Before Comparing Dating Profiles, Determine which Platform has Privacy Characteristics that Suit Your Needs

With Valentine’s Day looming on the horizon, it’s an ideal time to have a look at how popular dating sites and apps fare up in terms of privacy. In order to prepare this post, I reviewed the privacy policies of Match.com, OkCupid, JDate and Tinder – you’re welcome ; )

An interesting fact I came across was that several popular dating sites are part of a family of businesses that share information. For instance, Match.com and OkCupid are both part of the IAC group of companies (which also includes non-dating sites such as Ask.com, College Humor and About.com). Similarly, JDate, ChristianMingle and BlackSingles.com are all part of Spark Networks. Both IAC and Spark Networks share personal information about their users that is collected from a particular member site with other entities in the same family. But that’s just the beginning…

Match.com and OkCupid (which incidentally have the same privacy policy) state that they use personal information collected from users “to register [them] with and display [their] profile on other online dating and other social websites owned by IAC”. The policies further state that “[a]s part of our online service, your profile may be registered on and/or appear in search results or other areas of other online dating websites owned by IAC.” This disclosure is somewhat unclear, however it doesn’t seem to suggest that the use of profile information from one site on additional sites only occurs to the extent that a user chooses to register with such additional sites.

Third-party platforms offer an additional source of information. For example, if a user accesses Match.com, OkCupid or Tinder through Facebook, information from the user’s Facebook profile and from cookies placed on the user’s device by Facebook may be captured. While registering through Facebook is presented as merely an option on some dating sites, those who wish to swipe right for Tinder have no choice but to register using their Facebook account. The implication of this is profound – users have no option to keep their Facebook information separate from their Tinder account.

So, what does Tinder do with Facebook information? Tinder’s privacy policy states that “other users will be able to view information you have provided to us directly or through Facebook, such as your Facebook photos, any additional photos you upload, your first name, your age, approximate number of miles away, your personal description, and information you have in common with the person viewing your profile, such as common Facebook friends and likes.”

In what other contexts is information shared? Besides the typical law enforcement and service provider disclosures, in some cases, personal information collected by online dating platforms may also be sold or transferred to third parties. For instance, JDate’s privacy policy states that “should Spark Networks file for protection, or have a third party petition filed against it under the bankruptcy code, any assets of the company, including member personal and non-personal information may be sold or transferred, in whole or part to a new entity.” The policy doesn’t seem to impose restrictions on how such information may be used when transferred in this context.

What about communication practices? Does the platform require users to give their express consent to receiving communications through an opt-in model, or does it presume communications are desired? Each of the four platforms that I reviewed adopts an opt-out model, meaning that the provider will send communications to a user until such time that the user indicates a desire to stop receiving messages.

For the millions of users of dating sites and apps, it’s important to keep in mind that there are privacy costs to consider when setting up a profile. Just as selecting the right partner is an important choice to be made, so is determining if online dating is right for you, and if so which platform offers the privacy characteristics that you are looking for. Happy searching…

Advertisements

Privacy Considerations in Setting up Tweed’s Medical Marijuana Distribution Business

 

Image

Medical marijuana growing at Tweed’s Smiths Falls location

 

After April 1st, Tweed Inc. will be among the first businesses to sell medical marijuana in Canada. The new legislative framework that will be in effect on that date allows businesses that have received licenses from Health Canada to grow and sell medical marijuana. Tweed has started production activities in its Smiths Falls facility that was previously home to a Hershey chocolate factory. Over the last couple of months, I had the opportunity to work with Tweed to develop its privacy policy and practices to ensure compliance with the Marijuana for Medical Purposes Regulations (MMPR) and applicable privacy legislation. The following is a summary of some of the privacy considerations we looked at in establishing Tweed’s medical marijuana distribution business.

The Application Process

The MMPR require applicants registering to become clients of licensed medical marijuana producers to provide certain personal information, including their name, date of birth and gender. The MMPR also require information about the residences of applicants. For example, if an applicant does not live in a private residence, the applicant must disclose the type of residence that he or she lives in (i.e. a shelter).

Because an individual is only permitted to use medical marijuana if he or she has a “Medical Document”, a producer seeking to sell medical marijuana must be able to contact the applicant’s health care practitioner to verify the applicant’s prescription. Before this can be done, the applicant must complete a consent form granting the distributor permission to contact the applicant’s health care practitioner to inquire about the prescription.

