Helping journalists, producers and conference planners find the female guests, speakers and expert sources they need.

Rogers e-mail service terms allow access to users’ contacts, raising privacy concerns

The Globe and Mail with Teresa Scassa 21 April 2018

A new set of terms and conditions recently sent to Rogers e-mail users includes a Canada-specific provision that would allow the service provider to mine their friends’ and contacts’ personal information.

Toronto-based Rogers Communications Inc. has outsourced its e-mail service for internet customers to Yahoo for several years. Verizon Communications Inc. acquired Yahoo last year and merged it with AOL to create a digital and media brand called Oath.

More than halfway through a 27-page document of terms and conditions sent to Rogers e-mail users over the past week, a section specific to Canada states: “By using the services you agree that you have obtained the consent of your friends and contacts to provide their personal information (for example: their email address or telephone number) to Oath or a third party, as applicable, and that Oath or a third party may use your name to send messages on your behalf to make the services available to your friends and contacts.”

The new terms of service sent to Canadian Yahoo e-mail users, including those with @rogers.com accounts, in pop-up notices state they must eventually agree to them to continue with the service. Rogers will not say how many customers would be affected by the new terms.

The office of Canada’s Privacy Commissioner said on Friday it is responding to numerous complaints from Rogers e-mail users since the introduction of the new terms of service, which would allow their communications to be monitored for advertising purposes.

Tobi Cohen, a spokeswoman for the Office of the Privacy Commissioner of Canada, said on Friday: “We are aware of this issue and have received a number of calls from concerned Rogers customers. We will be reaching out to the organization for more information.”

The Globe and Mail has heard from numerous Rogers e-mail users concerned about the Canada-specific provision, with one person saying he has cancelled his account and moved to a ProtonMail, a service that charges a monthly fee for more than 500 megabytes of storage .

Teresa Scassa, a professor of information law at the University of Ottawa, said that under Canadian anti-spam and privacy laws, companies can’t send commercial messages to someone or collect an individual’s personal information without getting their consent first.

“[Oath is] trying to do an end run around both consent requirements by getting the user who agrees to their long terms of use to guarantee to them that they’ve already obtained the consent of all of their friends and contacts to have [Oath] use their personal information,” she said in an interview on Friday.

“It doesn’t seem to me to be a reasonable effort to get the consent of the people whose information you’re using,” she added.

Users have also complained about a term that specifies Oath analyzes “content and information,” including e-mails, photos and attachments “when you use our services.” It explains, “This allows us to deliver, personalize and develop relevant features, content, advertising and services.”

An Oath spokesman said users can opt out of tracking for advertising purposes, but users have complained they cannot see a way to do so.

“We’re told if you want to use a search engine for free or you want a free e-mail service like Gmail, the personal information is the quid pro quo,” Ms. Scassa said. “But what I find interesting in the Rogers case is they’re customers, they’re paying money and they’re still having their personal information mined.”

She said the scandal over data firm Cambridge Analytica’s misuse of 87 million Facebook users’ information (including the data of more than 620,000 Canadians) has shown people care about privacy, adding, “I‘m hoping that what people are starting to think is maybe there is room to push back.”

Asked in an interview after the company’s annual general meeting on Friday about how he would respond to customers’ concerns, Rogers’ chief executive officer Joe Natale said privacy and confidentiality are more important than ever.

“We take that very, very seriously at Rogers. We believe in protecting our customers’ privacy and confidentiality. We believe in doing everything in our power to make sure we maintain that,” he said. “We’ve got to be on the front line of that. We’ve got to be the organization that speaks up, stands up for the customer.”

Spokeswoman Michelle Kelly added: “We believe it is important that customers take the time to review any changes and adjust their settings to make sure they’re right for them.”

Oath spokesman Charles Stewart told The Globe in an e-mail on Thursday that the company’s privacy policy for all of its properties is meant to increase transparency and user control. He did not respond to requests for comment on Friday.