Canada’s Privacy Commissioner is sticking to her guns in demanding Bell
Canada clearly tell Internet subscribers
on all of its networks that it collects some identifying information when it manages traffic.
The final decision came this week from commissioner Jennifer Stoddart, who in April found that the telco’s public explanations of its use of deep packet inspection technology (DPI) to slow traffic of some Internet subscribers doesn’t comply with its obligations under the federal privacy law, PIPEDA.
She had given time for Bell to reply to the finding, but said none of Bell's submissions altered her conclusions and therefore issued the report.
Stoddart found Bell only collects the identifying Internet numbers of subscribers’ routers or computers, which is included in every packet of information on the Internet. These dynamic IP addresses can’t identify individuals. They can, however, be traced to a user's ID. Stoddard concluded IP addresses are personal information, and therefore the telco could do a better job of explaining what it does.
It's the second time an authority has chided Bell relating to its traffic management policies. Last November, the Canadian Radio-television and Telecommunications Commission rejected a call from the Canadian Association of Internet Providers to stop Bell from managing the traffic of independent Internet providers who buy connectivity from the telco. However, the commission did order Bell to better inform ISPs when it does things that will affect the performance of their networks. CAIP has asked the commission to re-examine that decision.
Bell uses DPI to punish those it believes hog bandwidth by using peer-to-peer (P2P) applications to share videos, music and other bulky files. The technology identifies the P2P headers on traffic, which the telco slows. Others online aren't affected. Not only does Bell inspect the traffic of those on its own Internet service, it also watches the traffic of independent Internet service providers who buy connectivity from it.
The telco’s practice lead to a hearing this summer by the Canadian Radio-television and Telecommunications Commission into its authority over traffic management. The hearing is expected to resume shortly.
The privacy commissioner’s investigation stemmed from a complaint that Bell uses DPI to collect personal information from its Internet customers without their consent, that it collects more personal information than is necessary to manage its network and that it doesn’t adequately inform customers of the practice.
While Stoddart concluded that Bell collects and uses the IP addresses she also found “no evidence to believe that they are retained after they are no longer needed for the purpose of real-time traffic flow management.”