Purchasing Medical Marijuana

Once applicants become registered clients, they can purchase medical marijuana from their distributors. Distributors are required to maintain records pertaining to purchases in order to comply with regulatory requirements. In certain circumstances, the MMPR requires licensed distributors to disclose information about their clients to the police. In the interest of transparency, Tweed’s privacy policy outlines the legal obligations regarding such disclosure and the steps that Tweed will take prior to responding to such law enforcement requests. For example, before Tweed will disclose information about a client, the police officer making the request must provide Tweed with the full name, date of birth and gender of the individual being investigated.

The Delivery Stage

The delivery stage is very important from a privacy perspective. Health Canada itself learned this lesson last November when it sent notices to 40,000 individuals using medical marijuana in envelopes showing the patients’ names and referencing the Medical Marijuana Access Program. As expected the disclosure of such personal information has resulted in the initiation of a class action lawsuit against Health Canada.

In order to maintain the privacy of its clients, Tweed will be using a secure delivery service. The external packaging of the deliveries will not contain Tweed’s name, its famous address (1 Hershey Drive), or information disclosing the medical marijuana contents of the package.

Transparency and Accountability      

As far as personal information goes, health information ranks among the most sensitive in nature as it reveals the most intimate details of individuals personal lives. Accordingly, it is particularly important for businesses handling such information to operate in a transparent and accountable manner. More information about Tweed’s privacy practices and the contact information of Tweed’s Chief Privacy Officer can be found on Tweed’s website.

*This post was written with permission from Tweed.

Canada’s Anti-Spam Legislation: What businesses need to know

Before Canada’s new Anti-Spam Legislation (CASL) comes into force, businesses operating in Canada will need to review and modify their practices to ensure compliance with the new requirements regarding commercial electronic messages and the installation of computer programs. CASL will come into force in three stages over the next few years – the following is a brief summary of the main provisions of each stage.

Stage 1 (July 1, 2014): Commercial Electronic Messages (CEM) Provisions

Subject to meeting any of the prescribed exceptions, CASL creates a prohibition against sending CEM, except in cases where the receiver has consented to receiving CEM, and the CEM meets the prescribed requirements. There are certain situations in which consent may be implied. For instance, consent is implied where there is an “existing business relationship” as defined in CASL and its accompanying regulations. An example of a qualifying “existing business relationship” is one in which there has been a purchase or lease of a product or a service in the two years preceding the sending of the CEM.

If an existing business relationship does not meet any of the conditions for implied consent, the business must seek express consent from intended recipients. A valid express consent must also meet certain prescribed requirements. For example, a business seeking consent must clearly convey that it is seeking consent to send CEM, and intended recipients must take an active step to indicate their consent to receiving such CEM. This means that standard business practices such as using opt-out mechanisms or implementing a pre-checked consent box will no longer be acceptable.

CASL also specifies certain requirements regarding the form and content of CEM. Each CEM must: identify the sender; disclose the sender’s contact information (as prescribed); and provide a mechanism to allow the recipient to unsubscribe. The unsubscribe mechanism must allow the recipient of the CEM (at no cost to them) to indicate the withdrawal of their consent, and must include the contact information of the sender which must be valid for at least 60 days after the CEM is sent. A request to unsubscribe must be given effect in no more than 10 business days.

Stage 2 (January 15, 2015): Provisions Related to Installation of Computer Programs

CASL prohibits a business from installing certain categories of computer programs on computers belonging to other people, unless the business has obtained express consent from the persons on whose computers the programs are being installed. Additionally, businesses seeking to install computer programs must comply with certain requirements regarding the unsubscribe mechanism. For instance, businesses must provide the recipients of computer programs with an email address to which the recipients may send a request to remove or disable the programs. The email address must be valid for one year after the programs are installed. In cases where consent was obtained based on an inaccurate description of the applicable computer program, the business which installed it must assist in removing or disabling the program.

Stage 3 (July 1, 2017): Private Right of Action

CASL creates a private right of action that enables individuals to seek compensation from individuals and businesses that contravene the provisions. Individuals will be able to seek compensation for actual losses, damages and expenses incurred due to contraventions. It is expected that once these provisions are in force, class actions will soon follow.

