Skip to main content

'If the law is being ignored to this extent, then Canadians should be really concerned,” says federal Privacy Commissioner Jennifer Stoddart.

CHRIS WATTIE/REUTERS

Some of Canada's most popular websites are flouting federal privacy laws by sharing visitors' valuable personal information without their knowledge or permission.

The Office of the Privacy Commissioner of Canada declined to name the websites that raised privacy red flags in research released on Tuesday. But the federal watchdog said major sites operated by large companies including retailers, travel services, and media, have been giving user information they had collected to other companies, without those users knowing about it or agreeing to it.

The watchdog looked into 25 of "the most popular sites targeted to Canadians," and found that roughly one-quarter of them raised "significant privacy concerns."

Story continues below advertisement

"It is likely that a significant number of other sites may also be leaking personal information," the office said.

Ironically, the announcement of the findings protected the privacy of those companies: It did not disclose the names of any of the 25 websites it looked into, including the ones that could be violating Canada's privacy laws.

In an interview, Commissioner Jennifer Stoddart said this was because the research is intended to give a snapshot of the wider problem – and because her office wanted to contact those websites and give them a chance to change their practices. Ms. Stoddart says if she does not receive an adequate reply, she would consider naming those websites in future.

The specific information the sites gave to other firms included full names, e-mail addresses, postal codes, the city each user was in when using the site, and parts of their search history.

This unauthorized sharing of data is known as Web leakage. It occurs often when a website is dealing with third parties in order to sell them advertising space on its site.

It is common for a shopping or media site to require users to set up personal accounts to manage their orders or subscriptions, which involves turning over personal information. Websites also commonly place cookies on a user's computer to track their online behaviour. Some of the sites examined in the study then shared some of that information with advertisers, analytics firms which can give them a better understanding of their customers, and other marketing companies.

"If the law is being ignored to this extent, then Canadians should be really concerned," Ms. Stoddart said.

Story continues below advertisement

Michael Geist, an Ottawa law professor and online privacy expert, said the Commissioner should have gone further, naming the sites in question. "It is unfair to stir public concern about current privacy practices and not provide Canadians with the information they need to better protect their own privacy."

The issue has come to the fore as more advertisers demand increasing levels of information about media audiences in order to better target their ads to the right consumers. Media companies, websites and others that sell advertising are under pressure to deliver that information as part of the exchange with advertisers.

The research was prompted by other studies indicating that web leakage is a global problem, with many websites around the world sharing user information without their consent.

Countries such as Australia have strengthened penalties for violating consumer privacy, Ms. Stoddart said, but Canada has lagged, especially since her office can take firms to court to order them to change their practices but does not have the power to fine those that break the rules.

"If there isn't a major alignment with privacy rules – and I think a lot of them are simply being ignored – we should move to a more up-to-date model of privacy enforcement which … means there are monetary penalties," she said. "I think in order for privacy to be taken seriously, we're going to have to start to attach a price tag to it."

John Lawford, counsel with the Public Interest Advocacy Centre, agrees. "We'd like to see them have order-making power and fining power," he said, though he expressed concerns about the reluctance of the report to name the companies it found had shared consumers' information. "It certainly loses a lot on transparency."

Story continues below advertisement

In addition to the websites that raised serious concerns, the watchdog had questions about the practices of another five sites in the study. It has contacted all of those companies to ask for more information, and in some cases, to tell them how to change their systems to fall in line with federal privacy laws.

The Privacy Commissioner is also reaching out to industry associations to discuss the problem and ask them to do so with their members.

Report an error Editorial code of conduct
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed.

Read our community guidelines here

Discussion loading ...

Cannabis pro newsletter
To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies