Matthew Braga reports:
The Office of Canada’s Privacy Commissioner has declined to name 11 Canadian websites found to be leaking personal information to third parties without the knowledge of users, but revealed in a blog post that privacy practices had improved after being notified of the government’s concerns.
A study found that user names, email addresses, location data and other identifying information were being sent to advertisers and analytics companies – in some cases, unbeknownst to the websites themselves.
Read more on Financial Post.
I can appreciate that the Commissioner wants to enlist cooperation/remediation and is using the avoidance of naming and shaming as the carrot, but shouldn’t the consumers whose information was leaked – either knowingly or unknowingly by the web sites – be informed? Apparently there is no such legal requirement in Canada.