THE BLOG

Featuring fresh takes and real-time analysis from HuffPost's signature lineup of contributors

Kris Constable Headshot

Privacy Must Be Defined By Consent In Today's Connected World

Posted: Updated:
PRIVACY SMART PHONE
solidcolours via Getty Images
Print

Canada has one of the best privacy regimes in the world. We have provincial and federal privacy laws that cover public, health and private sectors, as well as commissioners to act as regulators around these laws. While there are opportunities for the regulators to seriously enforce these laws, as well as update this laws to this millennium, that's not the topic of the article. Instead, I would like us to get to a baseline agreement of what privacy is, as it's not defined very well.

I've worked in the privacy space for over a decade, and have been considered an expert in the area. Yet, as soon as someone hears I'm on Facebook or using social media, they question my role.

To me, privacy is not about being anonymous. Privacy is consent. I'm aware consent is a loaded term, and that's part of why I feel it's an important term to use in terms of personal information. There are many vulnerable people in the privacy space, and they're often ignored and even put at greater risk by the privileged who feel they have nothing to hide.

After consent, the second factor to consider is whether or not there is authentic awareness being made as to the risks of consent.

Let's look at a couple examples. I choose to use Facebook, you may not. In my case, I consent to them collecting my information and selling it to make a profit. I'm aware of risks, as I'm only one of the few who have read their terms of service. Do they authentically make you aware of the risk of providing your personal information to them? I would argue not, but for the most part, they do have a successful consent model -- you generally have to opt in to the service. Where I fundamentally oppose Facebook is when they collect your information without your consent. This could be through third-party trackers and ads around the web, or more importantly, when your friends give you up.

Your personal health information, including your mental and sexual history, is being put into databases without your consent. These databases will be compromised, there is no debate.

Facebook's machine learning, if not full of artificial intelligence (AI) yet, is really smart. If you upload a picture with you and a non-Facebook using friend, chances are high they know who that friend is from facial recognition. You've given Facebook a recent picture of that friend, as well as details about that friend -- which event they were at, at which location, and at what time and date. The same goes for adding a non-Facebook friend to your contacts, or talking about them on Facebook messenger. This is not a Facebook-specific problem -- chances are really high you've added a privacy-aware friend to your Google contacts, thereby giving Google knowledge of the whereabouts of that friend and when you communicate with them.

Why is this is a risk? I tweeted yesterday about the viral game "Pokemon GO" by Niantic which explains how when you login with your Google account, you give Niantic full access to your Google account. This means all of your emails now and in the past, your full Google drive, calendar and contacts.

Imagine I'm in communication with a stalking victim whose attacker works at Niantic. As a result of my actions, I could be putting that victim now at risk. That victim did not consent to my actions, and I'm responsible for this violation.

An even more obvious example is the future of health care in British Columbia. We're no longer in a consent model around personal information. Your personal health information, including your mental and sexual history, is being put into databases without your consent. These databases will be compromised, there is no debate. We're being told it will improve service delivery, but there is no evidence of this, nor is there any evidence this is what citizens want.

It's a make-work project that's costing tax payers millions of dollars for IT companies to make expensive mistakes with our health information. This is an egregious violation of privacy. Why? There is no consent.

I challenge the government to consider a consent model in terms collection, use and disclosure of personal information.

I want my health information to remain at my doctor's office, or I want to have my personal health information on my person in the form of a personal electronic health record. I do not want my personal information in a centralized database that's continually being compromised without my knowledge. I don't need to explain how British Columbians are not authentically being made aware of the risks of this ehealth initiative, because again, there is no consent.

It's impossible right now for the Government of British Columbia to tell you everywhere your personal health information lies, as your data is being shared to other databases as I write this. That's a violation of your privacy. When your mental or sexual health history has been compromised and disclosed, who will be responsible? Right now, financial penalties for government missteps come from taxpayers, which is not a very comforting incentive.

I digress, but after this eHealth make-work project has run out of money, I forecast we'll be following the U.K.'s NHS financial challenge where they're now providing citizen's health information to Google's artificial intelligence without citizen consent.

Where we do we go from here? I challenge the government to consider a consent model in terms collection, use and disclosure of personal information. Giving citizens autonomy over their data is the only responsible course of action.

I also challenge you, the reader, in whatever systems you use to collect, use or disclose personal information. Are you 100 per cent sure you have consent? If not, you're violating privacy. If you do have consent, are you authentically disclosing the risk of such consent? If not, why not? We have a real opportunity to be global leaders in privacy, and this is exactly how we do it.

It's a really simple concept that I hope starts to resonate: Privacy is Consent. The only responsible outcome we can take is to ensure we have consent wherever possible. If we're aware of any case where personal information is being used without consent, we need to stand united and resolve that, as the victims may not be in a position to be heard.

Follow HuffPost Canada Blogs on Facebook

MORE ON HUFFPOST:

Close
8 Facebook Privacy Flaps
of
Share
Tweet
Advertisement
Share this
close
Current Slide