Canada has one of the best privacy regimes in the world. We have provincial and federal privacy laws that cover public, health and private sectors, as well as commissioners to act as regulators around these laws. While there are opportunities for the regulators to seriously enforce these laws, as well as update this laws to this millennium, that's not the topic of the article. Instead, I would like us to get to a baseline agreement of what privacy is, as it's not defined very well.
I've worked in the privacy space for over a decade, and have been considered an expert in the area. Yet, as soon as someone hears I'm on Facebook or using social media, they question my role.
To me, privacy is not about being anonymous. Privacy is consent. I'm aware consent is a loaded term, and that's part of why I feel it's an important term to use in terms of personal information. There are many vulnerable people in the privacy space, and they're often ignored and even put at greater risk by the privileged who feel they have nothing to hide.
After consent, the second factor to consider is whether or not there is authentic awareness being made as to the risks of consent.
Let's look at a couple examples. I choose to use Facebook, you may not. In my case, I consent to them collecting my information and selling it to make a profit. I'm aware of risks, as I'm only one of the few who have read their terms of service. Do they authentically make you aware of the risk of providing your personal information to them? I would argue not, but for the most part, they do have a successful consent model -- you generally have to opt in to the service. Where I fundamentally oppose Facebook is when they collect your information without your consent. This could be through third-party trackers and ads around the web, or more importantly, when your friends give you up.
Your personal health information, including your mental and sexual history, is being put into databases without your consent. These databases will be compromised, there is no debate.
Facebook's machine learning, if not full of artificial intelligence (AI) yet, is really smart. If you upload a picture with you and a non-Facebook using friend, chances are high they know who that friend is from facial recognition. You've given Facebook a recent picture of that friend, as well as details about that friend -- which event they were at, at which location, and at what time and date. The same goes for adding a non-Facebook friend to your contacts, or talking about them on Facebook messenger. This is not a Facebook-specific problem -- chances are really high you've added a privacy-aware friend to your Google contacts, thereby giving Google knowledge of the whereabouts of that friend and when you communicate with them.
Why is this is a risk? I tweeted yesterday about the viral game "Pokemon GO" by Niantic which explains how when you login with your Google account, you give Niantic full access to your Google account. This means all of your emails now and in the past, your full Google drive, calendar and contacts.
Imagine I'm in communication with a stalking victim whose attacker works at Niantic. As a result of my actions, I could be putting that victim now at risk. That victim did not consent to my actions, and I'm responsible for this violation.
An even more obvious example is the future of health care in British Columbia. We're no longer in a consent model around personal information. Your personal health information, including your mental and sexual history, is being put into databases without your consent. These databases will be compromised, there is no debate. We're being told it will improve service delivery, but there is no evidence of this, nor is there any evidence this is what citizens want.
It's a make-work project that's costing tax payers millions of dollars for IT companies to make expensive mistakes with our health information. This is an egregious violation of privacy. Why? There is no consent.
I challenge the government to consider a consent model in terms collection, use and disclosure of personal information.
I want my health information to remain at my doctor's office, or I want to have my personal health information on my person in the form of a personal electronic health record. I do not want my personal information in a centralized database that's continually being compromised without my knowledge. I don't need to explain how British Columbians are not authentically being made aware of the risks of this ehealth initiative, because again, there is no consent.
It's impossible right now for the Government of British Columbia to tell you everywhere your personal health information lies, as your data is being shared to other databases as I write this. That's a violation of your privacy. When your mental or sexual health history has been compromised and disclosed, who will be responsible? Right now, financial penalties for government missteps come from taxpayers, which is not a very comforting incentive.
I digress, but after this eHealth make-work project has run out of money, I forecast we'll be following the U.K.'s NHS financial challenge where they're now providing citizen's health information to Google's artificial intelligence without citizen consent.
Where we do we go from here? I challenge the government to consider a consent model in terms collection, use and disclosure of personal information. Giving citizens autonomy over their data is the only responsible course of action.
I also challenge you, the reader, in whatever systems you use to collect, use or disclose personal information. Are you 100 per cent sure you have consent? If not, you're violating privacy. If you do have consent, are you authentically disclosing the risk of such consent? If not, why not? We have a real opportunity to be global leaders in privacy, and this is exactly how we do it.
It's a really simple concept that I hope starts to resonate: Privacy is Consent. The only responsible outcome we can take is to ensure we have consent wherever possible. If we're aware of any case where personal information is being used without consent, we need to stand united and resolve that, as the victims may not be in a position to be heard.
Follow HuffPost Canada Blogs on Facebook
MORE ON HUFFPOST:
From CBC: '8 Facebook Privacy Flaps' An Indian man opens a Facebook page on his mobile phone in Hyderabad, India, Thursday, May 17, 2012. The company's shares are expected to begin trading on the Nasdaq Stock Market on Friday under the ticker symbol "FB". Facebook is likely to have an estimated market valuation of some $100 billion, making it worth more than Kraft Foods, Ford or Disney. (AP Photo/Mahesh Kumar A.)
