Ethical Tech YVR


Blog Posts

No results for undefined
Powered by Algolia

Freedom of Information and Protection of Privacy

Photo by Matthew Henry on Unsplash


In this week's session we'll be exploring the world of privacy! We'll dive into the laws that protect our information and privacy rights in BC, and learn about the effects of the General Data Protection Regulation (GDPR) in the European Union.

Meetup link - now closed



  • What type of information should private companies be able to collect?
  • How transparent should companies be when informing users on the information that is collected and extrapolated?
  • When it comes to protecting our personal information and accessing the information that others have gathered on us, what are our rights?
  • What can organizations expect of the users?
  • How do we define meaningful consent?

    • Google Education
  • Is it possible to implement privacy in the development of a software project as a basic foundation, with all the capabilities of modern technologies? (FIPPA is OLD!)
  • What do we need to think about when creating software for vulnerable groups? (e.g. mental health issues)
  • What is a right? Legal? Ethical?
  • As a youth, should you "put yourself out there"?

More discussion questions will be revealed at the session.

Rough Notes from Discussion

Rough planning notes

I thought it would be neat to document the notes that I put together for planning this session!

  • Intro to the session - CHECK
  • Intro to the topic

    • FIPPA
    • PIPA
    • GDPR
  • Intro to Carlo
  • Carlo time!

    • Q and A
  • meaningful consent

Both of these are for BC


    • rundown
    • 90's never fully updated, small amendments
  • PIPA

    • rundown
    • why aren't there any explicit recommendations or guidelines for technical security stuff? E.g. how to encrypt, where to store, medium to store data in.
  • Access to Information and Privacy (ATIP) Online Request (Federal)

Newfoundland - also has FOI stuff

  • GDPR rundown
  • Submitting your own FIPPA requests
  • What to keep in mind as developers

Convenience vs. privacy


  • tagged photos FIPPA

Government vs. Individuals

How to make your own requests?

  • Workshops (Thursdays, free!) - By Carlo's contact



Facebook and Protesting

  • Carlo has info from inside (Georgia Straight Alliance)
  • omnipotent power

    • by race, etc. target curches for votes
    • protests

Loopholes / exemptions to FIPA

  • no duty to document

    • the government isn't mandated to write anything down
    • use phone calls!
    • email chain that says "lets move to phone call"
    • can we please move to phone call
  • the more tech we have, the more access we have (more likely to email)
  • they try to tire you out


What is a right?

  • legal
  • ethical

We generally look at it as a legal thing instead of an ethical thing. It's interesting what we perceive what a right is????

Designating a privacy officer? PIPA and FIPPA (government always has someone)

Some random quotes from the PIPA guide:

The PIPA regulations require that, for an individual who is a minor, seriously ill, or mentally incapacitated, an organization must obtain consent from a legal representative, such as a legal guardian or a person having a power of attorney.

You may only collect personal information for a purpose that a reasonable person would consider appropriate in the circumstances. You must limit your collection to the amount and type of personal information that is necessary to fulfill your purposes for collecting it. You must notify individuals of the reasonable purposes for collecting personal information before or at the time you collect that information. You must obtain consent from an individual before or at the time you collect personal information.

Be careful of Reasonable Use!

Anja owns a bookstore and maintains an email list of customers who want information on new releases. When her friend, Rose, decides to run for city council, sheuses this list to send out a mass email urging her
customers to vote for Rose as a pro-book candidate. Rose has contravened PIPA because she is using the collected information for a new purpose (to campaign for Rose) without first determining whether the new use is reasonable and before notifying her customers that she wishes to use their email addresses for this new purpose and obtaining their consent to do so.  

Cloud Act - Donald Trump (any data that is within the system of an American company, even if you live in Canada)