Cultivating Healthy Online Privacy Habits

April 11, 2017

Because the Learn section of TalkRights features content produced by CCLA volunteers and interviews with experts in their own words, opinions expressed here do not necessarily represent the CCLA’s own policies or positions. For official publications, key reports, position papers, legal documentation, and up-to-date news about the CCLA’s work check out the In Focus section of our website.

When you use the internet, you’re often exposing yourself to numerous threats to your privacy. Theft of personal information and monitoring of private online activity are issues that Canadians should be taking very seriously. Not surprisingly, these threats can come from a variety of sources. For one thing, consumers are being targeted more and more by retailers and advertisers with the advent of online marketplaces. In a broad sense, the online behaviour of Canadians is being observed to an unprecedented extent. For more general information about online privacy, check out the Talk Rights page on consumer surveillance.

In contrast to this type of clandestine surveillance, many Canadians expose their personal information to risk by sharing it intentionally – including with the Canadian government. Most of the time, when the government receives a Canadian’s personal information, they do so with that person’s consent. This takes the form of common activities such as filling out official forms. It’s also possible that the government obtains personal information legally through private-sector entities such as retailers. These companies can share data with the government under certain circumstances due to provisions of the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s private sector privacy law. For example, in section 7(2)(a) the PIPEDA provides that private sector organizations can share personal information without a person’s consent when they believe that it may be relevant to a criminal investigation.

However, it’s also been shown that Canadian government agencies are cultivating mass online surveillance capabilities. Legally, they are barred from targeting Canadians, however it appears that Canadian communications are also being intercepted. The CSE (Canadian Security Establishment) has stated that this is purely unintentional, however Canadians should still be aware it may be going on.

Because personal information can be difficult to control, educating yourself will be the most effective way to ensure that your personal information is as secure as possible. Once you’re armed with the right information, you’ll be able to make better decisions online and anticipate issues before they arise. This is the core of developing safe online habits.


If privacy is a major concern for you, it’s essential that you think carefully about what you share about yourself on the internet. Unfortunately, it’s not realistic to expect absolute privacy online. However, having good privacy habits will ensure that your information is as safe as possible.

When using social networking services, for example, be judicious about what you tweet or what you like – simple online behaviours such as these can result in your beliefs and preferences becoming widely available online, including to the government. Think of this as your online privacy “hygiene.” The more you pay attention to the way you conduct yourself online on a daily basis, the safer your privacy will be. Developing habits that keep your personal information closely protected will pay off dividends in the long-run.

Think carefully before sharing personal information with anyone online. Sending your data over the internet adds uncertainty and risk – and there are numerous ways that your information can end up being seen by more eyes than you intended. This is why it’s important to cultivate good online hygiene; the exact nature of state surveillance is mysterious, so it’s best to be prepared.


Another key habit is to be careful about how you use online data storage services and even email services. Using online services to communicate and store data exposes your information to additional risk of unwanted interception.

For instance, even if both you and your recipient are within Canada, your communication may leave the country before it reaches its destination. Similarly, using cloud-based data storage may involve sending your information out of the country for storage. Over 25 per cent of Canadian internet communications actually flow across the US border to American servers before being rerouted to Canadian destinations. Canadian laws don’t apply to those communications at any point outside of Canadian territory. While this information may not be monitored by the Canadian government, it’s possible that these communications may be collected by the US government.

Subsequent to being collected by the US, these communications may be shared with America’s allies, including the Canadian government. So, despite the fact that the path your data follows may be convoluted, it’s important to recognize what happens to your data when you send it through an internet connection. In particular, it’s important to recognize the limited application of Canada’s laws to online service providers located outside of Canada.

Therefore, think twice about uploading sensitive information onto a cloud-based storage service or sending it through a commercial email service. It’s possible that such documents can be intercepted by the government, albeit perhaps indirectly.


If you want to make sure your personal information is safe, perhaps the most important habit is to be aware of how you information is being used and by whom. Part of this is keeping up to date with any changes to privacy legislation in Canada, particularly the Privacy Act and PIPEDA.

Understanding the nuances of laws and legislation isn’t easy. Thankfully, the CCLA website is one of best available resources for all things privacy-related, including articles regarding privacy laws. The CCLA works constantly to keep the site up to date with analysis of current privacy issues and legislation. For more information on how to protect yourself, spend some more time here on the CCLA website, or check out the website of the Privacy Commissioner, where you can find useful information and tips.

Hopefully change is on the horizon for Canada’s privacy laws; for one thing, Canada’s privacy watchdog, the Office of the Privacy Commissioner, has been vocal about the shortcomings of Canada’s privacy legislation. Maybe you should do the same (which leads me to my next point)!


It’s been established that online privacy is something Canadians take seriously. However, debate about how the government handles our personal information has been surprisingly sedate thus far. If you’re concerned about your privacy, speak up! Privacy rights are important, and more Canadians should be talking about how the government addresses them.

As other articles on this site have discussed in detail, the Canadian government’s main responses to privacy issues are Canada’s privacy laws (including the Privacy Act and PIPEDA). Unfortunately, these laws have been on the books for many years now without meaningful changes. Practically speaking, this means that our government is using twentieth century tools to deal with issues that arise from brand new, twenty-first technologies such as online social media.

Make sure to share what you’ve learned with family and friends, and maybe even write a letter to your Member of Parliament. So far the government hasn’t made a concerted effort to modernize privacy protection in Canada, so change might have to start from the bottom. Make sure those around you are aware of how important this topic is, and what they can do to make a difference.