Join the conversation about data rights


Each time we use a search engine, our smartphones, social media or other digital tools, we generate data about ourselves.

What rights do we have when it comes to the data we generate?

“Data rights” is a fairly new concept. It refers to how our data will be used, ensuring that our digital security and privacy are protected by law. 

Other regions and countries throughout the world are exploring the idea of “data rights” that can be protected by new laws. The European Union’s General Data Protection Regulation (GDPR), for example, is a new law that has helped promote data rights across Europe. The GDPR has created new rights for people to access, change and remove the information that companies hold about them. If companies do not respect these rights, they may be fined.

What do “data rights” mean to you?

Join the conversation on data rights by posting your ideas below in the discussion forum. The purpose of this forum is to solicit ideas, collect input and encourage discussion between participants. 

Comment Sort


Z Kamal's avatar

Z Kamal
Jul 31, 2019 - 12:11

Good initiative, would like to join this conversation

bigD's avatar
Jul 31, 2019 - 13:13

Data generated by individuals creates wealth and individuals have the right to directly receive any profits generated from their data! Similar to copyright. Individuals should have the option to opt out of any data collected !

Layperson 's avatar
Aug 1, 2019 - 10:01

If it has any identifying information on me, like names, addresses, phone numbers etc then hopefully I should be able to have the right to say who is allowed to use that information.

If if does not have any identifying information on me, then I think I should be able to feel comfortable to allow that non identifying information used for good purposes. So then the system needs an International Standard to monitor the data points being used for whatever good stuff they are doing with it.

Engage Participant's avatar
Aug 1, 2019 - 10:20

We know our data is valuable and in many consumer cases we are already being compensated to a degree (e.g. loyalty programs that offer discounts, reward points etc.) but are we being compensated fairly? Is there such a thing as "fair market value" for an individual's data in a particular circumstance? Should opting out of sharing data ever preclude you from receiving certain consumer benefits? What about non-consumer data? If the data collection is used for community or social benefit should you expect to be compensated for that?

I think a lot of it comes down to education and ensuring individuals know what the data will be used for and how so they can make a choice as to whether or not to participate. Someone may not want to give their data to a retail outlet but may have no issues in sharing personal health information for a cancer study.

The terms and conditions should have a plain language requirement that is easy to understand with consideration given to accessibility standards. Ideally, the actual monetary value of the data should be disclosed vs. the value of the compensation. In non-consumer applications the community or social benefit should be clearly outlined. Opting out of data sharing should never preclude someone from receiving essential services - EVER.

lemonade 's avatar
Aug 13, 2019 - 11:56

I agree! Companies regularly benefit from the ---- of our aggregated data, and consumers do not see this benefit. In fact, they often aren't made aware of how this data is used as it is hidden in the fine print. It often takes a data breach for consumers to realize what was collected, as it is now been compromised. Companies should be required to justify the collection of data, not require unlimited permissions in its terms of service without cause (e.g. why does a note app on my phone need access to my contacts and call history?)

sitrucj's avatar
Aug 1, 2019 - 11:18

My first concern is the protection of Personal Data. Any personally identifiable data should have strict standards for protection with explicit rules for notification and the potential financial compensation upon the breach of that data. Any use of Personal or anonymized data about a person should be explicitly known. If we are tracked in public or private, we are entitled to know. If that data is ever compromised, we are entitled to know and depending on severity, we are entitled to compensation. Fines should include payment of the people affected. If the data that is collected ever leaves the country, we should know. If data is accessed by a foreign organization of any kind we should know. We are entitled to know how data we created through actions or otherwise is used; that data ought to be protected from misuse. If there is a breach of that trust, there should be substantial penalties.

Engage Participant's avatar

Engage Participant
Sep 14, 2019 - 00:52

I agree- but if you use web-hosted email like Gmail or a CRM system like Salesforce- your data left the country. So maybe the government needs to find a solution for this on their own or approach the Gmail's and Saleforce's of the world.

malojackie's avatar
Aug 1, 2019 - 13:38

For data to be collected and used for commercial purposes, people should have to opt-in. Too many times it's a difficult search for the ways to opt out or adjust privacy settings in general. For scientific and health (not all government) purposes you should be able to opt out. If there is no identifying information then I don't see a problem with collecting the info for scientific and government purposes, but not commercial.

Tony's avatar

A Professor addresses this very well with employment standards; however the same premise can be applied to data stewardship regardless of industry, be it private or public; “…An effective compliance and enforcement strategy will … seek to inform about, strengthen normative commitment to, and detect, deter and where possible address systemic root causes leading to violations….” Promoting Trust and Confidence in Ontario’s Data Economy, will “…require a tool kit that combines information dissemination, outreach, persuasion to voluntarily comply, proactive detection of non-compliance, and enforcement of deterrent remedies and sanctions. Deploying these tools effectively to increase compliance requires intelligence gathering and the capacity to evaluate alternative strategies….” In short, we need to understand exactly how our data is being captured, all areas need to be examined; be that by, online forms, providing details during an in person application, merchants requesting info for services rendered, medical offices, hospitals, medical practitioners, banks, government and\or how law enforcement collects for the sole purpose of individual verification – these are all user end points that make us vulnerable and places us at risk, and all end points are not immune to a breach or abuse of unauthorized access with user data.

