On December 6, the Office of the Privacy Commissioner of Canada
released guidelines for organizations engaging in online
behavioural advertising to help address the privacy concerns raised
by this activity. Specifically, these guidelines are intended
to ensure that these practices are engaged in fairly, transparently
and in compliance with the Personal Information Protection and
Electronic Documents Act ("PIPEDA").
Briefly, online behavioural advertising is described as the
tracking of consumer's online activities, over time, in order
to deliver advertisements targeted to the consumer's inferred
interests. Because the Privacy Commissioner is of the view that
there is a serious possibility that the information collected
through online behavioural advertising could be linked to an
individual, the Privacy Commissioner has taken the position that
PIPEDA applies. Accordingly, an organization must obtain an
individual's consent before behavioural information is obtained
Importantly, opt-out consent for online behavioural advertising,
as opposed to the more challenging burden of opt-in consent, could
be considered reasonable provided that the Privacy
Commissioner's guidelines are followed.
Consent must be Meaningful and Informed
The practices should be transparent and the purposes must be
clear, understandable and obvious to the individual. Communication
methods such as online banners, layered approaches and interactive
tools are recommended.
Individuals should be informed of the purposes for the practice
and the various parties involved at or before the time of
As a best practice, organizations should avoid tracking
children and tracking on websites aimed at children.
Opting-Out must be a Real Option
Individuals should be able to easily opt-out of the practice,
ideally at or before the time the information is
An individual's choice to opt-out should be implemented
immediately and on an ongoing basis.
If an opt-out mechanism is not available due to the technology
used, or because doing so would render a service unusable, an
organization should not utilize that type of technology for online
behavioural advertising purposes.
The Information Collected must be Limited
To the extent practicable, only non-sensitive information
should be collected and used. Sensitive information, such as
medical or health information, should be avoided.
Any information collected or used should be destroyed as soon
as possible or effectively de-identified.
As outlined above, these guidelines are intended to assist
organizations in complying with the requirements of PIPEDA.
Complaints, however, will still be addressed on a case-by-case
basis. Therefore, it is important for organizations engaging
in online behavioural advertising to be alive to the potential
privacy issues and to take a proactive role in developing practices
that will ensure their continued success online.
The prospect of an internal investigation raises many thorny issues. This presentation will canvass some of the potential triggering events, and discuss how to structure an investigation, retain forensic assistance and manage the inevitable ethical issues that will arise.
From the boardroom to the shop floor, effective organizations recognize the value of having a diverse workplace. This presentation will explore effective strategies to promote diversity, defeat bias and encourage a broader community outlook.
Staying local but going global presents its challenges. Gowling WLG lawyers offer an international roundtable on doing business in the U.K., France, Germany, China and Russia. This three-hour session will videoconference in lawyers from around the world to discuss business and intellectual property hurdles.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).