Long overdue changes to Canada’s privacy regime are upon us. Bill C-27 will make its way through Parliament this year. The proposed legislation includes the Consumer Privacy Protection Act (CPPA) and the Artificial Intelligence and Data Act (AIDA). With this bill comes a rare opportunity to update Canadian democracy for the digital era. Unfortunately, Bill C-27 does not account for the community impacts of data-driven technology. In fact, the bill risks being outdated before it even passes.

The CPPA would replace Canada’s decades-old Personal Information Protection and Electronic Documents Act (PIPEDA), which was written in a world without smartphones, social media, or facial recognition. Like the EU’s General Data Protection Regulation, the new law would grant Canadian residents rights to access, erase, correct, and transfer data about them held by private companies. Strengthening individual rights is a welcome change, but it ignores the collective implications of data collection. What’s currently missing from Bill C-27 is recognition for data intermediaries—non-governmental organizations that allow individuals to pool data for collective purposes.

“Letting Canadians work together to defend their interests against Big Tech would enhance our freedom to navigate the online world with more trust in the digital economy.”

Digital technologies don’t just affect us as individuals, they affect communities. Data collected about one person only becomes valuable when it is assembled with lots of data about other people. From racist facial recognition systems and sexist hiring algorithms to the ever-expanding power of Big Tech companies to manage how we live our lives, the impacts of data collection extend far beyond individual privacy.

Big Tech companies use data about us to predict and influence our behaviour. This is highly profitable and often quite invasive in ways that aren’t immediately apparent. It is simply unreasonable to expect most individuals to fully anticipate the consequences when providing “informed consent” for data collection.

Despite these collective impacts, Bill C-27 focuses on individual harms and remedies. The CPPA spotlights de-identification as a means to protect individuals from harm. AIDA explicitly seeks to prevent “serious harm to individuals” related to the use of artificial intelligence. This fails to recognize that we don’t need to be identified personally to be harmed by data-driven technologies. Harms can be both individual and collective in nature. A business doesn’t need to know who you are to engage in price discrimination, they just need to know that customers who share certain qualities are likely to pay a higher price. The strong focus on identifiability and individual harm incentivizes data collectors to simply shift harmful activities from individuals to groups.

Election manipulation and misinformation campaigns have clearly demonstrated how data collection and analysis poses risks to our communities and democratic institutions. To fortify democracy against these threats, we must enable people to band together. As it is currently written, Bill C-27 presents barriers to collective action. Data intermediaries provide us with an opportunity to rebalance the scales of power in the digital world.

Integrating collective and community interests into data governance does not mean re-inventing the wheel. There are plenty of legal and organizational examples from all over the political spectrum to examine. In Toronto, Alphabet subsidiary Sidewalk Labs advanced the idea of a democratic “civic data trust” for their now-defunct smart city project. This data trust would have been tasked with managing access to “urban data” collected in “smart” Internet-connected public spaces.

Elsewhere, advocates envision the creation of “data cooperatives” and “data unions” designed to improve people’s capacity to weigh in on how data is collected and analyzed. In non-digital contexts, cooperatives and unions are democratic organizations that cluster resources and advocate for the interests of their members. The Driver’s Seat cooperative collects and aggregates data from drivers on platforms like Uber to help maximize their earnings.

Crypto enthusiasts have created data intermediaries using “decentralized autonomous organizations” (DAOs). DAOs use blockchain “smart contracts” to govern online communities through referendums. Communities like this have typically come together based on common, narrowly-defined interests including negotiating payment in exchange for data about their shareholders.

These proposals vary widely in terms of their goals, their politics, and how they would work. They all expand their members’ roles as stakeholders in how data about them is governed. Each of us, individually, is no match for the algorithmic power of data-hungry collectors. Together, we can exert more influence over how and whether data are collected, and what happens to those data afterwards.

Data intermediaries can improve our negotiating position relative to Big Tech companies. Right now, online platforms present us with a largely take it or leave it offer. Data rights have led to more customizable privacy options, but still leaves us as individuals resisting powers that be. Just as maple syrup producers secure a higher price for their product by negotiating in a group, it would be advantageous for individuals to bargain with platforms on a collective basis.

Beyond getting us a better deal, intermediaries could ease the burden of informed consent by decoding the obscure language frequently used in platforms’ terms of service agreements. They could also ensure collectors are sticking to their word. Pooling resources can benefit individuals by taking advantage of specialized expertise and economies of scale. Labour unions and consumer protection associations play important roles in setting ground rules and monitoring for compliance. It is common for both individuals and organizations to turn to specialists like doctors, lawyers, or accountants who understand the regulations and implications of the situations they advise on. Why should data be any different?

Other jurisdictions have passed data protection laws that are already dated and difficult to enforce. Mimicking these approaches just puts an unrealistic onus on individuals. Instead of relying on slow government regulations to keep up, data intermediaries offer a far more dynamic solution. Letting Canadians work together to defend their interests against Big Tech would enhance our freedom to navigate the online world with more trust in the digital economy.

This op-ed originally appeared in The Globe and Mail on October 22, 2022, and is republished with permission.

Want to learn more?

• Read our summary of five key things Canadians need to know about the implications of Bill C-27.

• Read commentary by Lisa Austin, Aleksandar Nikolov, Nicolas Papernot, and David Lie on why the CPPA’s reliance on deidentified data techniques falls short in ensuring best practices for data privacy.

• Read commentary by Wendy H. Wong on why we need to understand datafication through a human rights framework.

About the authors

Jamie Duncan is a PhD candidate at the University of Toronto’s Centre for Criminology and Sociolegal Studies and a researcher at the Centre for Access to Information and Justice at the University of Winnipeg. Duncan studies information policy, technology governance, and strategic communications with focus on topics related to security, migration, and policing. As an interdisciplinary social scientist, he draws from the fields of sociology, law, political science, and communications. His work has appeared in outlets such as The British Journal of Criminology and The Globe and Mail. Duncan’s doctoral research focuses on transnational cooperation and information sharing for border security and immigration governance between Australia, Canada, New Zealand, the United Kingdom, and the United States.

Wendy H. Wong is a professor of political science and Principal’s Research Chair at the University of British Columbia, Okanagan. Her main research interests lie at the crossroads of international relations and comparative politics. She is interested in the politics of organization, why human beings choose to act collectively, their choices to go about doing it, and the effects of those choices. Research interests include: human rights, humanitarianism, international law, social movements, indigenous politics, the rights of ethnic minorities, and the role of networks. Her research has been supported by the Social Sciences and Humanities Research Council and the Canadian Institute for Advanced Research, Successful Societies research program. Her book, Internal Affairs, was published by Cornell University Press in 2012. She received her PhD in Political Science from the University of California, San Diego.

Browse stories by tag:

Related Posts