Tony's avatar
Aug 1, 2019 - 15:01

This also should include how to report violations or situations and scenarios where we believe too much data was collected or should have not been collected. Examples could include how a rental company or auto dealership photocopies a drivers licence or an online application not allow access to services due to a lack of applicant submission of sensitive personal identifiable data, that it is not entitled to. There should be a reporting and enforcement mechanism available to citizens that ensure regulatory requirements are enforced as well as regulation is strictly followed, in line with PIPEDA or GDPR.

KMac's avatar
Aug 12, 2019 - 14:37

Think you should delete the social media share options on your pages here. Many would argue this will increase interaction and is a must for social engagement but, I argue, that the issues around digital rights and privacy are too important to allow these social media platforms access to the conversations. Until such a time as individuals can control data to a better degree, I think govs need to recognize any use of platforms outside of gov control leaves users wide open for data grabs and potential misuse. It seems ironic that we would be discussing protections, interventions and the like and right on the page provides an opening to places that do need some temperance.

Aside from this I think govs need to be mindful that the use of data is essentially to the point where we are too late to the game. It may very well be out of control unless govs can weigh in much more forcefully. The Sidewalk Labs proposal presents an absolute teachable moment for governments at all levels to step up and draw some conclusions now. I would very much like to see you advance your timelines exponentially to come up with some immediate items of mitigation around data collection and use. This is not easy of course but that shouldn't be reason to delay.

I do presentations on AI, Social Media, Privacy & Digital Right. It may interest you to know trust for government is far lower than that of social media companies such as Facebook and Google. Taking steps now to build public trust is good!

ho4kkwl's avatar
Aug 21, 2019 - 09:56

Data security & privacy whether in the digital hands of government or corporations is only as good as the human "person" or "persons" viewing, analyzing, researching, utilizing the data in any form. Just Google your name, even your full name and see how many people have the same name. An identifying nondescript identifier with your data is fine but it still needs a human to interface with the data. 2245 oops 2244. Humans make mistakes and the data could be misinterpreted or end up with a bias.
Need to have more AI, algorithms, artificial intelligence, deep learning, double & triple checks, transparency & accountability.

I recommend this paper on "A Call to Action: Moving Forward With the Governance of Artificial Intelligence in Canada" by Aviv Gaon
Osgoode Hall Law School & Ian Stedman, Osgoode Hall Law School

RHA's avatar
Aug 29, 2019 - 09:32

I think it is very important for the government or an agency to form the Data Governance Framework for corporations, small businesses and for the people of Ontario where there are programs/services such as; regulations, education on data governance and privacy, Ombudsmen and define rights of the stakeholders on how data could be obtained and used and allow people to have the option on how they want their data shared.

KET's avatar

Are there any steps or consultations happening now to include patients in the new Ontario Health Teams? They've been created to provide more patient-centred care and there's a digital strategy that includes granting patients access to all of their own personal health information. I'd like to know how patients are being brought into the strategy and if the patient-doctor relationship will change.

Engage Participant's avatar

Engage Participant
Sep 1, 2019 - 18:03

Website and GPS tracking is used to create profiles of people so that they can be targeted for ads and research shows that such targeting is used to charge people more. We need to better protect personal data - this means limiting the surveillance of individuals by for profit entities. More targeted advertising is NOT a good reason for limiting our privacy. Facebook, Google, Twitter and Adobe are the worst offenders, but there are many more.
We need to start by
1) forbidding the collection of any data on anyone's website except your own.
2) forbidding the collection of video data except for security purposes.
3) we need to forbid the ---- of GPS data and allow it to be retained only for the purpose of public security
4) we need to treat internet service providers such as Bell, Rogers and the rest as utilities who shall not sell their user's data
Only with such activity will be start to trust.
The premise of this exercise by the government should be to protect its citizens - seeking to promote trust in the data economy indicates a badly biased foundation

Engage Participant's avatar

Engage Participant
Sep 26, 2019 - 09:49

I have had terrible data safety experiences with major retail outlets, such as Loblaws, Marshalls and the LCBO. They have regularly taken sensitive personal identification information without my consent. Most often it has been for a product return, and/ or age verification; they take my address, date of birth, etc. and I have no insight at all to how my data is being stored, who has access to it, or why I had to go through such an unpleasant experience simply to return an unused item (e.g. a gift for someone, or an unopened retail product).

I am the one who pays the cost for identity theft, both financial and emotional. It's really upsetting that these multi-million dollar corporations are allowed to take my information and use it for marketing purposes. I know they are lying - they just want to get free access to demographic information for marketing such as where I live, my income level, and my age - without having go through regulated channels, or pay for it.

Engage Participant's avatar

Engage Participant
Oct 11, 2019 - 13:10

One of the key issues of data rights is to give people a stake in their data and control over how it is used and the value it creates. To this extent the idea of Data as Labour developed by economist Glen Weyl and technologist Jaron Lanier should be ingrained into Ontario law.

Tony's avatar
Oct 24, 2019 - 11:34

I was intrigued and found this online: (; great read.

Tony's avatar

Aside from the Public consultations dates indicated: (Stratford on Friday, November 1), (Ottawa on Tuesday, November 5), (Peterborough on Friday, November 8), (Sarnia on Tuesday, November 12), and (Sault Ste. Marie on Friday, November 15) are no other cities being considered these sites limit public involvement, for example Stratford is included however Kitchener-Waterloo-Cambridge is still an hour away, a bit concerning with Waterloo's presence in the tech sector; there are many KWC citizens that could bring valuable input to the table.