When Facebook launched "news feed" in 2006, it angered many users by not giving them control of who could see their updates, or the ability to opt out. A "Students Against Facebook New Feed" group was set up by university student Ben Parr, now a well-known writer and expert on social media and internet technology. After it had garnered nearly 300,000 members in two days, Zuckerberg apologized on the Facebook blog. "We really messed this one up," he said. Conceding that "we didn't build in the proper privacy controls," Zuckerberg described the move as "a big mistake on our part." An unidentified 11-year-old girl looks at Facebook on her computer at her home in Palo Alto, Calif., on Monday, June 4, 2012. Though Facebook bans children under 13, millions of them have profiles on the site by lying about their age. The company is now testing ways to allow those kids to participate without needing to lie. This would likely be under parental supervision, such as by connecting children's accounts to their parents' accounts. (AP Photo/Paul Sakuma)
Beacon was a Facebook ad system that tracked what users did and what they purchased on partner websites, even for users who were not Facebook members. Adding to the privacy concerns, information about Facebook users' purchases were published without their explicit consent on their friends' news feeds. The Facebook community mobilized as confusion reigned over whether Beacon was an opt-in or opt-out system and within a month Zuckerberg apologized. "We've made a lot of mistakes building this feature, but we've made even more with how we've handled them," he wrote. Facebook shut down Beacon in 2009. A Facebook logo is displayed on the screen of an iPad, Wednesday, May 16, 2012 in New York. Facebook's initial public offering is one of the most hotly anticipated in years. The company is likely to have an estimated market valuation of $100 billion when its shares begin trading on the Nasdaq stock market on Friday. (AP Photo/James H. Collins)
Facebook hired Burson-Marsteller, a public relations firm, to contact journalists and bloggers with accusations that Google was engaged in a "sweeping violation of user privacy." The problem, however, was that Facebook wanted it kept private that they were behind the anti-Google campaign. Once exposed, Facebook admitted that they should have behaved "in a serious and transparent way." FILE - In this May, 26, 2010 file photo, Facebook CEO Mark Zuckerberg talks about the social network site's new privacy settings in Palo Alto, Calif. Facebook has raised $500 million from Goldman Sachs and a Russian investment firm in a deal that values the company at $50 billion, The New York Times reported. Goldman invested $450 million and Digital Sky Technologies invested $50 million, the newspaper reported Sunday in its online edition, citing people involved in the transaction that it did not name. Goldman has the right to sell part of its stake, up to $75 million, to the Russian firm. (AP Photo/Marcio Jose Sanchez, File)
In 2010, Facebook introduced a new tool for users to share information about the things on the web that they liked. But, Facebook users who had clicked on the "like" button' for some products began seeing their name and photo used to promote the product. A class-action lawsuit was launched. Nick Begus became part of the class action after his friends saw his name being used to promote a 55-gallon barrel of personal lubricant he had "liked" as a joke. His sarcastic comment — "For Valentine’s Day. And everyday. For the rest of your life" — somehow became part of an ad for Amazon, where the barrel was for sale. As part of the settlement, announced in June 2012, Facebook has to make it clear what the implications might be if they use the "like" button and has to give users the chance to decline to be unpaid endorsers of a product. An economist testified that the new policy could cost Facebook $103 million in lost advertising revenue. A television photographer shoots the Like sign outside of Facebook headquarters in Menlo Park, Calif., Friday, May 18, 2012. Facebook CEO Mark Zuckerberg symbolically opened trading on the Nasdaq stock market inside Facebook headquarters in Menlo Park. Facebook stock is starting trading today, available to the general public for the first time. The social networking site, which was started in a college dorm room eight years ago, would be valued at more than $100 billion according to the price set for shares ahead of today's trading. (AP Photo/Paul Sakuma)
It's hard to say how much of a flap this one will be, since it's just getting started. Facebook has partnered with Datalogix, a company which tracks customers' purchases when they use a discount loyalty card while shopping, in order to show advertisers whether their ads are working. Privacy groups have expressed concerned about combining online data about ads with offline shopping data, and with how difficult it is for users to opt out. (A shortcut is this link to the Datalogix privacy page, where you can opt out.) Facebook says, "individual user data is not shared between Facebook, Datalogix or advertisers." FILE - In this Jan. 3, 2011 file photo, Facebook CEO Mark Zuckerberg smiles in San Francisco. Facebook Inc. CEO Mark Zuckerberg is speaking at a technology conference in San Francisco on Tuesday, Sept. 11, 2012, It is his first interview since the company's rocky initial public offering earlier this year. (AP Photo/Paul Sakuma, File)
Follow Kris Constable on Twitter: www.twitter.com/cqwww