Privacy

Cities could add another layer to data protection

By Mia Clarke, Associate Editor

Protecting citizens' private online information is so important that municipalities are even stepping up to provide another layer of protection to consumers, says London, Ont. privacy lawyer Peter Dillon.

On Nov. 6, voters in San Francisco will decide whether to enact a municipal “Privacy First Policy.” If passed, businesses in the city would be required to disclose their data collection policies and obtain input from communities impacted when drafting them, says Dillon, a partner with Siskinds LLP.

“The policy is intended to protect the residents and visitors of San Francisco from having their personal information misused by companies who do business in the city,” he tells AdvocateDaily.com.

“Consumers are more concerned than ever about how their personal information is being used — whether to profile them or if sold to other companies,” says Dillon. “Consumers are more hesitant than ever to allow their data to be used and/or sold without permission.

“This is another step to protect their personal information,” he says.

While Canadian cities have the power to enact similar legislation, Dillon says it remains to be seen whether any will follow San Francisco’s lead. If they do, their policies would be trumped by existing provincial and federal law.

“In Canada, personal information is protected by the Personal Information Protection and Electronic Documents Act (PIPEDA), which governs how organizations collect, use and disclose personal information in the course of commercial business,” he explains.

“As cities across the United States begin to create ordinances that help protect the consumer from manipulation by businesses, it seems likely that major cities in Canada will follow suit if the policies and procedures prove effective,” says Dillon.

He says San Francisco’s move is a response to several high-profile cases, including one involving Facebook, Cambridge Analytica and the campaign to elect Donald Trump.

Siskinds recently filed a class-action lawsuit against Facebook on behalf of plaintiffs who may have had their data scraped by Cambridge Analytica through an app on the popular social media platform.

The lawsuit represents more than 600,000 Canadians who may be among 87 million people whose information was allegedly accessed.

Dillon says consumers “want the use of their personal information to come back under their own control.”

While data protection is not normally on a municipality’s agenda, the fact that cities are taking it on proves how important an issue it is, he says.

San Francisco's plan, which is made up of 11 privacy principles, defines personal information as any information that “identifies, relates to, describes, or is capable of being associated with, a particular individual," says Dillon.

He says this can include “anything from education to social insurance numbers or employment history.”

“If passed, San Francisco would become the second American major city behind Chicago to take action in protecting its citizens’ personal information. Chicago is currently considering whether it will implement a new city-wide privacy policy entitled 'Chicago Personal Data Collection and Protection Ordinance.'”

To Read More Peter Dillon Posts Click Here