As Saskatchewan proposes a social media ban for those under 16, the province’s privacy commissioner says the real focus lies elsewhere.
“A ban may serve as nothing other than a false sense of security to parents when the real focus should be with the social media sites that offer dangerous options to young people,” wrote Grace Hession David.
In the Office of the Saskatchewan Information and Privacy Commissioner’s (OIPC) Annual Report released this week, five key goals were outlined for the year, including prioritizing youth privacy.
“We know that children are going online earlier, and they are leaving bigger digital footprints,” Hession David wrote. “We have committed to educating parents on the risks of unsupervised online access to young children.”
This comes as the provincial government moves to ban social media for anyone under 16, something both Manitoba and Australia have recently implemented.
The report referenced recent statistics out of Australia, reporting that over 60 per cent of children are still using the sites because they have found ways around the ban.
Earlier in May, Saskatchewan Premier Scott Moe announced his government would be mailing out a questionnaire on youth social media limits.
“Like all parents and caregivers, we want our kids to be safe,” Moe said at the time.
The mail-out campaign consisted of a four-question survey, asking residents if they would support social media limits for youth. It also asked it any social media platforms should be exempt.
For those against social media limits for youth, the survey asked if they would support parental consent for kids under 16.
Both Moe and Lori Carr, minister of mental health and addictions, said the province’s eventual stance on the topic would be wholly shaped by the results of the survey, which must be returned by June 30.
In her report, the privacy commissioner referenced The Digital Safety Act, Bill C-34, which was introduced in the House of Commons on June 10. Section 27 and 28 of the Duty to Protect Children portion notes that social media operators must implement age-verification measures designed to prevent youth from being able to register with the service.
To ensure those measures are adequate, the Digital Safety Commission must be satisfied the measures are effective, do not involve the collection or use of personal information other than for age-verification purpose, provide for the destruction of information collected for age-verification once complete, and provide for the protection of personal information until that information is destroyed.
However, as the privacy commissioner noted, section 29 of the safety act’s Duty to Protect Children offers exemptions to section 27 and 28 “as long as the proposed Digital Safety Commission is satisfied that the operator of the social media service provides adequate safeguards for the protection of children.”
School division cyber breach
Adding to the importance of youth privacy, Hession David also referenced the PowerSchool Breach, an incident that led to a “disastrous” cyber breach as sensitive data of both children and adults were exfiltrated by cyber criminals.
During that incident, an international information management service provider (ISMP) over-collected on the sensitive data of students and teachers and provided service contracts that left out any references to privacy provisions and regulations.
“The local authority failed to conduct regular audits of the IMSP, and it also failed to ensure that all records of the local school were properly purged from the IMSP database once the contract was terminated,” the report read.
The privacy commissioner said Saskatchewan was the first province in Canada to report and educate on the breach.
In addition to prioritizing youth privacy, goals as part of the strategic plan included continued accessibility to the public, raising awareness around privacy breaches, educating on privacy concerns and artificial intelligence, and providing assistance to the victims of a cyber breach.
With files from Sierra D’Souza Butts and David Prisciak