Next Steps

As CASL’s three stages come into effect, businesses operating in Canada that are sending commercial electronic messages or installing computer programs should seek legal advice to ensure compliance. This summary is intended to highlight CASL’s key provisions, and in light of the nuances of CASL and its accompanying regulations, it is recommended that businesses obtain legal advice regarding compliance.

Glass, feature creep and the ‘end of privacy’

It’s been a year since Google co-founder Sergey Brin introduced the world to Project Glass, igniting debates about what’s cool and creepy about the specs.

On the one hand, the technology has the potential to disrupt numerous industries – education, medical, and law enforcement to name a few.  But, at the same time, Glass raises obvious privacy concerns, as the web-enabled specs allow users to capture photos, take videos and share live footage.

Google has implemented various measures aimed at alleviating concerns about the privacy implications of Glass.  For instance, Google incorporated a red light intended to put the public on notice when the camera is in use.  The Glass developer policy also provides the following notice:

 “Don’t use the camera or microphone to cross-reference and immediately present personal information identifying anyone other than the user, including use cases such as facial recognition and voice print. Applications that do this will not be approved at this time.”

And, Google states that it intends to remotely block apps and disallow automatic software updates in an effort to prevent unintended uses of Glass.

However, for all of Google’s efforts, preventing feature creep will be a futile exercise.  For example, hacker Stephen Balaban of Lambda Labs is working on developing an alternative operating system that allows users to incorporate facial recognition into the specs.  A quick review of the #ihackglass twitter stream suggests that he’s not the only one…    This reality has prompted some privacy advocates to suggest that Glass may be the end of privacy as we know it.

Is Glass the end of privacy?  Probably not – and certainly not any more so than other emerging technologies that have widespread privacy implications, such as drones (which at least for now are much cheaper to obtain than Glass).  But even if we accept that Glass is the most privacy-invasive technology on the immediate horizon, the net effect of Glass is not necessarily going to be bad for privacy.

Technologies like Glass provide immense opportunity for innovation in privacy.  You know all of those people who are worried about Glass?  They represent a mass consumer market for developers of responsive privacy enhancing technologies.

Admittedly, the trajectory of technological innovation has favored privacy-diminishing products – but this need not be the case.  For instance, NYU researcher Adam Harvey is reverse engineering facial recognition technology with the goal of developing makeup that blocks the technology from being able to read human faces.  As this example suggests, at least from the perspective of innovation in privacy, Glass feature creep may not be such a bad thing.

Unlocking the gaps in the court’s recent ruling permitting warrantless searches of unlocked phones

Last month, the Ontario Court of Appeal ruled that police do not need a warrant to search the contents of a cell phone during an arrest if the cell phone is unlocked.

The court reasoned that, it is significant that the cell phone was apparently not password protected or otherwise “locked” to users other than the appellant when it was seized.”  Here is a thought experiment: let’s accept that our reasonable expectation of privacy is diminished if our phones are not locked to others.  We decide to take precaution and lock our devices.  What if the arrest takes place when no one else is around?  Should we be expected to lock our phones to “other users” when we are by ourselves in order to be protected from the prospect of a warrantless search?  Similarly, a phone can’t be locked while it is in use – does this mean that if an arrest takes place while a normally locked phone is being used, then it’s okay to search it?  The court hasn’t stated otherwise.

On a side note, if the act of locking a phone shows intent to guard one’s privacy over its contents, this need not be expressed through the creation of a technical barrier.  I don’t personally lock my phone – it’s not because I don’t value my privacy in its contents, it’s simply because I access it too frequently for it to be convenient.  If we need to express our intent to exclude others from viewing our cell phone data, we should be able to do so using a method of our choosing.  For instance by downloading a screensaver with a “do not access” icon, or even by placing one of these nifty “I do not consent to the search of this device” EFF stickers.  While these methods are less effective than using a lock in keeping others out, their use nevertheless signals an intent to safeguard privacy (just like a “do not trespass sign” signals the same intent as erecting a fence around one’s home).

As it stands, the court’s reasoning leaves too many gaps.   While left unaddressed, they will be filled in by the discretion of individual police officers during arrests, leading to uneven results.