Digital and Data Roundtable Summary: September 11, 2018—Edmonton, AB

Hosted by Mark Schaan
Areas of Focus: Trust and Privacy

Highlights of Discussion

The amount of data produced and stored today have the potential to foster incredible innovation, growing the economy and improving the lives of Canadians. Maximizing these gains, however, requires consumers to trust the system put in place to protect their privacy. At the same time, we must not stifle innovation and enable organizations to maximize the potential of data. Data and privacy regulation should not place an undue burden on SMEs who lack the resources of larger firms. The regulatory framework should be as navigable and straightforward as possible.

Education and transparency are two key factors that can help boost confidence in data governance. Consumers need to understand how their data is used to improve the goods and services on which they rely. They also need to be assured that their information is stored safely and will not be exploited. The more transparent and comprehensible data use is, the more comfortable the public will feel providing their data.

Key Opportunities / Considerations / Challenges

Nature of Privacy Concerns
Many people see the value in data however, they are concerned with the potential consequences of data breaches or misuse. Frameworks and policy should be tailored to fostering trust with these individuals.
Views on GDPR
There is no one-size fits all approach to privacy regulation. Some feel that the EU’s GDPR is overly prescriptive and engendering a compliance-only mindset amongst firms. Reactionary rhetoric and a lack of awareness can raise citizen’s concerns among Canadians that our current legislation is woefully inadequate. Championing existing protections under legislation could boost Canadians’ trust in the system. Current framework laws need tweaking, not an overhaul.
Excessive and overly complex consent agreements have resulted in many users ‘tuning out’, and granting consent blindly, giving a false sense of control and autonomy. Building clear frameworks that let consumers trust the system could be a better option. Through effective standards, certification, audit, and enforcement, Canadians would not necessarily need to worry about their data being misused.
Consent withdrawal
When people withdraw their consent regarding the use of their data, requiring that it be retroactive could be an undue burden on business or infeasible. This particularly presents a problem when previously collected data was used in the training of algorithms.
Universal transparency regarding how data will be used could reduce the demand for control of personal data. Certification, trust-marking, and the use of plain language would be vital in helping to achieve this.
Delineating types of data
There needs to be a continued distinction between anonymized data and personal data. Any personal data should be treated as sensitive data as it could be used to reveal confidential information through data-linkages later. When it comes to anonymized data, it is impossible to 100% guarantee that it can’t be re-identified. An unconditional guarantee like that, if used as a requirement, would be an unfair standard not applied to other regulatory contexts.
Health Data Portability
Healthcare users have an expectation that certain types of data will be linked and shared automatically within the system. However barriers exist that impede this, including a lack of coordination among institutions driven by mistrust around mishandling. For innovation in healthcare, it is vital that data can be moved between provinces. Provincial borders should not be a barrier to developing a coordinated health data framework.
Privacy enforcement
Enforcement bodies need to assess intent and scale when evaluating breaches of privacy rules and regulations. Their primary concern should not only be firms’ ability to pay fines.
Industry/Sector-specific regulations
Government needs to take care when adding additional sector-specific regulations regarding data use and privacy. Sector lines are blurred as more companies generate and use data for their operations. Activity-focused regulation could be an option.

Ideas / Outcomes

Building trust into product development
Data privacy concerns need to be a key focus at the beginning of all project or product management. This is more difficult for startups and SMEs who may lack the resources to do this. The government could help potentially by creating a basic set of standards that SMEs already know they need to meet.
Data/ Privacy Officers
Having officers available to go into SMEs and startups to help explain and navigate privacy regulations around data use could be helpful. Online resources are available but can be dispersed and time-consuming to find and go through. Lawyers, while useful, are expensive for this purpose and may only have a compliance-lens in the advice they give. Something similar to CIPO’s IP advisors could help inform smaller businesses on their obligations as well as help realize the value and potential of the data they generate.
Data Literacy
People need greater education around how data is used and with what objectives. If consumers better understand how their data can help drive innovation and better services for them, they might be more open to allowing its use. The government could play a role in facilitating this.

Attendee List

  1. Information Technology Association of Canada (ITAC)
  2. Northern Alberta Institute of Technology (NAIT)
  3. Rogers Communications
  4. Concordia University of Edmonton
  5. Dynalife
  6. University of Alberta Clinical Research
  7. Economic Development and Trade
  8. Bio Alberta
  9. Telus
  10. Zephyr Sleep Tech
  11. Tessellate
  12. Alberta Innovates