The Internet of Things: Implications for Consumer Privacy under Canadian Law
by Samuel E Trosow, Lindsay Taylor and Alexandrina Hanam
Much recent attention has focused on the development of what is coming to be known as the Internet of Things (IoT). New digital products and services ranging from “smart” kitchen appliances, home heating/lighting/security systems and children’s toys to “wearable” personal health devices are promising to bring the benefits of real time network connectivity to a range of everyday activities. In providing consumers with devices that can communicate directly with each other, end-users are promised the benefits of efficient information data collection which can result in lower energy costs, improved health monitoring, enhanced safety and a variety of other claimed benefits.At the same time, the ability of advanced information systems to collect, store, evaluate, transmit and reuse vast amounts of data linked to the personal activities of individuals has very serious implications for security and privacy. As the range of connected consumer products expands to include more and more aspects of daily life, the tension between the practical social and economic benefits of the IoT with the security and privacy related risks and problems continues to widen. And as the amount of personal information that is being collected, stored and re-used continues to grow, new questions are arising about the continued adequacy of our current laws that are intended to protect the privacy, integrity and security of personal information.
In addition to the growing threat of unauthorized intruders breaking into data systems, the ability of the legitimate custodians of that data to reuse and share personal information has serious implications for personal privacy. The types of information gathered by the emerging Internet of Things are potentially very valuable from a marketing perspective, especially with the growing ability to link and analyze vast stores of data.
This paper examines these developments through the lens of Canadian privacy law, and asks how well emerging Internet of Things fits with these laws and their underlying policies. The statutory framework for Canadian privacy laws pre-date the emergence of the Internet of Things and many settled principles are no longer well equipped to deal effectively with the quick pace of technological change. So it is important to ask not only whether current IoT practices comply with the law as it now stands, but also what changes are needed in order to better reflect the purposes and policy goals underlying PIPEDA in light of technological developments.
In order to make this assessment, this project reviewed the general literature on privacy, its Canadian legal framework as well as specific terms in the privacy policies and terms of service agreements that consumers are given, and to which they must consent to in order to use various internet of things devices.
Our general conclusion is that Canadian privacy law is not keeping pace with the rapid changes accompanying the spread of the network technologies in general and Internet of Things more specifically. As a result, significant policy changes are needed to adequately protect the privacy and security interests of Canadian consumers.
Samuel Trosow email@example.com is an Associate Professor at the University of Western Ontario in the Faculty of Law and in the Faculty of Information & Media Studies (FIMS). Alexandrina Hanam and Lindsay Taylor are 2017 FIMS-M.L.I.S graduates. Daniel Weiss (2018 UWO JD candidate) and Scott Tremblay (2017 UWO JD) assisted with this research and are co-authors of the companion Submission to the Office of the Privacy Commissioner of Canada Consultation on Consent and Privacy. This research project was supported by a grant from the Foundation for Legal Research with additional support from the Western Law Faculty at UWO.
forthcoming now available via <a href="https://samtrosow.files.wordpress.com/2017/10/the-internet-of-things-implications-for-consumer-privacy-under-canadian-law.pdf]