Jill Briggs, Head of Policy, IAB Canada
Heading up the policy pillar at IAB Canada, Jill helps members navigate the complexities surrounding issues such as privacy, elections, cannabis advertising, iGaming, marketing to kids and any other legislative development impacting the digital advertising industry.
An interesting privacy case emerged last week in Canada involving a large local retailer. This monumental case provided some clear guidance on an area of vulnerability for most retailers around obtaining consent. While the focus was on consent at point of sale it has resulted in Canadian brands taking a closer look at their consent management practices as a whole and how they can provide at time of collection notice, outlining detailed purposes for collection and prompting clear option for opt in consent in a legitimate way to stay on the right side of the law – and more importantly build trust with their consumers.
Last week’s findings by the the Office of the Privacy Commissioner of Canada (OPC) revolved around a retailer not seeking and receiving appropriate consent to share customer data with another party. The ruling was a clear message to industry on its current reliance on implied consent for activity that is not in line with a consumer’s “reasonable expectations” for use of their personal data – particularly in the case of sharing with 3rd parties.
In speaking to the press, Commissioner Dufresne stated that the client in the case “treated customers’ choice to receive a receipt by email, instead of a paper copy, as “implicit consent” to share their data with a third-party.” He went on to say, “This practice is not consistent with privacy law and has to stop,” The message was loud and clear in that consumers need “clear information at key transaction points, empowering them to make decisions about how their personal information should be used.” His closing words sent a message to anyone else currently relying on similar practices to immediately come into compliance with the law. While the OPC does not currently have enforcement power he also made the case for the proposed C27 (a new federal Bill) to be passed so that those using bad practices can be fined appropriately.
Our current federal privacy legislation, PIPEDA, has guidance on what constitutes meaningful consent and outlines that not only do organisations need to demonstrate accountability (proof of consent), present the consumer with just in time notices and clear options and control they also need to “consider the reasonable expectations of the individual in the circumstances. For example, if there is a use or disclosure a user would not reasonably expect to be occurring, such as certain sharing of information with a third party, the downloading of photos or contact lists, or the tracking of location, express consent would likely be required.”
Since this news broke, we have been seeing an uptick in inquiries on CMPS and questions around viable options in our market. Coupled with the launch of TCF Canada we are encouraging all TCF V2.0 CMPs to register for our local framework so that Canadian brands can benefit from partnerships with trusted vendors.
We have also kicked off efforts to navigate this increasingly complex omnichannel retail environment and how we can expand our current privacy framework to solve this problem. With the use of consent banners at point of data collection being the only reliable way to obtain express consent we would like to explore ways to integrate the technology into a point of sale that would benefit all members of the supply chain.
You can find more information on TCF Canada here and if you have questions please reach out to firstname.lastname@example.org