Some of Canada’s most-visited Web sites operated by large corporations are giving away user information – without their consent or knowledge – to third party advertisers, the Privacy Commissioner reports.
Jennifer Stoddart and her federal office have concluded an investigation spurred by other international studies that found similar results and selected 25 popular Canadian Web sites. It found six sites that “raised significant privacy concerns,” and five sites that “raised questions about Web site practices,” according to the commissioner’s office. But Canadians won’t be learning the names of those leaking their personal details. There were 14 sites that did not appear to be leaking personal information.
“The Privacy Commissioner has not exercised her discretion to publicly name the specific tested organizations at this time,” a press release states. “The research was designed to offer a snapshot of the Canadian context and it is likely that a significant number of other Canadian sites may also be leaking personal information.”
An infographic explains how data leaks happen. (View full size.)
Sites selected as research targets by the commissioner had a high volume of Canadian traffic and either targeted Canadians or generated revenue from interactions with Canadians. The sites collected personal information from users for the creation of accounts and other uses.
Researchers worked over the summer with Charles Web proxy software. It captures and analyzes data being sent between a user’s Web browser and a Web site, and data sent between the user’s browser and third-party sites.
It found privacy leaks from organizations in several sectors, including media, retail, shopping, and a classified ads site. Sites were sending personal information to third parties that included organizations involved in online marketing, online advertising, analytics, and Web site performance monitoring.
Personal details exposed to third parties included e-mail address, name, username, postal code, city location, and search strings.
Stoddart has sent letters to the 11 organizations found to be leaking personal information, asking them to provide information about their practices and explain how they will correct the problems.
