GO Transit users need not fear privacy breach, expert says

GO Transit riders who might worry about their personal information being sold to third parties because of a partnership deal between Metrolinx and businesses can set their qualms aside, suggests a former privacy commissioner of Ontario. 

Ann Cavoukian, Ontario’s three-term privacy commissioner and now executive director at Global Privacy and Security By Design — a privacy advocacy group — tells The Pointer she is convinced that ridership data collected by Metrolinx, which it may share with businesses, will be devoid of personal information. The information will be aggregated in such a way that it will be “next to impossible” to identify sensitive details of transit riders. 

Cavoukian, a fervent advocate for data privacy, said her discussions with Metrolinx since the controversy arose have satisfied her that the agency will use strong de-identification methodologies that will render data about who is travelling where truly anonymous. “They assured me that that is the methodology they are using and there will be no personally identified data shared with them (businesses).” 

Cavoukian’s judgment follows that of current privacy commissioner Brian Beamish, who was belatedly made aware of concerns and has secured promises that Metrolinx will consult with the office of the Information and Privacy Commissioner on how ridership data will be used, to ensure privacy rights are respected.

In an effort to generate more non-fare revenue, Metrolinx announced earlier this year that it would start accepting proposals on Aug. 1 for investment deals with companies that include naming rights for stations, similar to the rights at sporting venues such as  Scotiabank Arena and Rogers Centre. It said stations at Whitby, Pickering, Oakville, Exhibition and Clarkson are eligible and proposals for others will be considered on request.

Metrolinx touted the benefits of such collaborations, which, in addition to naming rights, allow partners to use the GO Transit brand and logo. Depending on the station building, they may also be offered retail space, opportunities to feature new products and services through promotional events inside the station, on-site ads, and opportunities to sell their products and services to Metrolinx. 

The advantage that ignited controversy was the offer of data-sharing opportunities between the agency and its partners. Metrolinx’s official document says the agency could share “aggregated and anonymized GO Transit ridership data (excluding Presto PII data)” with potential firms “for research collaboration and customer mapping research.” (PII refers to Personally Identifiable Information.)

The issue gained momentum last week after Brampton Centre MPP and NDP deputy leader Sara Singh wrote to current privacy commissioner Brian Beamish, expressing her concerns about data-sharing agreements in Metrolinx’s proposal by referring to a Toronto Sun article that claimed the government will be selling personal information about its Presto-card carrying riders to its partners. 

She expressed concern that private companies might data-mine personal information of riders for potential commercial use and criticized the governing PCs, saying that “instead of directly communicating with Ontarians, the Government and Metrolinx have leaked this proposal to the media.”

She urged the commissioner to investigate whether the agency’s plans could be a breach of transit users’ privacy rights. Beamish responded officially to Singh’s letter saying that he had subsequently learned in discussion with Metrolinx that “no decisions have been made about the kind of information that may be shared in the context of a strategic partnership.” 

He said the commissioner’s office has asked Metrolinx to work with its policy team to ensure the agency uses effective de-identification methodologies. “I am pleased to confirm that Metrolinx’s Chief Privacy Officer and Chief Marketing Officer have committed to consulting with our office on this initiative,” he said. “In this way, the IPC can ensure that any information released by Metrolinx is properly de-identified and that rider privacy is protected.”

He said it wouldn’t be the first time anonymized personal information was sold by government organizations. For example, the not-for-profit Municipal Property Assessment Corporation — which provides property assessment services for the province — sells non-identifiable property assessment information products to the public.

Singh told The Pointer that Beamish’s response is a “good first step.” However, she said the fact he wasn’t aware of how Metrolinx would use the data prior to her letter conveyed the transit agency’s lack of transparency and consultation with the public. She hinted that the initial plan still under development at Metrolinx could change in the future. She said the agency has yet to clear the air and that uncertainties remain about how exactly such information, even anonymized, could be used.

For instance, she wonders whether transit riders might start seeing pop-up ads from businesses that partner with the agency. “That’s our concern, that they will use this information to send us targeted messaging, marketing, and perhaps other types of engagement that we aren’t consenting to.” 

She worries about privacy breaches in future, saying, “this is the start of a slippery slope here with the government … where does that end and how far does that go?”

Cavoukian disputed Singh’s suspicions, saying Metrolinx is going the extra mile to ensure privacy isn’t compromised. Once data is anonymized, the matter falls outside of privacy laws since the data is stripped of personal identifiers, which means there is no privacy breach. 

At the same time, she suggested Metrolinx would have done better to proactively explain its intentions to share information. Metrolinx spokesperson Anne Marie Aikins assured the Toronto Star in response to questions that “all ridership data that may be shared will be aggregated and will not contain any personal information or any other identifiable information that could be tied to an actual person.” However, Cavoukian said, “They could have provided notice to the public that this is what they are doing while saying that their data would be strongly protected and this is the process. Perhaps, they avoided that.” 

Roy Wilder, a security guard in Brampton, said he isn’t concerned about his ridership data being shared with third-party organizations. “Riding information is general information. So many people get off this spot or that spot, it’s irrelevant,” Wilder said. “If it was more about banking information or something like that, I would be concerned. They just basically want to know the traffic information, to know how many people are going to see their signs.” In addition, he feels the information to be shared is too generic for them to seek consent from riders. “If this was a group study, then yes, it’s important, but this is just general information.”

Alberto Fernandez, a resident in Brampton and a father of an 11-year-old, said he is always perturbed by the thought of someone accessing his data without his permission. He said he was a victim of a data breach when someone swindled $50,000 from his credit card to buy a Cadillac, because of which he has been denied support from the Ontario Disability Support Program. “I’m struggling to pay for basic amenities because of my current problem,” he said, adding he’s now acutely aware of privacy issues and is suspicious of how businesses use data. “What has my ridership information got to do with all of this?” 

Mehdi Jaouha, a paralegal student at Humber College, echoed Wilder, saying he doesn’t mind businesses accessing such anonymized information if it helps them grow. He said he would be worried if someone pried into his messages, but ridership data won’t have significant implications. “For the bus, it’s okay because they’ll probably just want to know which stop I get down. That is fine.” However, Jaouha said that he would have appreciated Metrolinx seeking consent, in a display of transparency. “Whenever we go to a website, they seek your consent for the data they might need from us; they should have done the same.”

Metrolinx’s document suggests the transit agency has already started meeting with interested corporations and may be entering negotiations for a station sponsorship by late fall. 

https://thepointer.com/article/2019-08-11/go-transit-users-need-not-fear-privacy-breach-expert-says