Canadian Web Services Unaffected by U.S. Privacy Repeal

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Jeremy Hainsworth

The Canadian subsidiaries of U.S. internet service providers will feel little fallout from the recent repeal of the Federal Communications Commission’s ISP privacy rule because they are subject to Canadian privacy laws.

In the U.S., the repeal means domestic companies could potentially track, share and allow third parties to monetize information gleaned from subscribers’ information from apps, websites visited or online purchases—unless customers opt out. But those significant implications won’t reach across national borders, as countries with existing privacy requirements for ISPs can be expected to continue enforcing them—regardless of what occurs in the U.S.

Tobi Cohen, a spokeswoman for the Office of the Privacy Commissioner of Canada, told Bloomberg BNA that multinational companies operating in Canada, such as AT&T Inc. subsidiary AT&T Canada, are subject to the nation’s Personal Information Protection and Electronic Documents Act (PIPEDA). Under the law, companies must obtain a customer’s consent when they collect, use or disclose personal information.

“Personal information can only be used for the purposes for which it was collected,” Cohen said. “If an organization is going to use it for another purpose, consent must be obtained again,” she said.

Canadian Consumer Privacy

The application of PIPEDA to Canadian ISPs is well-established.

Privacy Commissioner of Canada Daniel Therrien addressed the application of the PIPEDA consumer consent provisions to ISPs in 2015, when Bell Canada came under fire for its data-use policies. The company was utilizing a program that tracked the internet-browsing habits of customers, along with their app usage, TV viewing and calling patterns, the commissioner’s office said in its PIPEDA Investigation Report.

“By combining this information with demographic and account data already collected from customers, Bell can create highly detailed profiles that enable third parties to deliver targeted ads to Bell’s customers for a fee,” the office said. “The program involves combining customer information from several Bell affiliates that offer a range of mobile, home phone, Internet and TV services,” Therrien said at the time.

In response to the privacy office’s report, Bell Canada dropped its targeted ad program, deleted the customer data it had collected and stored, and promised to not undertake any similar tracking programs in the future.

To contact the reporter on this story: Jeremy Hainsworth in Vancouver at

To contact the editor responsible for this story: Donald Aplin at

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law: Privacy & Data Security