Gov’t Can’t Be Trusted With Cellphone Tracking Amid Pandemic: Former Ontario Privacy Commissioner

Gov’t Can’t Be Trusted With Cellphone Tracking Amid Pandemic: Former Ontario Privacy Commissioner
A cell tower in rural Ontario in a file photo. The Canadian Press/Sean Kilpatrick
Noé Chartier
Updated:

Ontario’s former privacy commissioner is sounding the alarm about the government’s tracking of cellphone data to inform policy, after it was revealed recently that a federal agency has been analyzing the movements of Canadians since the onset of the pandemic.

“It concerns me enormously that this would enable the government to collect more and more information,” Ann Cavoukian told The Epoch Times.

“I do not want to [see] a trend where the government is consistently doing this and starting now. You can’t trust the government.”

Cavoukian, who served as Ontario’s privacy commissioner from 1997 to 2014, is founder of the advocacy group Global Privacy & Security by Design and heads the Privacy by Design Centre of Excellence at Ryerson University.

“In March 2020, [Prime Minister Justin] Trudeau said that tracking cellphone users was not being considered. Well, they did it, PHAC’s been doing it, and they want to do it even more,” Cavoukian said.

First reported by Blacklock’s Reporter on Dec. 21, the Public Health Agency of Canada (PHAC) has since confirmed that it has been using cellphone data to conduct analysis of Canadians’ anonymized movements in the context of the pandemic, and that it plans on expanding the program to other health issues and continuing it until 2026.

“[Officials] say ‘as soon as the emergency is over, we’re going to return to privacy.’ They don’t. The privacy invasive measures that are introduced during emergencies, pandemics, etc., often continue well after the emergency is over,” said Cavoukian.

She believes PHAC wanted to “keep this under wraps … because they know people do not want to have their mobile devices tracked.”

Part of the data used by PHAC was obtained through Telus’s Data for Good program beginning in March and ending Oct. 8.

Cavoukian said she’s not worried about the Telus data because they “take privacy very seriously,” noting that the company has obtained certification for various products and services five times through the Privacy by Design program she runs at Ryerson University.

However, she said she’s concerned about other data sources used by PHAC that are unknown.

Other cellphone data PHAC accessed came from the Communications Research Centre (CRC), a little-known organization under Innovation, Science and Economic Development Canada that specializes in wireless research and big data analytics.

“In partnership with CRC, PHAC has been producing report summaries to look at how movement trends of the Canadian population have changed over the course of the pandemic, including identifying new patterns to help direct public health messaging, planning, and policy development,” PHAC said in a statement to The Epoch Times.

The health agency said it “did not receive or collect any individual mobility data” and that “no individual-level data has been acquired or stored by PHAC.”

PHAC is now looking for a contractor to provide it with a steady flow of de-identified cellphone data. It posted its request for proposal (RFP) online on Dec. 16.

In the statement of work in the RPF, the agency said that it “requires access to cell-tower/operator location data that is secure, processed, and timely in addition to being adequately vetted for security, legal, privacy and transparency considerations to assist in the response to the COVID-19 pandemic.”

Cavoukian perused the RFP and says the language “reflects an intention to collect this data and retain it.”

She’s also worried that some de-identification of data could be done “very poorly” and could be easily re-identified.

“At the very least, the Privacy Commissioner’s Office should be all over this, and saying we need to examine exactly what measures you introduced to do this and how you’re going to protect privacy and de-identify data such that it cannot be re-identified,” she said.

“Examine this from end to end. Look under the hood.”

The Privacy Commissioner’s Office told The Epoch Times on Dec. 22 that it was seeking information from PHAC on the issue.

Other Jurisdictions Also Collecting Data

The federal government is not alone in using cellphone data to inform pandemic policies. Telus’s Data for Good web page indicates the cities of Surrey, B.C., and Ottawa have used its program.

Many governments around the world have also been collecting this type of data and studying its use since the pandemic began.

Privacy International (PI), a UK-based NGO that works to promote privacy rights globally, has been tracking how various countries use cellphone data in their pandemic policies. PI says on its website that the emphasis on the use of locational data collected by mobile phone companies is “primarily for enforcement purposes,” to “aid the monitoring and enforcement of social distancing.”

A September 2020 article on the use of mobile phone data to inform COVID-19 pandemic policies, published in the science journal Nature, said the use of such data “must be considered alongside a careful understanding of the behaviours and populations they capture.”

The article addressed some of the shortcomings of using the data in public health policy, saying “it is increasingly clear that the COVID-19 burden is not equally borne throughout the population. Using aggregate mobility flows to estimate population-level reductions in travel will fail to capture increased risk among essential workers unable to stay home.”

In addition, the population more at-risk from COVID-19, the elderly, might not have the same cellphone habits as the younger population.

The authors also sounded a word of caution.

“Collecting potentially sensitive identifiable data, perhaps passively or without opt-in consent, requires a deep, careful understanding of the legal, ethical, and privacy concerns surrounding the collection and use of these data relative to the potential public health applications and benefits,” they wrote.

“In all cases, transparent data policies must be used to ensure community engagement and appropriate use and dissemination of collected data.”

Related Topics