PIPEDA Findings #2024-001: Investigation into Aylo (formerly MindGeek)’s Compliance with PIPEDA
The Office of the Privacy Commissioner of Canada (OPC) investigated a complaint against Aylo (formerly MindGeek) concerning its handling of user-uploaded intimate content. The OPC found that MindGeek failed to obtain valid consent for the collection, use, and disclosure of personal information, particularly highly sensitive intimate images. The OPC also determined that MindGeek did not provide an accessible or effective process for individuals to remove their non-consensual content from its websites. Furthermore, the investigation concluded that MindGeek lacked accountability for the personal information under its control. The complaint was found to be well-founded and remains unresolved.
- Validity of consent for collecting and using intimate images
- Effectiveness and accessibility of content takedown processes
- Accountability for personal information under control
- Jurisdiction over international operations
Complaint well-founded — unresolved
The OPC found that MindGeek's reliance on uploaders to obtain consent, rather than directly from individuals depicted in the content, failed to meet PIPEDA's requirements for meaningful consent. Additionally, the takedown process was deemed inaccessible and ineffective, and the company demonstrated a lack of accountability.
AI-generated summary for reference only. Always verify against the official decision ↗
The OPC recommended that MindGeek cease collecting, using, and disclosing user-generated intimate images without compliant consent, delete non-compliant content, establish a privacy management program, and agree to oversight by an independent third-party monitor for five years.
- Principle 4.3 PIPEDA
- Section 6.1 PIPEDA
- Principle 4.10 PIPEDA
- Principle 4.10.2 PIPEDA
- Principle 4.1 PIPEDA
This summary is for informational purposes only and does not constitute legal advice.