Amazon recorded an increase of close to 800 per cent in user data requests by governments in the last half 2020, according to its transparency report released Sunday. In total, the company processed 27,664 legal orders from government agencies around the world in the form of subpoenas, search warrants and court actions.
Most government demands came from European countries, with nine per cent coming from other countries, according to the report.
The department of Public Safety did not respond to Canada’s National Observer's request for comment on whether the government demanded users’ data from the online giant, however, cybersecurity experts see a flaw in Canada's privacy laws that goes beyond Amazon.
Under the Personal Information Protection and Electronic Documents Act (PIPEDA), companies are allowed to give government agencies people’s personal data without their consent. And law enforcement agencies aren’t required to notify people that they’ve collected this information.
“Law enforcement can fly under the radar when they collect our data because what they do is deemed in the public interest,” said cybersecurity expert Yuan Stevens. “This can affect our liberty and the fact that the police can be building a case against us.”
The proposed Bill C-11, which aims to replace the long-serving PIPEDA, won’t provide extra protection when it comes to consent and law enforcement, either.
“Transparency is fundamental,” said security and privacy adviser Claudiu Popa, “because we agreed to share it with Amazon, we didn’t agree to share it with every police department in the country.”
Popa and Stevens believe privacy laws should be amended so Canadians know when their data has been given to law enforcement.
Popa says the government should notify people since it otherwise wouldn’t have been able to get this information without the help of tech giants.
“Companies that are built on information have almost infinitely more information about individuals around the world than governments do,” Popa said. “They are collecting it on a daily basis. The reason that Amazon and Google are primarily targeted is because Amazon and Google have managed to get themselves installed in people’s bedrooms and to have microphones on all day long.”
The Amazon report shows the company mostly provided “non-content” information, including names, addresses, billing information and retail purchase histories.
“We agreed to share it with Amazon, we didn’t agree to share it with every police department in the country,” says security and privacy adviser @C1audiu. #cdnpoli #privacy #onlineprivacy
Only 52 requests were "content" information, such as customers’ photos and details from the Amazon Web Services cloud computing platform.
Popa and Stevens attribute the spike in requests during the pandemic to the fact that people are using their devices more often than in pre-pandemic times, which has also led to more cyber crime.
Yasmine Ghania / Local Journalism Initiative / Canada’s National Observer