Privacy sings two tunes

Song and dance over consent stifles service innovations

A decade ago, Bruce Phillips, the privacy commissioner of the day, was asked how we should protect privacy from the spread of new technologies through governments. He replied that they should always have to seek citizens’ consent for how they use their personal information.

Five years later, the Personal Information Protection and Electronic Documents Act (PIPEDA) came into force. It reiterated the same principle for businesses and organizations, stating that they must obtain consent for collecting, using and disclosing personal information in their public dealings.

Nevertheless, if governments and businesses are bound by the same principle, they have tended to apply it differently, partly in response to cues from the public. Comparing the two yields a couple of timely lessons.

When it comes to governments, the public sees consent narrowly. We think they should not collect our personal information unless they tell us why; and should not use it for other purposes or share it with other parts of government without seeking our permission.

In theory, this gives citizens almost complete control over when, where, how and why governments can use our personal information. If we don’t like what they plan to do with it, we can always say no when they show up at the door to ask.

While it’s not without justification, this suspicion nevertheless blinds us to the fact