In his column for the Toronto Star, tech law expert Michael Geist discusses privacy issues with companies gathering personal data on their customers and focuses on financial privacy issues:
The Royal Bank of Canada updated its mobile application for Android users earlier this month. Like many banking apps, the RBC version allows users to view account balances, pay bills, and find bank branches from their smartphone. Yet when users tried to install the app, they were advised that the bank would gain access to a wide range of personal data.
The long list of personal data – far longer than that found in comparable applications from banks such as TD Canada Trust or Bank of Montreal – included permission to use the device’s camera, to read the user’s call history, to access the user’s Internet browsing habits, and to even check out their browser bookmarks. After users took to Twitter and the Google app review section to complain, RBC advised that it would update the app and that users should “stay tuned” about the permission requirements.
RBC is not alone in requiring users to disclose more personal information in order to access services. Aeroplan, the loyalty program linked to Air Canada, sent an email last week to hundreds of thousands of Canadians notifying them that it too was changing its data collection practices. […]
The personal data grab from two of Canada’s best-known companies is part of a disturbing privacy trend involving a seemingly insatiable desire for customer information. These demands stretch Canadian privacy law to its limits and run the risk of placing user data at risk for security breaches. […]
Despite the legal limitations, the RBC and Aeroplan policies illustrate how companies have become increasingly aggressive in their personal information collection practices. […]
Some uses may seem relatively innocuous, yet the practice of collecting as much data as possible raises serious concerns. The risk of a security breach increases as companies capture and retain more and more information. This is particularly true for sensitive financial data, which is now accessed by more than just a regulated financial institution.