Canadian Privacy Decisions

The Office of the Privacy Commissioner of Canada (OPC) investigated Ticketmaster Canada Limited (TM) following a complaint that its practices regarding the collection, disclosure, and use of customer information did not comply with PIPEDA. The investigation found that TM's privacy policy was too long and complex, failing the openness principle. Furthermore, TM was using customer information for marketing purposes without adequately obtaining consent, violating the consent principle. TM has since revised its policies and practices to be more transparent and to provide customers with clear opt-in choices for marketing.

• Adequacy of TM's privacy policy in terms of openness and transparency.
• Lawfulness of using customer personal information for marketing purposes without explicit consent.
• Requirement for opt-in/opt-out mechanisms for secondary uses of personal information.
• Responsibility of TM for ensuring third-party compliance with customer consent preferences.

An individual complained that a telecommunications company failed to obtain proper consent for using and sharing customer data with affiliates for secondary marketing purposes. The company made its privacy policy available online and in distributed documents, but did not actively draw customers' attention to it during the sign-up process, making the information difficult to find. The Assistant Privacy Commissioner found that the company did not make reasonable efforts to inform customers about how their data would be used, leading to a contravention of PIPEDA principles regarding knowledge and consent for secondary uses of personal information.

• Adequacy of consent for secondary marketing purposes
• Company's efforts to inform customers of privacy practices
• Accessibility and clarity of privacy policy information
• Reasonable expectations of customers regarding data use

The Privacy Commissioner investigated a complaint regarding Canada Post's National Change of Address (NCOA) service. The complainant argued that Canada Post failed to adequately inform subscribers that their new addresses would be disclosed to third-party "mailers" (including mass marketers and direct marketers) for commercial purposes. The Commissioner found that Canada Post contravened sections 5(2) and 8 of the Privacy Act by not clearly identifying this purpose of disclosure and by failing to obtain the necessary consent from individuals.

• Adequacy of information provided to NCOA service subscribers regarding disclosure of new addresses to third parties.
• Whether consent obtained for NCOA service implicitly includes consent for disclosure to mass marketers and direct marketers.
• Canada Post's use of "negative consent" (opt-out) versus "positive consent" (opt-in) for disclosure of personal information.

The federal Privacy Commissioner investigated a complaint regarding a security company's installation of street surveillance cameras. The Commissioner found that live video feeds of individuals constituted personal information under PIPEDA and that collecting this information for commercial purposes without consent was unlawful. The company was informed that its intended public video surveillance for commercial purposes is not compliant with privacy laws.

• Definition of personal information under PIPEDA (specifically regarding live video feeds)
• Application of PIPEDA to commercial activities
• Consent requirements for collecting personal information
• Lawfulness of private sector surveillance in public spaces