Guest Post: A Clear Cookie Jar: Discussing the Increased Autonomy of Our Digital Privacy

A Clear Cookie Jar: Discussing the Increased Autonomy of Our Digital Privacy

by Olivia Done

We all have privacy agreement fatigue, often accepting all cookies on browsers and skipping new privacy agreement emails. [1] However, recent changes to EU and Canadian digital privacy laws provide us with more user autonomy over data mining [2], terminology we can all understand and options to restrict and remove data collected. We’ll discuss everything in basic terms below, and give helpful tips on next steps you can apply in your digital life.

What is Bill C-11: The Digital Charter Implementation Act (DCIA 2020)?

This proposed bill would be the first update to Canadian digital privacy laws in decades [3]. It follows the EU’s implementation of the GDPR (2018), California’s implementation of the CPRA (2020) and public discussions about digital privacy following the Cambridge Analytica scandal. [4]

We all have a  general understanding that our data is being mined for advertising purposes, tailoring our online experiences to our interests without consciously choosing the topics. However, in the past there was no regulation or oversight to protect us as consumers, which is why the solution for digital privacy was often to stop using the service or don’t upload your information. The new regulations over digital privacy policies allow for greater freedom to continue using these services without an ‘all or nothing’ agreement.

The Acronyms Explained

When looking for information around the new and existing privacy acts, there are a myriad of acronyms, as seen in the  word cloud. This can lead to confusion. Below are some terms you might need to know.

Bill C-11 = the proposed Digital Charter Implementation Act (known as the DCIA 2020 – these acronyms are sometimes used interchangeably)

This legislation replaces:

PIPEDA (the Personal Information Protection and Electronic Documents Act) with:

CPPA (Consumer Privacy Protection Act)

AND

PIPDT (Personal Information and Data Protection Tribunal Act). [5, 6]

 

These Canadian policies are often referenced in relation to (and build upon):

GDPR: The General Data Protection Regulation, European Union, enacted in 2018, and

CPRA: The California Privacy Rights Act of 2020.

What to Expect in Privacy Policies, Terms and Conditions and Cookie Notices:

The DCIA 2020 [7] will require organizations to use plain language to gain consent. They must specify:

1. The purposes for collection, use or disclosure
2. The way in which personal information is collected
3. Any reasonably foreseeable consequences of the collection
4. The names of any third parties

There are also new requirements about accessing and deleting data, along with algorithmic transparency. [8]

What Does this Mean for Your Apps?

Apple’s App Tracking Transparency:

With IOS 14, all apps that wish to track, access one’s device’s advertising identifier or share information with data brokers must get explicit permission and follow an AppTrackingTransparency framework [9]. Interestingly, this has sparked a ‘data privacy war’ with Facebook [10]. While Facebook fears lack of personalized ads will harm small businesses, Apple believes digital privacy is a human right and are creating these tools to allow users to make informed decisions.

Google:

Google’s updated Terms and Agreements (updated November 2020) and Privacy Policy (updated February 2021) along with new tools to manage account and data preferences reflect these new requirements. [11] For example, they explicitly describe when they share identifiable and non-identifiable information and discuss how it is used, providing examples, clarifications and definitions.

Google Takeout allows you to download all of your data within the different apps to review, export or delete. These requirements to allow users to request deletion of data were specified in the DCIA 2020 and the EU’s GDPR. [12]

You can see Google’s assumptions about your interests here. [11] Along with an understanding about what they know, there is an option to either turn off ad personalization completely or adjust your settings by removing certain automatically-created tags. This information is gathered based on your activity while you were signed in, including YouTube, location tracking from Google maps, audio recordings from Google assistant or Google home and activities in other Google apps. You can manage your activity here, allowing you to check a box about which of these activities can collect data to create more personalized recommendations. Within this tool, there is also the option for auto-delete, a feature that deletes activity data older than 3 months, 18 months or 36 months.

Cookie Notices:

When the cookie notice pops up on a website you’re visiting, rather than ‘accept cookies’, click on ‘more information’ or ‘our privacy policy’ and you will often find options to turn off and on specific types of cookies.

All of these legal changes and resources have been described to help you customize your digital footprint. I implore all of you to take a look at the new Apple tracking requests and cookie cookie notices to make your own decisions… and tell your friends and family too!

Want to learn more about Canada’s changing digital privacy laws? Check out guest contributor Alexander Howes’s post on internet regulation in Canada and Rachael Bradshaw’s post on Bill C-10 to learn more.

How much data tracking are you comfortable with? Will you deny all tracking or allow some depending on the content? Let us know in the comments below!

References

[1] Belanger, L. (2018, May 29) Here’s Why Your Inbox Is Filled With Privacy Policy Emails. Entrpreneur. https://www.entrepreneur.com/article/314170

[2] Heras, M. (2014, April 10) Data Mining: How eBay knew I’d buy that Batman Snuggie. Digital Tattoo. https://digitaltattoo.ubc.ca/2014/04/10/data-mining-how-ebay-knew-id-buy-that-batman-snuggie/

[3]  Bednar, V., & Surman, M. (2021, January 12) Digital privacy law is being updated for the first time in decades, and it’s imperative we get it right. CBC. https://www.cbc.ca/news/opinion/opinion-digital-privacy-bill-c11-1.5863117

[4] Hill, E. (2018, May 10). #DeleteFacebook? An investigation into the Cambridge Analytica scandal part 2. Digital Tattoo.  https://digitaltattoo.ubc.ca/2018/05/10/deletefacebook-an-investigation-into-the-cambridge-analytica-scandal-part-2/

[5] Buchanan, J., et al. (2021, March 20) Canada: Canada’s Privacy Overhaul: Deep Dive Into The Key Topics Of Data Subject Rights, Consent, De-identification, The Tribunal / Litigation And Data Governance. Mondaq. https://www.mondaq.com/canada/privacy-protection/1049118/canada39s-privacy-overhaul-deep-dive-into-the-key-topics-of-data-subject-rights-consent-de-identification-the-tribunal-litigation-and-data-governance?type=related

[6] Paszti, L., et al. (2020, December, 04) Canada: How Will Bill C-11 Change The Way Organizations Process Personal Information? Mondaq.  https://www.mondaq.com/canada/privacy-protection/1011928/how-will-bill-c-11-change-the-way-organizations-process-personal-information?)

[7] House of Commons of Canada. (2020, November 17) Bill C-11: First Reading.  https://parl.ca/DocumentViewer/en/43-2/bill/C-11/first-reading

[8] Government of Canada. (2020, November 17) Fact Sheet: Digital Charter Implementation Act, 2020 https://www.ic.gc.ca/eic/site/062.nsf/eng/00119.html

[9] Apple. (nd) User Privacy and Data Use. https://developer.apple.com/app-store/user-privacy-and-data-use/

[10] Sherr, I. (2021, April 26) Apple’s privacy battle with Facebook just became all-out war. CNET. https://www.cnet.com/news/apples-privacy-battle-with-facebook-just-became-all-out-war/

[11] Google. (2020, March 31) Privacy and Terms. https://policies.google.com/terms?hl=en-US

[12] Google. (nd) Google Takeout.  https://takeout.google.com/settings/takeout

[13] Google. (nd) Ad personalization. https://adssettings.google.com/u/0/authenticated

---

Written by Olivia Done

Edited by Rachael Bradshaw

Featured image Apps by Gerd Altmann via Pixaby License