Opposition MPs pushed for the suspension of the Public Health Agency of Canada’s analysis of cellphone location data Thursday, saying they want more assurances the program safeguards Canadians’ privacy.
The agency has been using “de-identified” cellphone location data since early 2020 to measure how effective public health directives – like lockdowns and other mobility restrictions – have been at slowing COVID-19’s spread.
PHAC did not collect the data, and has been publicly releasing aggregate mobility information since December 2020. The agency says the aggregate data cannot be used to identify individual Canadians.
But opposition MPs suggested the program amounted to “tracking” Canadians without their knowledge or consent. At an emergency meeting of the House of Commons’ ethics and privacy committee, Bloc Québécois MP René Villemure moved a motion to suspend PHAC’s planned acquisition of mobility data through 2022.
“What Health Canada wants to do with this data is laudable. The end goal is a good one,” Villemure told the committee.
“However, I do have preoccupations and concerns about how would you go forward through (purchasing data from) private companies, for example.… We have to allow Canadians also to truly understand the entire situation here.”
The committee – which scheduled emergency meetings to discuss the program at the request of Conservative and BQ MPs – is scheduled to resume debate on the issue on Monday. But the committee’s motion, put forward as an attempt to safeguard Canadians’ privacy, would do little to stop private sector companies from collecting and monetizing location data with or without PHAC’s interest.
The public health agency confirmed that it has been using mobility data throughout the pandemic to evaluate how certain measures – such as lockdowns and other restrictions on travel – have affected the spread of COVID-19.
The agency first accessed mobility data from the federal Industry Department, but expanded its tracking program through a sole-sourced contract with Telus in late December 2020.
PHAC said all data was “de-identified” – meaning no data could be linked to individual Canadians’ movements. The agency said it was concerned with “population-level mobility” to judge the efficacy of public health directives. Individual cellphone locations within the data would be of little use for those efforts.
- As Canadian, allied ships sail to new missions, tensions over Taiwan remain
- Tenants opposed to above-guidance rent increase go on rent strike, withhold payments
- David Johnston will testify before Parliamentary committee as resignation calls continue
- Conservatives threaten delay to federal budget with 900 proposed amendments
The agency also noted it has been publicly sharing the mobility data since December 2020.
Last month, the agency issued a request for proposals to provide similar mobility data through 2023.
“Mobility data will be used primarily as a complementary data source for analysis to support situational awareness. For example, when analyzed with outbreak data, understanding population movement can help predict risk to other geographic areas,” the agency wrote in a statement.
“Mobility data, combined with data on public health measures, can help to assess the effectiveness of those measures based on how the population responds to public health guidance and directives.”
Despite PHAC’s assurances that proper privacy protections are in place, the tracking program’s existence raised eyebrows among privacy advocates and opposition politicians.
Christopher Parsons, a security researcher with the Citizen Lab at the University of Toronto, called PHAC’s repurposing of cellular location data for public health monitoring – largely without Canadians’ knowledge or consent – a “big deal.”
“This constitutes a shift from one use of data that few subscribers would object to – using mobility information to improve and enhance cellular network quality – to one that is demonstrably more controversial,” Parsons wrote in a blog post Wednesday.
“Put slightly differently, I would argue that Telus and other Canadian telecommunications companies have qualitatively changed the nature of the data which has been collected as a result of repurposing it.”
PHAC was not “collecting” the data, as opposition MPs have suggested, nor was it operating in “secret.” Teresa Scassa, a research chair in information law and policy at the University of Ottawa, noted that private sector companies – including telecommunications companies, but also social media and internet giants – track their users on a massive scale.
Scassa said Canadians seem to be much more concerned about the government possessing such data than companies who profit from it. But Scassa also noted that a general lack of government transparency and accountability around big data issues – coupled with Canada’s aging privacy laws – can give rise to questions and concerns.
“We’re in a context in which there is a need for additional safeguards and oversight when it comes to de-identified data, and we just don’t have that in legislation,” Scassa told Global News Wednesday.
Federal privacy commissioner Daniel Therrien’s office is now probing what safeguards PHAC had in place to ensure the data was properly “de-identified.”
Conservative MP John Brassard suggested the agency was “tracking” Canadians without their knowledge or consent.
“We need to know what security measures were in place to protect the privacy rights of Canadians,” Brassard told an emergency meeting of the House of Commons’ privacy and ethics committee Thursday.
Liberal MP Greg Fergus said PHAC’s data program was “absolutely reasonable” and denied it amounted to the government “tracking” individual Canadians.