Let’s discuss a hypothetical situation. Let’s pretend that Bill S-210 did become law as the AgeGO scandal moved forward. What Would happen?
Earlier this month, the age verification world was rocked with the AgeGO tracking scandal. AgeGO, of course, is a company that is responsible for age verification on multiple popular porn sites like XVideo’s. They claimed that they had implemented a “double blind” system to ensure that people’s personal information remained private while ensuring that the people who used those sites were, in fact, of legal age to view such videos.
Research, of course, upended those claims as the company was basically busted tracking who visited which URLs and collected people’s e-mail addresses as well. It was a major scandal that most had never heard of because as soon as the scandal broke, mainstream media outlets worked hard to ensure the whole story was swept under the rug. We, of course, didn’t let that happen, but others are desperately trying to pretend this sort of activity doesn’t exist despite the mounting evidence saying otherwise.
Here’s the thing, though: Canadian lawmakers pushing similar age verification laws have long insisted that their laws would respect people’s privacy and ensure that their information is only being used to verify the ages of people and nothing more, though the text of the bill at the time clearly showed otherwise. Now, it’s worth pointing out that although the bill made it to the final stages of becoming law – specifically all the way to the Royal Assent stage, an election was called and the bill was mercifully killed. As a result, Canadians were spared the “papers please!” issue that has been plaguing the internet in other jurisdictions for the time being. So, this bill was never actually tested, but I thought it would be an interesting exercise to look at what would happen is this bill really did become law.
To make this an extra juicy hypothetical scenario, let’s also assume that the company actually sold what they tracked to a third party without authorization. To be clear, the reports didn’t indicate that they did that at this point in time, but we’re looking at absolute worst case scenario here purely as a thought exercise. Naturally, this scenario also presumes Canadian information was involved, ensuring that the Canadian government and the courts do have jurisdiction in this scenario.
So, assuming these three elements, what would theoretically happen? Well for the relevant law at that point, we must turn to Section 11 which states the following:
Regulations
11 (1) The Governor in Council may make regulations for carrying out the purposes and provisions of this Act, including regulations prescribing the age-verification methods referred to in subsection 6(1).
Age-verification method(2) Before prescribing an age-verification method under subsection (1), the Governor in Council must consider whether the method
(a) is reliable;
(b) maintains user privacy and protects user personal information;
(c ) collects and uses personal information solely for age-verification purposes, except to the extent required by law;
(d) destroys any personal information collected for age-verification purposes once the verification is completed; and
(e) generally complies with best practices in the fields of age verification and privacy protection.
So, under the hypothetical scenario that AgeGO sold that information to a third party, this would clearly be in violation of at least Section 11 (d) and possibly (c ) and (e) as well.
This is probably where supporters of this bill will jump up and say “AHA!!! See??? The law works! It’s a perfect bill!” The problem is, while this would be a violation of the law, there is absolutely no penalty anywhere being prescribed. No fines, no jail time, no penalties, nothing. If you don’t believe me, go ahead and read text of the bill yourself. You’ll turn up nothing just like me.
Some might argue that Canada also has strong privacy laws as well, so maybe that will pick up the slack left behind by Bill S-210. This is generally in reference to PIPEDA (Personal Information Protection and Electronic Documents Act). Basically, this is a 25 year old law that has become one of the biggest long running jokes. The only power afforded to government – in this case, provincial and federal privacy commissioners – is for them to send a strongly worded letter. This with the hope that these companies would feel bad and change their ways after getting a good finger wagging.
International companies like Clearview AI are realizing that there really is no penalty for breaking the law when it comes to Canadian’s personal information. So, they have taken to increasingly ignoring those strongly worded letters.
In 2019 when Facebook was hit with the Cambridge Analytica scandal, the commissioners sent strongly worded letters to the company, arguing that they violated the law. In response, Facebook shrugged and effectively said “meh, we disagree. What are you going to do about it?” For the privacy commissioners (and I should reiterate, they do a phenomenal job with the awful tools they were given), this was not going to stand. They stepped out of their roles as commissioners and into the role of private citizens and sued Facebook. This was because there was nothing else they could do to hold Facebook accountable for what they did in Canada. To add insult to injury to all of this, the courts ultimately ruled that Facebook did nothing wrong in the whole Cambridge Analytica. This after the patchwork American system found a way to fine Facebook a record $5 billion USD for the same violations.
If that weren’t a big enough black eye to the sorry state of affairs that Canadian privacy law finds itself in, earlier this month, the Privacy Commissioner was also going after Google for not respecting people’s privacy when it comes to the Right to Be Forgotten. In response, Google effectively laughed off the commissioners strongly worded letter. Much like Facebook, Google realizes that unless there is an actual lawsuit filed – which means someone is dropping real world dollars to take the law into their own hands – then there is no actual penalty for violating people’s privacy.
In the AgeGO hypothetical scenario, the same would apply here. Unless the company grows a conscious and actually follows the orders made by the privacy commissioner, there is a good chance that they will follow the lead of Google and Facebook and send the strongly worded letter straight to the shredder. If anyone asks, they could either say they disagree with whatever findings the commissioner came up with or not bother responding at all. Hey, they made their money by breaking the law and there’s no reason to believe that anyone is going to stop them in Canada, so why bother putting in any effort?
It’s the exact same problem we’ve been raising for years now. There are no penalties for breaking Canadian privacy law. What’s more, the complicit media doesn’t really have any appetite to question a system that is making things more difficult for companies to thrive on the internet in the first place, so who the heck is even going to scold them. Even if Canadians band together and file a class action lawsuit, the courts are going to request evidence that they have personally been harmed in some way by the act of the company selling that information. That is going to take a lot of time, money, and effort with no certainties the courts are going to even listen. It’s ultimately an uphill battle for those filing such a lawsuit. Such a claim would have a lot of challenges to be proven in court.
While all of that is happening, in the theoretical scenario, AgeGO would also be laughing all the way to the bank to cash the sweet sweet check they got from whatever data broker they sold that information to. The lesson for a company like that? Crime pays and pays a lot. No one is going to stop you, so go ahead and break the law.
I wish I was exaggerating in this scenario, but sadly, I’m not. Politicians have proven time and time again that they don’t give a flying fuck about Canadians as far as privacy is concerned. The only time they ever care about any form of privacy reform is if they can allow their political parties to further plunder and pillage the personal information of Canadians. Otherwise, as far as they are concerned, Canadians are on their own. As a result, Canadians will continue to pay the price for this ridiculous level of negligence.
Drew Wilson on Mastodon, Twitter and Facebook.
Discover more from Freezenet.ca
Subscribe to get the latest posts sent to your email.
