Canada should adopt tough European-style privacy regulation to fight huge U.S. -based social media companies whose business model is based on mass surveillance, a group of Canadian tech leaders has told a parliamentary committee.
“Facebook and Google are companies built exclusively on the principle of mass surveillance,” former BlackBerry co-CEO Jim Balsillie told the Commons access to information, privacy and ethics committee on Thursday. “Their revenues come from collecting and selling all sorts of personal data, in some instances without a moral conscience. For example in Australia, Facebook was caught selling access to suicidal and vulnerable children.”
(This was an apparent reference to a 2017 news report that Facebook showed advertisers that it can identify when teenagers feel “insecure”, “worthless” and “need a confidence boost.”)
The Council of Canadian Innovators, of which Balsillie is chair, urged the government to adopt a national data strategy including “GDPR-like” data privacy regulation. It would also cover competition, company use algorithms that manipulate data for services and ensure that online communications between Canadians isn’t routed through the U.S.
It should “codify explicit treatment of competition in the data sections of free trade agreements, including the right to competitive access to data flowing through large data platforms that have de facto utility status.
“If Canada doesn’t create adequate data residency, localization and [data] routing laws to protect Canadians,” Balsillie said, then our data is subject to foreign laws, making Canada a client state.”
Vast troves of data are collected and controlled by foreign unregulated digital infrastructures, he complained. As a result, he said. we’re in an era of “surveillance capitalism”, dominated by huge data-driven companies. He didn’t name them, but publicly-traded companies would include Facebook, Google, Apple, Microsoft and Amazon.
Balsillie was appearing as part of the committee’s investigation into allegations of a breach of personal information protection laws against Facebook and the U.K.-based Cambridge Analytica.
It has been alleged that Cambridge obtained harvested Facebook data collected by a person using a third-party app for a survey, and without telling participants built up personality profiles on voters in order to target them with political ads. The Canadian angle is a Victoria, B.C. based firm called AggregateIQ, which allegedly created software for Cambridge Analytica.
Balsillie urged the committee to look at the issue widely. “What we’ve heard from Facebook publicly and at this committee is inaccurate of what is happening. The Cambridge scandal isn’t a privacy breach, nor corporate governance, nor a trust issue. It’s a business model issue based on exploiting current gaps in Canada’s data governance laws.”
By focusing only on individual privacy Canadians “will find themselves plugging just one of many holes, which is, in effect, plugging nothing. We need a horizontal lens to legislation and policies.”
Increased control over personal data doesn’t have to compromise innovation, Balsillie added.
Also testifying Thursday was Colin McKay, Google Canada’s head of public policy and government relations, who emphasized the number of privacy controls his company gives its users. He also emphasized that Google doesn’t sell the personal data it collects. Instead, it helps advertisers target ads to groups they want to reach.
GDPR is best in class, he acknowledged, but will be “really challenging” for what he called unsophisticated companies. The regulation comes into effect May 25 and he predicted that over the next six months some firms will struggle to comply. Meanwhile all the privacy controls Google is implementing to comply with GDPR will be available not only in Europe but to its customers around the world.