Do Privacy Laws Need More Teeth?

Canada’s Privacy Commissioner, Jennifer Stoddart, appeared yesterday before the House of Commons access to information, privacy and ethics committee. 

The Commissioner would like PIPEDA to include stronger penalties for privacy violations as an incentive to comply. PIPEDA currently has no financial sanctions. If a violator does not conform to a decision of the Commissioner, the recourse is for the Commissioner to take it to the Federal court, which has powers to order compliance and grant damages.

In part this seems to be driven by “…the apparent disregard that some of these social media companies have shown for Canadian privacy laws.” 

I’m wondering what readers think about this.

Would the ability to collect financial penalties for PIPEDA violations make a difference?

Does the complexity and newness of social media products make it inherently difficult to get privacy right and create clear and simple privacy policies – or do they just not put enough effort into it upfront?


  1. David Collier-Brown

    Formally, the answer is “not trying” (;-))

    (Computer-related) privacy is an improper subset of security, where mandatory access controls have been a solved problem for a long time. Since the Orange Book in 1985, for example. Breaching someone’s privacy fits into this formal model quite effectively, and therefor can, and IMHO should, be dealt with. Firmly.

    Finding spies, preventing leaks and defending against attacks are harder problems, and are probably not ready for legislation quite yet, but “solved problems in computer science” can legitimately become a different kind of “code”any time now.

    [“IMHO” is nerd for “in my humble opinion”]

  2. Michael Geist’s comments from his appearance at the committee are worth a read.