enforce.