The Office of the Privacy Commissioner of Canada (OPC) has
released a more detailed policy position regarding on-line behavioural advertising. This is a
must-read for companies conducting on-line behavioural advertising
strategies in Canada.
The OPC defines on-line behavioural advertising as the practice
of advertising service providers targeting website visitors with
advertisements that are chosen based on tracking a person's
browsing activity across multiple websites. The OPC provides the
following example: "a user has visited websites about pets in
the past, then ads related to pets might be shown on various web
sites, even sites that are not related to pets (e.g., an online
newspaper)." On-line behavioural advertising differs from
first-party targeted advertising where the organization's
advertising is based solely on the profile of an individual with
whom that organization has a relationship and is not based on
tracking the individual across multiple websites.
Some highlights from the position paper:
The OPC will generally consider information collected
during on-line behavioural advertising to be personal
information. The OPC acknowledges that some information
does not appear at first glance to be personal information when
segmented. Nevertheless, the OPC reaches the default position that
the information that is collected is personal information on the
basis that (1) "the purpose behind collecting information is
to create profiles of individuals that in turn permit the serving
of targeted ads" and (2) the nature of on-line behaviour
advertising is such that it involves "powerful means [...] for
gathering and analyzing disparate bits of data and the serious
possibility of identifying affected individuals"; and, perhaps
circularly, (3) the result of on-line behavioural advertising is
On-line behavioural advertising is not an unreasonable
use of personal information. The OPC acknowledges that the
model for the commercial websites requires, in many cases, for
consumers to accept advertising in return for access to free
websites. However, advertisers must obtain meaningful consent,
limit collection and safeguard information in accordance with
Canadian privacy legislation.
Opt-out consent may be acceptable. In order to
rely on opt-out consent, advertisers should meet what are
essentially three conditions.
Clear, upfront disclosure of the purposes of on-line
behavioural tracking. The disclosure cannot be
of website functionality to deliver information in layered
disclosure, interactive media, and banners.
Individuals must have the ability to easily opout of
the practice. Ideally this is to occur before or at the
time the information begins to be collected. The opt-out technology
must permit the opt-out to be immediate and persistent.
The information collected should be limited and should
be destroyed or de-identified as soon as possible. The OPC
wants to put sensitive information (examples include health/medical
information) off-limits. Information should not be kept
indefinitely. Instead organizations should destroy or de-indentify
Technologies that do not permit an individual to opt-out
easily cannot be used. If an individual cannot control the
technology by opting-out easily or would have to take extraordinary
measures, the OPC's position is that they should not be used.
Essentially, these technologies do not offer any meaningful way to
withdraw consent as is required by Canadian privacy laws.
Personal information from young children should not be
collected through on-line behavioural advertising. The
OPC's position is that it is difficult to obtain meaningful
consent for young children (even from their parents). For older
children, the OPC's position is that the disclosure and manner
in which consent is obtained must be meaningful for the targeted
age-group and the context.
About Fraser Milner Casgrain LLP (FMC)
FMC is one of Canada's leading business and litigation law
firms with more than 500 lawyers in six full-service offices
located in the country's key business centres. We focus on
providing outstanding service and value to our clients, and we
strive to excel as a workplace of choice for our people. Regardless
of where you choose to do business in Canada, our strong team of
professionals possess knowledge and expertise on regional, national
and cross-border matters. FMC's well-earned reputation for
consistently delivering the highest quality legal services and
counsel to our clients is complemented by an ongoing commitment to
diversity and inclusion to broaden our insight and perspective on
our clients' needs. Visit:
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
A credit union (the "Employer") dismissed a helpdesk analyst (the "Analyst") with cause after discovering the Analyst had, without permission or authorization, remotely accessed another employee’s confidential document stored on the Employer’s network.
With security breaches being on the rise, the requirement to have organizations notify the relevant privacy commissioners and affected individuals upon a security breach taking place is becoming increasingly important.
The Office of the Privacy Commissioner of Canada has announced that the Federal Trade Commission, the UK Information Commissioner’s Office, the OPC and the Office of the Information and Privacy Commissioner for British Columbia and 15 other enforcement authorities worldwide are participating in an "Internet Privacy Sweep".