As many as one in four Canadian websites are “leaking” data.
The sites have been found to disclose personal information they have about a site visitor, often without his or her consent. Based on research conducted by the Office of the Privacy Commissioner of Canada, “significant privacy concerns” were found with some of the country’s most popular sites.
But the Privacy Commissioner has not publicly named them – although she can do so.
Websites are inappropriately sharing registered users’ personal information – including names, email addresses and postal codes – with other sites or third-party companies like marketing firms and ad agencies.
In some cases, that leaked data is like fuel for our consumption-driven economy; some see it as greasing the wheel as much as staining the driveway. In other scenarios, that data can be raw material for a political campaign, driving voting habits as much as purchase decisions.
The Privacy Commissioner’s research was triggered by other international studies that found many websites were leaking users’ personal information.
But this report is about Canadian sites, and Canadian users.
“Web leakage can involve the disclosure of personal information without an individual’s consent– or even knowledge,” said Privacy Commissioner Jennifer Stoddart when releasing her findings. “Our research … raises questions about compliance with Canadian privacy law in the online world.”
Sometimes, we provide the data.
For example, the research showed that when people register to get promotions from a shopping site, their email address, username and city were disclosed to a number of analytics and marketing firms.
Sometimes, it’s data the website captures.
One way is web ‘frames’ which can collect information, such as location, IP address and browser settings. That data can be combined with other information, such as username, e-mail address or other registration and sign-up details. The auto-loading of ads, maps or other graphics in a web page can trigger the frame function.
So leakage happens in a way that’s invisible to most people using the sites, the Commissioner noted, and in some cases, it’s not in keeping with statements made by the organizations in their online privacy policies.
And while the sample size was relatively small (25 websites), the sites examined are among the most popular media, shopping and travel sites targeted to Canadians. All are described as sophisticated websites operated by large organizations which account for billions in combined annual revenues.
At the time tests were conducted, researchers identified significant privacy concerns with six sites; they “had questions” about five more. The remaining 14 sites tested did not appear to be leaking personal information.
Commissioner Stoddart said she has written to those eleven organizations to ask them to provide information about their practices, and, if needed, to explain how they will correct any problems to ensure compliance with privacy law.
-30-
submitted by Lee Rickwood